Created By: Checotah Price, Teaching Assistant 

SSCP Glossary
1. 3DES - ​a symmetric encryption algorithm that uses either two (key 1 and key 3 are the
same) or three keys that improves upon the Data Encryption Standard algorithm.
2. AAA - ​referred to as the AAA of access control: authentication, authorization, and
accounting​.
3. Access Control List (ACL) - ​a list of subjects and assigned rights used in access
control.
4. Accreditation - ​Formal acceptance by management that a system or application has
been certified and may be placed into operation.
5. Administrative Controls - ​controls put in place to enforce policies and directives as
dictated by the organization.
6. Advanced Encryption Standard (AES) - ​A symmetric block algorithm selected by NIST
to be used as a standard by the U.S. Government.
7. AIC Security Triad (CIA Triad) -​ The three parts, Confidentiality, Integrity, and
Availability that form the basis for security objectives that are the essence of security for
all information systems.
8. Alert - ​A message triggered by an event. Alerts my take the form of email, text
messages, computer screen banners, flashing lights, and other methods of drawing
attention to an issue.
9. Algorithm -​ A mathematical function designed to alter data from a readable form
(plaintext) to a protected form (ciphertext).
10. Asymmetric Encryption - ​The process of using two keys, a public key and a private
key, to encrypt and decrypt messages.
11. Authentication - ​Method used to verify the identity claim of a user.
12. Authorization - ​The act of defining the network resources, applications, and data that
may be accessed by a user.
13. Availability - ​One of the central principles of the AIC triad. The goal of ensuring that
data and hardware are available when the user requires them.
14. Back Door - ​An accessible port or portal created by a programmer for easy access
when creating an application. Also may be a portal created by malware to allow the
attacker easy access into a system or application.
 
Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
cybersecurity industry. Enterprise-grade workforce development 
management, advanced training features and detailed skill gap and 
 
competency analytics. 
1 
 
 
 

Created By: Checotah Price, Teaching Assistant 

15. Bandwidth - ​The speed at which information may be transferred across media.
16. Bare-Metal Hypervisor -​ A hypervisor that is installed directly on the host machine. In
this case, it serves as an operating system interfacing the host machine components
such as CPU, RAM, and disk drives with the virtual machines. Also referred to a Type 1
hypervisor​.
17. Baseline - ​An established standard of activity. Normal or expected measurement of
activity against which other activity is measured.
18. Bastion Host - ​A server positioned between a trusted network that is hardened and
expected to be attacked.
19. Biometrics - ​Hardware or software used to measure human characteristics as part of an
authentication system.
20. Black Box Testing - ​Testing conducted with no knowledge of the code or operational
specifications or an application.
21. Botnet - ​A large group of infected PCs that may be controlled as a group for attack
purposes​.
22. Breach - ​An attack in which data is released to unauthorized people.
23. Buffer Overflow -​ Data that is larger than the area in which its placed can handle,
resulting in an error condition.
24. Bus Topology - ​A network topology design in which all nodes are connected to a single
central wire.
25. Business Continuity Plan (BCP) - ​A plan established by a policy that details actions to
be taken to maintain business operations after a disaster event.
26. Certificate Authority (CA) -​ A trusted entity that issues an X.509 certificate, which
includes the certificate owners public key. Through a trust structure, the certificate is
trusted as authentic as well as affirming or binding the key to the owner.
27. Certification -​ The successful conclusion after a system or application has been tested
against pre-established standards.
28. Chain of Custody - ​The process of methodically tracking and documenting the handling
of evidence from the moment it is collected to the moment it is returned to the owner.
29. Change control - ​A methodology and formalized structure of presenting, analyzing,
authorizing, and recording changes to systems and applications.
30. Ciphertext - ​An encrypted version of plaintext.
31. Clipping Level - ​An arbitrary level of activity on a network system or on a network
device that serves as a demarcation or threshold that once reached causes the
triggering of some action. The clipping level is established above a baseline of activity.
 
Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
cybersecurity industry. Enterprise-grade workforce development 
management, advanced training features and detailed skill gap and 
 
competency analytics. 
2 
 
 
 

Created By: Checotah Price, Teaching Assistant 

The clipping level serves to reduce the noise and to reduce the detection of false
positives or to reduce the number of log entries.
32. Cloud Computing -​ A computing model that offers on-demand virtualized services.
Cloud computing is a metered pay-per-use service model.
33. Cluster - ​A group of similar devices that share attributes. Clusters may be used for load
balancing or spreading tasks or storage information among various devices. Servers as
well as storage devices may be clustered.
34. Cold site - ​A physical alternate data processing location containing no equipment,
applications, or data. A cold site may have basic services such as HVAC and electricity.
35. Community Cloud - ​The cloud model in which similar entities or groups of users access
a semi-private cloud environment that has been established for their particular purpose.
36. Compensating Controls - ​Controls that make up for the weakness in another control.
The control that is available if the primary control fails.
37. Compliance - ​Accordance with the rules, regulations, or edicts of a body such as a
federal or state organization or as required by a contractual relationship.
38. Confidentiality - ​One of the central principles of the AIC triad; represents a core goal of
the security professional to ensure, possibly through encryption, that sensitive
information is protected from exposure.
39. Control - ​Any action, method, or device that reduces the likelihood of a threat exploiting
a vulnerability. A control may mitigate a threat or a vulnerability.
40. Corrective Controls - ​Controls put in place to immediately halt an activity from
continuing.
41. Countermeasure -​ Any action, method, or device that reduces the likelihood of a threat
exploiting a vulnerability. A countermeasure may mitigate a specifically identified threat
or a certain vulnerability. A countermeasure is usually a type of control put in place as
the result of a risk analysis.
42. Covert Channel - ​A communication channel hidden from normal monitoring practices.
43. Cryptanalysis -​ The exercising of techniques and methodology used to defeat an
encryption algorithm, break a password, or decrypt a message.
44. CSMA - ​Carrier sense multiple access. Carrier sense means that a device can listen to
all communications when connected to the network wire. Multiple access means that any
member of the network can communicate at any time.
45. CSMA/CA - ​Carrier sense multiple access with collision avoidance. With collision
avoidance the node wishing to transmit broadcasts a jamming tone announcing that it
will be transmitting. This prevents other nodes from transmitting at the same time.
 
Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
cybersecurity industry. Enterprise-grade workforce development 
management, advanced training features and detailed skill gap and 
 
competency analytics. 
3 
 
 
 

Created By: Checotah Price, Teaching Assistant 

46. CSMA/CD - ​Carrier sense multiple access with collision detection. A media control
method that features transmission collision detection when two nodes transmit at exactly
the same time. In the event of a communication collision, both nodes set an arbitrary
timer, and the first timer to expire transmits first.
47. Data at Rest - ​Any data in a storage location and not moving between locations or being
processed by an application.
48. Data Disclosure - ​A breach or release of data due to an attack in which sensitive data is
disclosed to unauthorized persons.
49. Data in Transit - ​Any data in movement on a network or telecommunications system.
50. Data Leak Prevention - ​Hardware and software technologies that identify data at rest or
in transit through sophisticated search mechanisms. For instance, DLP can be set to
watch for ZIP codes, phone numbers, Social Security numbers, and patient record
numbers and terminate the communication if such information is being exfiltrated.

All Material is obtained through UCertify Course Material and Wikipedia unless otherwise Stated
 
Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
cybersecurity industry. Enterprise-grade workforce development 
management, advanced training features and detailed skill gap and 
 
competency analytics. 
4