recovery controls, 4, 461, 706 recovery strategy, 545 alternative processing sites in, 547–550 business unit priorities in, 545–546 crisis management in, 546 database recovery, 551–552 emergency communications in, 546 Mutual Assistance Agreements in, 550–551 recovery vs. restoration, 558–559 workgroup recovery in, 546–547 recovery time objective RTO, 706 Red Book, 427 red boxes, 138 reducing risk, 195, 706 redundancy for failover servers, 543 knowledge, 177 Redundant Array of Independent Disks RAID, 110–111 redundant servers, 109 reference monitors, 245 defined, 706 in TCB, 417–418 reference profiles, 706 referential integrity, 218, 706 refreshing RAM, 384 regenerated keys asymmetric, 315 symmetric, 313 register addressing, 385, 706 registered trademarks, 581–582 registers, 384, 706 registration authorities RAs, 348, 706 registration with biometric devices, 16–17 regulatory policies, 183, 706 regulatory requirements, 514–515 reject risk, 195, 706 relational database management systems RDBMSs, 216 relational databases, 217–219, 706 relationships, 217, 266, 706 release control, 243 relevant evidence, 591, 707 remote access, 102–103 Remote Authentication Dial-In User Service RADIUS, 27–28, 106, 707 remote backup locations, 551–552 remote control technique, 107 remote journaling, 552, 707 remote mirroring, 552, 707 remote node operation, 107 Remote Procedure Call RPC, 76 repeatable phase in Capability Maturity Model, 239 repeaters, 83, 100 defined, 707 in Physical layer, 74 replay attacks, 57, 141, 360, 707 reporting in auditing, 481–482 incidents, 615–616 request control, 242 residual risk, 195, 707 resources in business continuity planning prioritizing, 519 requirements, 513–514 response teams for incidents, 612 restoration vs. recovery, 558–559 restricted interface model, 403, 707 retention in incidents, 615 retina scans, 14, 707 Reverse Address Resolution Protocol RARP, 74–75, 92, 707 reverse engineering, 707 reverse hash matching, 360, 707 review questions access control, 36–41 administrative management, 470–475 applied cryptography, 363–368 attacks, 62–67, 284–290 auditing, 502–507 Business Continuity Planning BCP, 528–533 communications security, 146–151 computer crime, 621–626 computer design, 408–413 cryptography, 328–333 Disaster Recovery Planning DRP, 564–569 employment policies and practices, 202–207 laws, 598–603 monitoring, 502–507 networks, 114–119 physical security, 652–657 security management, 168–173 security models, 443–448 system development controls, 250–255 revocation for certificates, 349–350, 707 RF radio frequency radiation, 490, 639–640 RFC 1918, 707 RFI radio frequency interference, 642, 705 rights in access control, 30–32, 33 Rijndael cipher, 320–321, 708 ring topology, 87, 88 rings, protection, 375–376, 376 RIP Routing Information Protocol, 75 risk in business continuity planning acceptance and mitigation, 525 assessment, 524 identification, 516–517 defined, 708 risk analysis, 185, 708 risk management, 185 defined, 708 handling risk, 195–196 methodologies, 188–190 qualitative analysis, 193–194 quantitative analysis, 190–193 terminology, 186–187, 187 risk mitigation, 195 risk tolerance, 195, 708 Rivest, Ronald, 337, 342 Rivest, Shamir, and Adleman RSA encryption, 337–338, 708 Rivest Cipher 5 RC5 algorithm, 320 Rogier, Nathalie, 342 role-based access controls RBAC, 23, 25–26, 708 roles, security, 179–180 ROLLBACK command, 219 ROM read-only memory, 382–383, 705 root accounts, 494 root level, 708 rootkits, 278, 708 Rosenberger, Rob, 264 ROT3 Rotate 3 cipher, 294, 307 routers, 101 defined, 708 in Network layer, 75 Routing Information Protocol RIP, 75 rows in databases, 217 Royce, Winston, 237 RPC Remote Procedure Call, 76 RSA Rivest, Shamir, and Adleman encryption, 337–338, 708 RTO recovery time objective, 706 rule-based access controls, 24, 708 running key ciphers, 309–310, 708 running state, 377, 708 S S-HTTP Secure HTTP, 353, 710 SMIME Secure Multipurpose Internet Mail Extensions protocol, 105, 134, 352–353, 710 S-RPC Secure Remote Procedure Call, 77, 104, 710 sabotage, 493 safe computing, 451 safe harbor sites, 590 safeguards, 187 calculating, 192–193 defined, 708 in distributed architecture, 395–396 safety of people, 520–521, 640 in physical security, 640–647 sags, 641, 709 salami attacks, 438, 709 salts for passwords, 496, 709 sampling in auditing, 482, 709 sandbox concept, 214, 268, 709 sanitation of media, 460, 709 SAs security associations, 357, 710 SATAN tool, 487 scalability in symmetric key algorithms, 313 scanning attacks, 279–280, 611, 709 scavenging, 490, 709 schemas, database, 219, 709 Schneier, Bruce, 319, 321 screened hosts, 98–99 screening job candidates, 177–178 script kiddies, 258, 609 scripted access, 23, 709 scripts, logon, 693 SDLC Synchronous Data Link Control protocol defined, 716 polling in, 87 in WANs, 79, 108, 130 search warrants, 594, 614, 709 second-tier attacks, 140–141, 709 secondary evidence, 592, 709 secondary memory, 385–386, 709 secondary storage, 225, 387, 709 Secret classification, 164, 709