Term |
Definition |
Acceptable
risk
|
A suitable level of risk commensurate with the potential
benefits of the organization’s operations as determined by senior management.
|
Access control system
| Means to ensure that access to assets
is authorized and restricted based on business and security requirements
related to logical and physical systems.
|
Access control tokens
| The system decides if access is to be
granted or denied based upon the validity of the token for the point where it
is read based on time, date, day, holiday, or other condition used for
controlling validation.
|
Accountability
|
Accountability
ensures that account management has assurance that only authorized users are
accessing the system and using it properly.
|
ActiveX Data Objects (ADO)
| A Microsoft high-level interface for
all kinds of data.
|
Address Resolution Protocol (ARP)
| Is used at the Media Access Control
(MAC) Layer to provide for direct communication between two devices within
the same LAN segment.
|
Algorithm
| A mathematical function that is used
in the encryption and decryption processes.
|
Asset
| An item perceived as having value.
|
Asset lifecycle
| The phases that an asset goes through
from creation (collection) to destruction.
|
Asymmetric
| Not identical on both sides. In
cryptography, key pairs are used, one to encrypt, the other to decrypt.
|
Attack surface
| Different security testing methods
find different vulnerability types.
|
Attribute- based access control (ABAC)
| This is an access control paradigm
whereby access rights are granted to users with policies that combine
attributes together.
|
Audit/auditing
|
The tools, processes, and activities used to perform
compliance reviews.
|
Authorization
| The process of defining the specific resources
a user needs and determining the type of access to those resources the user
may have.
|
Availability
|
Ensuring
timely and reliable access to and use of information by authorized users.
|
Baselines
| A minimum level of security.
|
Bit
| Most essential representation of data
(zero or one) at Layer 1 of the Open Systems Interconnection (OSI) model.
|
Black-box testing
|
Testing where no internal details of
the system implementation are used.
|
Bluetooth (Wireless Personal Area
Network IEEE 802.15)
|
Bluetooth wireless technology is an
open standard for short-range radio frequency communication used primarily to
establish wireless personal area networks (WPANs), and it has been integrated
into many types of business and consumer devices.
|
Bridges
|
Layer 2 devices that filter traffic
between segments based on Media Access Control (MAC) addresses.
|
Business continuity (BC)
|
Actions, processes, and tools for ensuring an organization can
continue critical operations during a contingency.
|
Business continuity and disaster recovery (BCDR)
|
A term used to jointly describe business continuity and
disaster recovery efforts.
|
Business impact analysis (BIA)
|
A list of the organization’s assets, annotated to reflect the criticality
of each asset to the organization.
|
Capability Maturity Model for Software
or Software Capability Maturity Model (CMM or SW-CMM)
| Maturity model focused on quality
management processes and has five maturity levels that contain several key practices
within each maturity level.
|
Cellular Network
| A radio network distributed over land
areas called cells, each served by at least one fixed-location transceiver,
known as a cell site or base station.
|
Certificate authority (CA)
| An entity trusted by one or more users
as an authority that issues, revokes, and manages digital certificates to
bind individuals and entities to their public keys.
|
Change management
| A formal, methodical, comprehensive
process for requesting, reviewing, and approving changes to the baseline of
the IT environment.
|
CIA/AIC Triad
| Security model with the three security
concepts of confidentiality, integrity, and availability make up the CIA
Triad. It is also sometimes referred to as the AIC Triad.
|
Ciphertext
| The altered form of a plaintext
message, so as to be unreadable for anyone except the intended recipients.
Something that has been turned into a secret.
|
Classification
| Arrangement of assets into categories.
|
Clearing
| The removal of sensitive data from
storage devices in such a way that there is assurance that the data may not
be reconstructed using normal system functions or software recovery
utilities.
|
Code-division multiple access (CDMA)
| Every call’s data is encoded with a unique
key, then the calls are all transmitted at once.
|
Common Object Request Broker
Architecture (CORBA)
| A set of standards that addresses the
need for interoperability between hardware and software products.
|
Compliance
|
Adherence to a mandate; both the actions demonstrating
adherence and the tools, processes, and documentation that are used in
adherence.
|
Computer virus
| A program written with functions and
intent to copy and disperse itself without the knowledge and cooperation of
the owner or user of the computer.
|
Concentrators
| Multiplex connected devices into one
signal to be transmitted on a network.
|
Condition coverage
| This criterion requires sufficient
test cases for each condition in a program decision to take on all possible outcomes
at least once. It differs from branch coverage only when multiple conditions
must be evaluated to reach a decision.
|
Confidentiality
|
Preserving
authorized restrictions on information access and disclosure, including means
for protecting personal privacy and proprietary information.
|
Configuration management (CM)
|
A
formal, methodical, comprehensive process for establishing a baseline of the
IT environment (and each of the assets within that environment).
|
Confusion
| Provided by mixing (changing) the key
values used during the repeated rounds of encryption. When the key is
modified for each round, it provides added complexity that the attacker would
encounter.
|
Content Distribution Network (CDN)
|
Is a large distributed system of servers
deployed in multiple data centers across the internet.
|
Covert channel
| An information flow that is not
controlled by a security control and has the opportunity of disclosing
confidential information.
|
Covert security testing
|
Performed to simulate the threats that
are associated with external adversaries. While the security staff has no
knowledge of the covert test, the organization management is fully aware and
consents to the test.
|
Crossover Error Rate (CER)
|
This is achieved when the type I and
type II are equal.
|
Cryptanalysis
| The study of techniques for attempting
to defeat cryptographic techniques and, more generally, information security
services provided through cryptography.
|
Cryptography
| Secret writing. Today provides the ability
to achieve confidentiality, integrity, authenticity, non-repudiation, and
access control.
|
Cryptology
| The science that deals with hidden,
disguised, or encrypted information and communications.
|
Curie Temperature
|
The critical point where a material’s
intrinsic magnetic alignment changes direction.
|
Custodian
| Responsible for protecting an asset
that has value, while in the custodian’s possession.
|
Data classification
| Entails analyzing the data that the
organization retains, determining its importance and value, and then
assigning it to a category.
|
Data
custodian
|
The person/role within the organization
owner/controller.
|
Data flow coverage
|
This criteria requires sufficient test cases for
each feasible data flow to be executed at least once.
|
Data mining
| A decision-making technique that is
based on a series of analytical techniques taken from the fields of mathematics,
statistics, cybernetics, and genetics.
|
Data owner/ controller
|
An
entity that collects or creates PII.
|
Data subject
|
The individual human related to a set
of personal data.
|
Database Management System (DBMS)
| A suite of application programs that
typically manages large, structured sets of persistent data.
|
Database model
| Describes the relationship between the
data elements and provides a framework for organizing the data.
|
Decision (branch) coverage
| Considered to be a minimum level of
coverage for most software products, but decision coverage alone is
insufficient for high-integrity applications.
|
Decryption
| The reverse process from encryption.
It is the process of converting a ciphertext message back into plaintext
through the use of the cryptographic algorithm and the appropriate key that
was used to do the original encryption.
|
Defensible destruction
| Eliminating data using a controlled,
legally defensible, and regulatory compliant way.
|
DevOps
| An approach based on lean and agile principles
in which business owners and the development, operations, and quality
assurance departments collaborate.
|
Diffusion
| Provided by mixing up the location of
the plaintext throughout the ciphertext. The strongest algorithms exhibit a
high degree of confusion and diffusion.
|
Digital certificate
| An electronic document that contains
the name of an organization or individual, the business address, the digital
signature of the certificate authority issuing the certificate, the certificate
holder’s public key, a serial number, and the expiration date. Used to bind
individuals and entities to their public keys. Issued by a trusted third
party referred to as a Certificate Authority (CA).
|
Digital rights management (DRM)
| A broad range of technologies that
grant control and protection to content providers over their own digital
media. May use cryptography techniques.
|
Digital signatures
| Provide authentication of a sender and
integrity of a sender’s message and non-repudiation services.
|
Disaster recovery (DR)
|
Those tasks and activities required to
bring an organization back from contingency operations and reinstate regular
operations.
|
Discretionary access control (DAC)
| The system owner decides who gets access.
|
Due care
|
A legal concept pertaining to the duty
owed by a provider to a customer.
|
Due diligence
|
Actions taken by a vendor to
demonstrate/ provide due care.
|
Dynamic or Private Ports
| Ports 49152 – 65535. Whenever a
service is requested that is associated with Well- Known or Registered Ports
those services will respond with a dynamic port.
|
Dynamic testing
| When the system under test is executed
and its behavior is observed.
|
Encoding
| The action of changing a message into
another format through the use of a code.
|
Encryption
| The process of converting the message
from its plaintext to ciphertext.
|
False Acceptance Rate (Type II)
| This is erroneous recognition either
by confusing one user with another, or by accepting an imposter as a legitimate
user.
|
False Rejection Rate (Type I)
| This is failure to recognize a
legitimate user.
|
Fibre Channel over Ethernet (FCoE)
| A lightweight encapsulation protocol,
and it lacks the reliable data transport of the TCP layer.
|
Firewalls
| Devices that enforce administrative
security policies by filtering incoming traffic based on a set of rules.
|
Frame
| Data represented at Layer 2 of the
Open Systems Interconnection (OSI) model.
|
Global System for Mobiles (GSM)
| Each call is transformed into digital
data that is given a channel and a time slot.
|
Governance
|
The process of how an organization is
managed; usually includes all aspects of how decisions are made for that
organization, such as policies, roles, and procedures the organization uses
to make those decisions.
|
Governance committee
|
A formal body of personnel who
determine how decisions will be made within the organization and the entity
that can approve changes and exceptions to current relevant governance.
|
Guidelines
|
Suggested practices and expectations
of activity to best accomplish tasks and attain goals.
|
Hash function
| Accepts an input message of any length
and generates, through a one-way operation, a fixed-length output called a
message digest or hash.
|
Honeypots/ honeynets
| Machines that exist on the network,
but do not contain sensitive or valuable
data, and are meant to distract and occupy maliciousor unauthorized intruders, as a means
ofdelaying their attempts to accessproduction data/assets. A number ofmachines of this kind, linked together as anetwork or subnet, are referred to as a “honeynet.”
|
Identity as a service (IDaaS)
| Cloud-based services that broker
identity and access management (IAM) functions to target systems on customers’
premises and/or in the cloud.
|
Identity proofing
| The process of collecting and
verifying information about a person for the purpose of proving that a person
who has requested an account, a credential, or other special privilege is
indeed who he or she claims to be and establishing a reliable relationship
that can be trusted electronically between the individual and said credential
for purposes of electronic authentication.
|
Initialization vector (IV)
|
A non-secret binary vector used as the
initializing input algorithm, or a random starting point, for the encryption
of a plaintext block sequence to increase security by introducing additional
cryptographic variance and to synchronize cryptographic equipment.
|
Integrated Process and Product
Development (IPPD)
| A management technique that
simultaneously integrates all essential acquisition activities through the
use of multidisciplinary teams to optimize the design, manufacturing, and
supportability processes.
|
Integrity
|
Guarding
against improper information modification or destruction and includes
ensuring information non-repudiation and authenticity.
|
Intellectual property
|
Intangible assets (notably includes
software and data).
|
Internet Control Message Protocol (ICMP)
| Provides a means to send error
messages and a way to probe the network to determine network availability.
|
Internet Group Management Protocol
(IGMP)
| Used to manage multicasting groups
that are a set of hosts anywhere on a network that are listening for a
transmission.
|
Internet Protocol (IPv4)
| Is the dominant protocol that operates
at the Open Systems Interconnection (OSI) Network Layer 3. IP is responsible
for addressing packets so that they can be transmitted from the source to the
destination hosts.
|
Internet Protocol (IPv6)
| Is a modernization of IPv4 that
includes a much larger address field: IPv6 addresses are 128 bits that
support 2128 hosts.
|
Intrusion detection system (IDS)
| A solution that monitors the
environment and automatically recognizes malicious attempts to gain
unauthorized access.
|
Intrusion prevention system (IPS)
| A solution that monitors the
environment and automatically takes action when it recognizes malicious
attempts to gain unauthorized access.
|
Inventory
| Complete list of items.
|
Job rotation
| The practice of having personnel
become familiar with multiple positions within the organization as a means to
reduce single points of failure and to better detect insider threats.
|
Key Clustering
| When different encryption keys
generate the same ciphertext from the same plaintext message.
|
Key Length
| The size of a key, usually measured in
bits, that a cryptographic algorithm uses in ciphering or deciphering
protected information.
|
Key or Cryptovariable
|
The input that controls the operation
of the cryptographic algorithm. It determines the behavior of the algorithm
and permits the reliable encryption and decryption of the message.
|
Knowledge Discovery in Databases (KDD)
| A mathematical, statistical, and
visualization method of identifying valid and useful patterns in data.
|
Least privilege
| The practice of only granting a user
the minimal permissions necessary to perform their explicit job function.
|
Lifecycle
| Phases that an asset goes through from
creation to destruction.
|
Log
| A record of actions and events that
have taken place on a computer system.
|
Logical access control system
|
Non-physical system that allows access
based upon pre-determined policies.
|
Loop coverage
| This criterion requires sufficient
test cases for all program loops to be executed for zero, one, two, and many
iterations covering initialization, typical running, and termination
(boundary) conditions.
|
Mandatory access controls (MAC)
| Access control that requires the
system itself to manage access controls in accordance with the organization’s
security policies.
|
Maximum allowable downtime (MAD)
|
The measure of how long an
organization can survive an interruption of critical functions. Also known as maximum tolerable
downtime (MTD).
|
Media
| Any object that contains data.
|
Message authentication code (MAC)
|
A small block of data that is
generated using a secret key and then appended to the message, used to
address integrity.
|
Message digest
| A small representation of a larger
message. Message digests are used to ensure the authentication and integrity
of information, not the confidentiality.
|
Metadata
| Information about the data.
|
Misuse case
| A use case from the point of view of
an actor hostile to the system under design.
|
Multi-condition coverage
| These criteria require sufficient test
cases to exercise all possible combinations of conditions in a program
decision.
|
Multi-factor authentication
| Ensures that a user is who he or she
claims to be. The more factors used to determine a person’s identity, the
greater the trust of authenticity.
|
Multiprotocol Label Switching (MPLS)
| Is a wide area networking protocol
that operates at both Layer 2 and 3 and does label switching.
|
Need-to-know
|
Primarily associated with
organizations that assign clearance levels to all users and classification
levels to all assets; restricts users with the same clearance level from
sharing information unless they are working on the same effort. Entails
compartmentalization.
|
Negative testing
| This ensures the application can
gracefully handle invalid input or unexpected user behavior.
|
Network Function Virtualization (NFV)
| The objective of NFV is to decouple
functions such as firewall management, intrusion detection, network address
translation, or name service resolution away from specific hardware
implementation into software solutions.
|
Non-repudiation
| Inability to deny. In cryptography, a
service that ensures the sender cannot deny a message was sent and the
integrity of the message is intact, and the receiver cannot claim receiving a
different message.
|
Null cipher
| Hiding plaintext within other plaintext. A
form of steganography.
|
Open Authorization (OAuth)
| The OAuth 2.0 authorization framework
enables a third-party application to obtain limited access to an HTTP service,
either on behalf of a resource owner by orchestrating an approval interaction
between the resource owner and the HTTP service, or by allowing the
third-party application to obtain access on its own behalf.
|
Open Shortest Path First (OSPF)
| An interior gateway routing protocol
developed for IP networks based on the shortest path first or link-state
algorithm.
|
OSI Layer 1
| Physical layer.
|
OSI Layer 2
| Data-link layer.
|
OSI Layer 3
| Network layer.
|
OSI Layer 4
| Transport layer.
|
OSI Layer 5
| Session layer.
|
OSI Layer 6
| Presentation layer.
|
OSI Layer 7
| Application layer.
|
Overt security testing
| Overt testing can be used with both
internal and external testing. When used from an internal perspective, the
bad actor simulated is an employee of the organization. The organization’s IT
staff is made aware of the testing and can assist the assessor in limiting
the impact of the test by providing specific guidelines for the test scope
and parameters.
|
Ownership
| Possessing something, usually of
value.
|
Packet
| Representation of data at Layer 3 of
the Open Systems Interconnection (OSI) model.
|
Packet Loss
| A technique called Packet Loss
Concealment (PLC) is used in VoIP communications to mask the effect of
dropped packets.
|
Parity bits
| RAID technique; logical mechanism used
to mark striped data; allows recovery of missing drive(s) by pulling data
from adjacent drives.
|
Patch
| An update/fix for an IT asset.
|
Path coverage
|
This criteria require sufficient test cases for
each feasible path, basis path, etc., from start to exit of a defined program
segment, to be executed at least once.
|
Personally identifiable information (PII)
| Any data about a human being that
could be used to identify that person.
|
Physical access control system
| An automated system that manages the
passage of people or assets through an opening(s) in a secure perimeter(s)
based on a set of authorization rules.
|
Ping of Death
| Exceeds maximum packet size and causes
receiving system to fail.
|
Ping Scanning
| Network mapping technique to detect if
host replies to a ping, then the attacker knows that a host exists at that
address.
|
Plaintext
| The message in its natural format has
not been turned into a secret.
|
Point-to-Point Protocol (PPP)
| Provides a standard method for
transporting multiprotocol datagrams over point-to-point links.
|
Policy
| Documents published and promulgated by
senior management dictating and describing the organization’s strategic
goals.
|
Port Address Translation (PAT)
| An extension to NAT to translate all
addresses to one routable IP address and translate the source port number in
the packet to a unique value.
|
Positive testing
| This determines that your application
works as expected.
|
Privacy
| The right of a human individual to
control the distribution of information about him- or herself.
|
Procedures
| Explicit, repeatable activities to accomplish
a specific task. Procedures can address one-time or infrequent actions or
common, regular occurrences.
|
Purging
| The removal of sensitive data from a
system or storage device with the intent that the data cannot be reconstructed
by any known technique.
|
Qualitative
| Measuring something without using
numbers, using adjectives, scales, and grades, etc.
|
Quantitative
| Using numbers to measure something,
usually monetary values.
|
Real user monitoring (RUM)
| An approach to web monitoring that
aims to capture and analyze every transaction of every user of a website or
application.
|
Recovery point objective (RPO)
| A measure of how much data the
organization can lose before the organization is no longer viable.
|
Recovery time objective (RTO)
| The target time set for recovering
from any interruption.
|
Registered Ports
| Ports 1024 – 49151. These ports
typically accompany non-system applications associated with vendors and
developers.
|
Registration authority (RA)
| This performs certificate registration
services on behalf of a Certificate Authority (CA).
|
Remanence
| Residual magnetism left behind.
|
Residual risk
| The risk remaining after security
controls have been put in place as a means of risk mitigation.
|
Resources
| Assets of an organization that can be
used effectively.
|
Responsibility
| Obligation for doing something. Can be
delegated.
|
Risk
| The possibility of damage or harm and
the likelihood that damage or harm will be realized.
|
Risk acceptance
| Determining that the potential
benefits of a business function outweigh the possible risk impact/likelihood
and performing that business function with no other action.
|
Risk avoidance
| Determining that the impact and/or
likelihood of a specific risk is too great to be offset by the potential
benefits and not performing a certain business function because of that
determination.
|
Risk mitigation
| Putting security controls in place to
attenuate the possible impact and/or likelihood of a specific risk.
|
Risk transference
| Paying an external party to accept the
financial impact of a given risk.
|
Role-based access control (RBAC)
| An access control model that bases the
access control authorizations on the roles (or functions) that the user is
assigned within an organization.
|
Rule-based access control (RBAC)
| An access control model that is based
on a list of predefined rules that determine what accesses should be granted.
|
Sandbox
| An isolated test environment that
simulates the production environment but will not affect production
components/data.
|
Security Assertion Markup Language 2.0 (SAML 2.0)
| A version of the SAML standard for
exchanging authentication and authorization data between security domains.
|
Security control framework
| A notional construct outlining the
organization’s approach to security, including a list of specific security
processes, procedures, and solutions used by the organization.
|
Security governance
| The entirety of the policies, roles,
and processes the organization uses to make security decisions in an
organization.
|
Segment
| Data representation at Layer 4 of the
Open Systems Interconnection (OSI) model.
|
Separation of duties
| The practice of ensuring that no
organizational process can be completed by a single person; forces collusion
as a means to reduce insider threats.
|
Session Initiation Protocol (SIP)
| Is designed to manage multimedia
connections.
|
Single factor authentication
| Involves the use of simply one of the
three available factors solely to carry out the authentication process being
requested.
|
Smurf
| ICMP Echo Request sent to the network
broadcast address of a spoofed victim causing all nodes to respond to the
victim with an Echo Reply.
|
Software assurance
| The level of confidence that software
is free from vulnerabilities either intentionally designed into the software
or accidentally inserted at any time during its lifecycle and that it
functions in the intended manner.
|
Software- defined networks (SDNs)
| Separates network systems into three components:
raw data, how the data is sent, and what purpose the data serves. This
involves a focus on data, control, and application (management) functions or
“planes”.
|
Software Defined Wide Area Network
(SD-WAN)
| Is an extension of the SDN practices
to connect to entities spread across the internet to support WAN architecture
especially related to cloud migration.
|
Standards
| Specific mandates explicitly stating
expectations of performance or conformance.
|
Statement coverage
| This criterion requires sufficient
test cases for each program statement to be executed at least once; however,
its achievement is insufficient to provide confidence in a software product’s
behavior.
|
Static source code analysis (SAST)
| Analysis of the application source
code for finding vulnerabilities without executing the application.
|
Steganography
| Hiding something within something
else, or data hidden within other data.
|
Stream cipher
| When a cryptosystem performs its
encryption on a bit-by-bit basis.
|
Striping
| RAID technique; writing a data set
across multiple drives.
|
Substitution
| The process of exchanging one letter
or bit for another.
|
Switches
| Operate at Layer 2. A switch
establishes a collision domain per port.
|
Symmetric algorithm
| Operate with a single cryptographic
key that is used for both encryption and decryption of the message.
|
Synthetic performance monitoring
| Involves having external agents run
scripted transactions against a web application.
|
Teardrop Attack
| Exploits the reassembly of fragmented
IP packets in the fragment offset field that indicates the starting position,
or offset, of the data contained in a fragmented packet relative to the data
of the original unfragmented packet.
|
Threat modeling
| A process by which developers can
understand security threats to a system, determine risks from those threats,
and establish appropriate mitigations.
|
Time multiplexing
| Allows the operating system to provide well- defined and structured access to processes that need to use resources according to a controlled and tightly managed schedule.
|
Time of check time of use (TOCTOU) Attacks
| Takes advantage of the dependency on
the timing of events that takes place in a multitasking operating system.
|
Transmission Control Protocol (TCP)
| Provides connection-oriented data
management and reliable data transfer.
|
Transport Control Protocol/ Internet
Protocol (TCP/ IP) Model
| Layering model structured into four
layers (network interface layer, internet layer, transport layer,
host-to-host transport layer, application layer).
|
Transposition
| The process of reordering the plaintext to hide the message by using the same letters or bits.
|
Trusted computing base (TCB)
| The collection of all of the hardware,
software, and firmware within a computer system that contains all elements of
the system responsible for supporting the security policy and the isolation
of objects.
|
Trusted Platform Module (TPM)
| A secure crypto processor and storage
module.
|
Uninterruptible power supplies (UPS)
| Batteries that provide temporary,
immediate power during times when utility service is interrupted.
|
Use cases
| Abstract episodes of interaction
between a system and its environment.
|
User Datagram Protocol (UDP)
| The User Datagram Protocol provides
connectionless data transfer without error detection and correction.
|
Virtual Local Area Networks (VLANs)
| Allow network administrators to use
switches to create software-based LAN segments that can be defined based on
factors other than physical location.
|
Voice over Internet Protocol (VoIP)
| Is a technology that allows you to
make voice calls using a broadband internet connection instead of a regular
(or analog) phone line.
|
Waterfall Development Methodology
| A development model in which each
phase contains a list of activities that must be performed and documented
before the next phase begins.
|
Well-Known Ports
| Ports 0–1023 ports are related to the common
protocols that are utilized in the underlying management of Transport Control
Protocol/Internet Protocol (TCP/IP) system, Domain Name Service (DNS), Simple
Mail Transfer Protocol (SMTP), etc.
|
White-box testing
| A design that allows one to peek inside
the “box” and focuses specifically on using internal knowledge of the
software to guide the selection of test data.
|
Whitelisting/ blacklisting
| A whitelist is a list of email
addresses and/or internet addresses that someone knows as “good” senders. A
blacklist is a corresponding list of known “bad” senders.
|
Wi-Fi (Wireless LAN IEEE 802.11x)
| Primarily associated with computer
networking, Wi-Fi uses the IEEE 802.11x specification to create a wireless
local-area network either public or private.
|
WiMAX (Broadband Wireless Access IEEE 802.16)
| One well-known example of wireless
broadband is WiMAX. WiMAX can potentially deliver data rates of more than 30
megabits per second.
|
Work factor
| This represents the time and effort
required to break a cryptography system.
|