RA - (Registration Authority) - This performs certificate registration services on behalf of a Certificate Authority (CA).
RADIUS - (Remote Authentication Dial-In User Service) - A security service that authenticates and authorizes dial-up users and is a centralized access control mechanism.
RB-RBAC - (Rule-Based Role-Based Access Control) - Type of model that uses specific rules that indicate what can and cannot happen between a subject and an object. This access control model is built on top of traditional RBAC and is thus commonly called RB-RBAC to disambiguate the otherwise overloaded RBAC acronym.
RBAC - (Role-Based Access Control) - Type of model that provides access to resources based on the role the user holds within the company or the tasks that the user has been assigned.
read - An operation that results in the flow of information from an object to a subject and does not give the subject the ability to modify the object or the data within the object.
real user monitoring - An approach to web monitoring that aims to capture and analyze every transaction of every user of a website or application.
recovery planning - The advance planning and preparations that are necessary to minimize loss and to ensure the availability of the critical information systems of an organization after a disruption in service or a disaster.
recovery point objective - The acceptable amount of data loss measured in time.
recovery point objective - A measure of how much data the organization can lose before the organization is no longer viable.
recovery time objective - The maximum time period within which a business process must be restored to a designated service level after a disaster to avoid unacceptable consequences.
recovery time objective - The target time set for recovering from any interruption.
reference monitor concept - An access control concept that refers to an abstract machine that mediates all accesses to objects by subjects. The security kernel enforces the reference monitor concept.
registered ports - Ports 1024
registration authority - This performs certificate registration services on behalf of a Certificate Authority (CA).
reliability - The assurance of a given system, or individual component, performing its mission adequately for a specified period of time under the expected operating conditions.
remanence - Residual magnetism left behind.
Remote Authentication Dial-in User Service - A security service that authenticates and authorizes dial-up users and is a centralized access control mechanism.
remote journaling - A method of transmitting changes to data to an offsite facility. This takes place as parallel processing of transactions, meaning that changes to the data are saved locally and to an off-site facility. These activities take place in real time and provide redundancy and fault tolerance.
repudiation - When the sender of a message denies sending the message. The countermeasure to this is to implement digital signatures.
residual risk - The remaining risk after the security controls have been applied. The conceptual formulas that explain the difference between total and residual risk arethreats
resources - Assets of an organization that can be used effectively.
risk - The likelihood of a threat agent taking advantage of a vulnerability and the resulting business impact. A risk is the loss potential, or probability, that a threat will exploit a vulnerability.
risk acceptance - Determining that the potential benefits of a business function outweigh the possible risk impact/likelihood and performing that business function with no other action.
risk analysis - A method of identifying risks and assessing the possible damage that could be caused in order to justify security safeguards.
risk avoidance - Determining that the impact and/or likelihood of a specific risk is too great to be offset by the potential benefits and not performing a certain business function because of that determination.
risk management - The process of identifying, assessing, and reducing the risk to an acceptable level and implementing the right mechanisms to maintain that level of risk.
risk mitigation - Putting security controls in place to attenuate the possible impact and/or likelihood of a specific risk.
risk transferrance - Paying an external party to accept the financial impact of a given risk.
role-based access control - Type of model that provides access to resources based on the role the user holds within the company or the tasks that the user has been assigned.
RPO - (Recovery Point Objective) - The acceptable amount of data loss measured in time.
RPO - (Recovery Point Objective) - A measure of how much data the organization can lose before the organization is no longer viable.
RTO - (Recovery Time Objective) - The maximum time period within which a business process must be restored to a designated service level after a disaster to avoid unacceptable consequences.
RTO - (Recoery Time Objective) - The target time set for recovering from any interruption.
rule-based access control - Type of model that uses specific rules that indicate what can and cannot happen between a subject and an object. This access control model is built on top of traditional RBAC and is thus commonly called RB-RBAC to disambiguate the otherwise overloaded RBAC acronym.
RUM - (Real User Monitoring) - An approach to web monitoring that aims to capture and analyze every transaction of every user of a website or application.