DAC - (Discretionary Access Control) - An access control model and policy that restricts access to objects based on the identity of the subjects and the groups to which those subjects belong. The data owner has the discretion of allowing or denying others access to the resources it owns.
data at rest - Data that resides in external or auxiliary storage devices such as hard disk drives, solid-state drives, or DVDs.
data classification - Assignments to data that indicate the level of availability, integrity, and confidentiality that is required for each type of information.
data custodian - An individual who is responsible for the maintenance and protection of the data. This role is usually filled by the IT department (usually the network administrator). The duties include performing regular backups of the data, periodically validating the integrity ,of ,the data, periodically validating the integrity of the data, restoring data from backup media, and fulfilling the requirements specified in the company\'s security policy, standards, and guidelines that pertain to information security and data protection.
Data Encryption Standard - Symmetric key encryption algorithm that was adopted by the government as a federal standard for protecting sensitive unclassified information. DES was later replaced with Advanced Encryption Standard (AES).
data flow coverage - This criteria requires sufficient test cases for feasible data flow to be executed at least once.
data in motion -
data in transit -
data in use - Data that temporarily resides in primary storage such as registers, caches, or RAM while the CPU is using it.
data loss prevention - The actions that organizations take to prevent unauthorized external parties from gaining access to sensitive data.
data mining - The analysis of the data held in data warehouses in order to produce new and useful information.
data owner - An entity that collects or creates PII.
data remanence - A measure of the magnetic flux density remaining after removal of the applied magnetic force, which is used to erase data. Refers to any data remaining on magnetic storage media.
data subject - The individual human related to a set of personal data.
data warehousing - The process of combining data from multiple databases or data sources into a large data store for the purpose of providing more extensive information retrieval and data analysis.
database managements system - A suite of application programs that typically manages large, structured sets of persistent data.=DBMS(DataBase Management System) - A suite of application programs that typically manages large, structured sets of persistent data.
database shadowing - A mirroring technology used in databases, in which information is written to at least two hard drives for the purpose of redundancy.
decision coverage - Considered to be a minimum level of coverage for most software products, but decision coverage alone is insufficient for high-itegrity applications.
declassification - An administrative decision or procedure to remove or reduce the security classification information.
decryption - The reverse process from encryption. It is the process of converting a ciphertext message back into plaintext through the use of the cryptographic algorithm and the appropriate key that was used to do the original encryption.
dedicated security mode - The mode in which a system operates if all users have the clearance or authorization to access, and the need to know about, all data processed within the system. All users have been given formal access approval for all information on the system and have signed nondisclosure agreements pertaining to this information.
defensible destruction - Eliminating data using a controlled, legally defensible, and regulatory compliant way.
degauss - Process that demagnetizes magnetic media so that a very low residue of magnetic induction is left on the media. Used to effectively erase data from media.
Delphi technique - A group decision method used to ensure that each member of a group gives an honest and anonymous opinion pertaining to the company\'s risks.
denial of service - Any action, or series of actions, that prevents a system, or its resources, from functioning in accordance with its intended purpose.
DES - (Data Encryption Standard) - Symmetric key encryption algorithm that was adopted by the government as a federal standard for protecting sensitive unclassified information. DES was later replaced with Advanced Encryption Standard (AES).
DevOps - The practice of incorporating developers and members of operations and quality assurance (QA) staff into software development projects to align their incentives and enable frequent, efficient, and reliable releases of software products.
dial-up - The service whereby a computer terminal can use telephone lines, usually via a modem, to initiate and continue communication with another computer system.
dictionary attack - A form of attack in which an attacker uses a large set of likely combinations to guess a secret, usually a password.
diffusion - Provided by mixing up the location of the plaintext throughout the ciphertext. The strongest algorithms exhibit a high degree of confusion and diffusion.
digital certificate - An electronic document that contains the name of an organization or individual, the business address, the digital signature of the certificate authority issuing the certificate, the certificate holder
digital rights management - A broad range of technologies that grant control and protection to content providers over their own digital media. May use cryptography techniques.
digital signature - An electronic signature based upon cryptographic methods of originator authentication, computed by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified.
digital signatures - Provide authentication of a sender and integrity of a sender
disaster recovery plan - A plan developed to help a company recover from a disaster. It provides procedures for emergency response, extended backup operations, and post-disaster recovery when an organization suffers a loss of computer processing capability or resources and physical facilities.
discretionary access control - An access control model and policy that restricts access to objects based on the identity of the subjects and the groups to which those subjects belong. The data owner has the discretion of allowing or denying others access to the resources it owns.
Distributed Network Protocol 3 - A communications protocol designed for use in SCADA systems, particularly those within the power sector, that does not include routing functionality.
DLP - (Data Loss Prevention) - The actions that organizations take to prevent unauthorized external parties from gaining access to sensitive data.
DNP3 - (Distributed Network Protocol 3) - A communications protocol designed for use in SCADA systems, particularly those within the power sector, that does not include routing functionality.
domain - The set of objects that a subject is allowed to access. Within this domain, all subjects and objects share a common security policy, procedures, and rules, and they are managed by the same management system.
DoS - (Denial of Service) - Any action, or series of actions, that prevents a system, or its resources, from functioning in accordance with its intended purpose.
DR - (Disaster Recovery) - Those tasks and activities required to bring an organization back from contingency operations and reinstate regular operations.
DRM - (Digital Rights Management) - A broad range of technologies that grant control and protection to content providers over their own digital media. May use cryptography techniques.
due care - Steps taken to show that a company has taken responsibility for the activities that occur within the corporation and has taken the necessary steps to help protect the company, its resources, and employees.
due diligence - The process of systematically evaluating information to identify vulnerabilities, threats, and issues relating to an organization\'s overall risk.
duress - The use of threats or violence against someone in order to force them to do something they don\'t want to do.
dynamic ports - Ports 49152
dynamic testing - When the system under test is executed and its behavior is observed.