CPM Dictionary: P
Package: Object that contains files and instructions for distributing software
Packaged Disaster Hospital: Unit of sufficient medical supplies and equipment to establish a complete 200-bed hospital; placed throughout the U.S. and overseas and configured for long-term storage to augment medical facilities in time of a major disaster
Packet: Primary unit of a message transmitted over a packet-switching network; contains destination address in addition to the data; often referred to as datagrams
Packet Filter: Early type of firewall; accepts or rejects traffic based on source and destination addresses, as well as the type of traffic
Packet Switched Network: Type of network where individual packets follow their own paths through the network from one endpoint to another, based on availability of network pathways and various routing parameters
Padding: String of random data, typically added to plaintext in a block cipher when the last plaintext block is short, or the original data contains long strings of null data
Pagejacking: Masquerade attack where attacker copies a home page or other material from target server, re-hosts page on a server the attacker controls, and causes the re-hosted page to be indexed by major Web search engines, thereby diverting browsers from the actual target server to the attacker's server
Pandemic: Epidemic occurring worldwide, or over a very wide area, crossing international boundaries, and usually affecting a large number of people. See also Epidemic
Paper Plan Syndrome: Situation characterized by illusion of preparedness based on completion of only a written plan; also occurs when planning is based on invalid assumptions
Parameter: Value assigned to a variable
Parity: Quality of an integer being odd or even. See also Parity Bit, Parity Checking
Parity Bit: Extra bit (either 0 or 1) added to a group of bits to make it either even or odd, depending on whether even parity or odd parity is used; used to check for errors in data transfers between computers, usually over a modem or null modem cable
Parity Checking: Process of verifying data integrity transferred between computers, usually over a modem or null modem cable; most common methods are even parity checking and odd parity checking
Participating Hospitals: Institutions participate in an approved emergency management system or program. See also Associate Hospitals; Disaster POD Hospitals; Resource Hospitals
Partitioned Security Mode: Operational mode where all personnel have clearance but not necessarily formal access approval and need to know for all information contained in a system. See also Modes of Operation
Partitions: Major divisions of available physical hard disk space
Passive Attacks: Unauthorized intrusions that generally involve listening or spying on a system
Passive Immunity: Conferred by an antibody, such as variola immune globulin (VIG), produced in another host and acquired either naturally by an infant from its mother or artificially by administration of an antibody-containing preparation, such as antiserum or immune globulin (VIG). See also Active Immunity
Passive Immunization: Administration of preformed antibodies to confer immunity to a specific pathogen or toxin. See also Active Immunization, Immunization
Password: Unique string of characters that a user types as an identification code to restrict access to computers and sensitive files; system compares the code against a stored list of authorized passwords and users
Password Attack: Attempts to obtain or decrypt a legitimate user's password; attackers use password dictionaries, cracking programs, and password sniffers in password attacks. See also Dictionary Attack, Password Sniffing
Password Authentication Protocol (PAP): Simple authentication mechanism where a user enters a password and it is then sent across the network, usually in the clear
Password Cracking: Process of attempting to guess passwords, given password file information
Password Sniffing: Passive wiretapping, usually on a local area network, to gain knowledge of passwords
Patch: Update released by a software manufacturer to fix bugs in existing programs
Patching: Updating software to a different version
Pathogen: Organisms capable of causing disease. See also Disease
Pathogenesis: Mechanisms by which an etiologic agent produces disease. See also Etiologic
Pathogenicity: Property of an organism that determines extent to which overt disease is produced in an infected population, or the power of an organism to produce disease; also used to describe comparable properties of toxic chemicals; measured by ratio of the number of persons developing clinical illness to the number exposed to infection. See also Virulence
Payload: Actual application data a packet contains; also a destructive or security-breaking activity, usually considered separately from its delivery mechanism, which may be a Trojan horse, virus, or other means of transmission or emplacement. See also Malware
Payload Trigger: Condition that causes virus to activate or drop its destructive payload; launch may be date-sensitive or affected by other conditions; payload may be triggered based on execution of certain programs or on the availability of an Internet connection
PAZ: See Protective Action Zone; Emergency Planning Zones
PC Compatible: See also ISA
PDA: See Preliminary Damage Assessment
Peer Review: Method for testing specific plan components; typically, personnel (other than the owner or author) with appropriate technical or business knowledge review plan components for accuracy and completeness
Penetration: Gaining unauthorized logical access to sensitive data by circumventing a system's protections
Penetration Signature: Characteristics or identifying marks that may be produced following a penetration; may be used in intrusion detection and prevention systems
Penetration Study: Examines feasibility of and methods for defeating system controls
Penetration Testing: Security and vulnerability testing process in which evaluators attempt to circumvent system security features; evaluators may use all available system design and implementation documentation, including listings of system source code, manuals, and circuit diagrams
Perfect Forward Secrecy: See also Forward Secrecy
Perimeter-Based Security: Technique for securing a network or system by controlling access to all entry and exit points
Period of Tolerance: Time in which a business continuity event can escalate to a potential disaster without undue impact to the organization
Periods Processing: Situation in which processing of various levels of sensitive information occurs at distinctly different times; system must be purged of all information from one processing period before transitioning to the next when there are different users with differing authorizations
Peripheral Device: Equipment (usually attached to one of the computer's ports) that lets users send and receive data to and from a computer; includes printers, modems, mouse devices, and keyboards
Permission: Defines authorized interactions a subject can have with an object; examples include: read, write, execute, add, modify, and delete; also referred to as privileges or rights
Permutation: Process that scrambles a message by retaining the same letters but changing their position within text
Persistent Storage: Medium that remains intact when power to it is disconnected; also called non-volatile storage
Personal Convergence: Tendency in disasters for persons to move towards a disaster site, contrary to flight away from a disaster site, due to curiosity or wanting to volunteer assistance. See also Convergence, Informational Convergence, and Material Convergence
Personal Firewalls: Installed and operated on individual PCs
Personnel Security: Procedures established to ensure that all personnel who have access to sensitive information have the required authority as well as appropriate clearances
PGP (Pretty Good Privacy): Popular encryption program using a hybrid symmetric/asymmetric encryption system and a non-hierarchical web of trust certification model; versions include commercial, international, and open source
Phreak: People interested in breaking into or otherwise manipulating telephone systems and networks; act of manipulating phone networks and systems is phreaking
Physical Control: See also Controls
Physical Exposure: Rating used to calculate vulnerability, based on whether a threat must have physical access to a system to exploit vulnerabilities
Physical Security: Application of physical barriers and control procedures as preventive measures or countermeasures against threats to resources and sensitive information
Piggyback: Gaining unauthorized access to a system via another user's legitimate connection. See also Between-the-Lines Entry
Ping: Basic Internet program that verifies the existence of a particular Internet address and that it can accept requests; the act of using the ping utility or command; diagnostically used to ensure that a host computer or other system is operational
Ping of Death: Attack that sends an improperly large ICMP echo request packet (a "ping") with the intent of overflowing input buffers of the destination machine and causing it to crash
Ping Scan: Looks for machines that are responding to ICMP echo requests
Ping Sweep: Attack that sends ICMP echo requests ("pings") to a range of IP addresses, with the goal of finding hosts that can be probed for vulnerabilities
PKI (Public Key Infrastructure): Framework established to issue, maintain, and revoke public key certificates accommodating a variety of security technologies
Plaintext: Ordinary readable text before being encrypted into ciphertext or after being decrypted
Plan Administrator: Individual responsible for documenting recovery activities and tracking recovery progress
Plan Maintenance: Process in which an organization’s business continuity plans and associated resources are kept up-to-date and effective
Plan Maintenance Procedures: Define the process for review and update of business continuity plans
Planning: Work cooperatively with others in advance of a disaster to initiate prevention and preparedness activities
Planning Agent: Military or civilian official of a DoD component, designated by the leader of that component, to exercise delegated authority for civil assistance planning for the entire component or for certain subordinate elements or a specified geographic area
Planning Meeting: Gathering of team members held as needed throughout the duration of an incident to select specific strategies and tactics for incident control operations and for service and support planning; can be a major element in the development of Incident Action Plans for larger incidents
Planning Section: One of the five primary ICS functions that is responsible for the collection, evaluation, and dissemination of information related to the incident or an emergency, and for the preparation and documentation of incident or emergency action plans; maintains information on current and forecasted situation, and on status of resources assigned to the incident; can include Situation, Resource, Documentation, and Demobilization Units, as well as Technical Specialists
Plume Exposure Pathway: See Emergency Planning Zones
POD, Disaster: See Disaster POD
POD Hospitals, Disaster: See Disaster POD Hospitals
Point of Arrival: Designated location (typically an airport) within or near disaster area where newly arriving staff, supplies, and equipment are initially directed; upon arrival, personnel and other resources are dispatched to a mobilization center, staging area, or a disaster site
Point of Departure: Designated location (typically an airport) outside the disaster area from which response personnel and resources will deploy to the disaster area
Point-to-Point Protocol (PPP): Communication protocol between two computers using a serial interface, typically a personal computer connected by phone line to a server; packages TCP/IP packets and forwards them to the server where they can actually be put on the Internet
Point-to-Point Tunneling Protocol (PPTP): Communications protocol that helps organizations extend their own corporate networks through private "tunnels" over the public Internet
Policy: Organizational-level rules governing acceptable use of computing resources, security practices, and guiding development of operational procedures
Policy Library: Repository of all established and approved policies (pre-configured and user-defined)
Polyinstantiation: Ability of a database to maintain multiple records with the same key; used to prevent inference attacks
Polymorphic Virus: Changes its byte pattern when it replicates; thereby, avoids detection by simple string-scanning techniques
Polymorphism: Process by which malicious software changes its underlying code to avoid detection
Population: All inhabitants of a given country or area considered together; the number of inhabitants of a given country or area
Population Displacements: Usually associated with crisis-induced mass migration where large numbers of people are forced to leave their homes to seek alternative means of survival; typically result from effects of conflict, severe food shortages or collapse of economic support systems
Population Protection Program: State and local government plans, systems, and capabilities required to improve the survivability of the population from effects of natural disasters, technological hazards, and nuclear attack; specific activities include: 1) Population Protection Planning, which provides for development and maintenance of a single multi-hazard Emergency Operations Plan with evacuation and in-place protection for all jurisdictional hazards; and 2) Facility Survey, Engineering, and Development, which identifies buildings and building features that provide emergency lodging, space and facilities, and protection from the hazards generated by conditions
Port: 1) Hardware location for passing data in and out of a computing device; PCs typically have ports for connecting disk drives, monitors, keyboards, modems, printers, mouse devices, and other peripherals; 2) in TCP/IP and UDP networks, name given to an endpoint of a logical connection; example: both TCP and UDP use port 80 for transporting HTTP data
Port Scan: Series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a "well-known" port number, the computer provides; identifies where to probe for weaknesses
Possession: Holding, control, and ability to use information
Post-Impact Phase: Period of time following a disaster event; associated with response and recovery activities. See also Pre-Impact Phase
Post Office Protocol, Version 3: (POP3) Internet Standard protocol where a client workstation can dynamically access a mailbox on a server host to retrieve mail messages that the server has received and is holding for the client
Post Traumatic Stress Disorder (PTSD): Condition caused by a major traumatic event where a person experienced, witnessed or was confronted with an event that involved actual or threatened death or serious injury or threat to the physical integrity of self or others. See also Trauma Counseling and Trauma Management
Potential Damage: Rating that calculates vulnerabilities, based on relative damage incurred if a threat exploits a vulnerability
Potential Epidemic: See Threatened Epidemic
Practical Extraction and Reporting Language (Perl): Script programming language that is similar in syntax to the C language and includes a number of Unix facilities such as sed, awk, and tr
Prank: Software which appears to cause problems or damage, but which, in fact, does not
Pre-Disaster Response: Based on potential or known threat of a natural disaster, e.g., hurricane, typhoon or volcanic eruption, or comparable event, preparatory actions taken by Federal, state, and local governments to protect life and property and to minimize impact of the event on response personnel and equipment
Pre-Disaster Period/Measures: Period of time when there is no immediate threat but long-term actions are taken in anticipation of them Pre-Impact Phase: Period of time before a disaster strikes; often associated with mitigation and prevention activities. See also Post-Impact Phase
Pre-Positional Resource: Material (e.g., equipment, forms and supplies) stored at an offsite location to be used in business recovery operations
Preamble: Signal used in network communications to synchronize the transmission timing between two or more systems; defines a specific series of transmission pulses understood by communicating systems to mean "someone is about to transmit data"; ensures that systems receiving information correctly interpret when data transmission starts
Precautionary Evacuation: Occurs when people decide to abandon their homes: to avoid anticipated violence or some other aspect of civil conflict (such as conscription); or to leave while they can still sell their assets and evacuate in an orderly manner
Precautionary Zone (PZ): See Emergency Planning Zones
Precautions, Airborne: See Airborne Precautions
Precautions, Contact: See Contact Precautions
Precautions, Droplet: See Droplet Precautions
Precautions, Respiratory: See Airborne Precautions
Precautions, Standard: See Standard Precautions
Predictive Risk Assessment: Process consisting of risk assessment, business objectives, business objective risk, business task, business task risk, and business impact assessment
Predictive Vulnerability Assessment: Process consisting of vulnerability assessment, safeguards, safeguard assessment, assets, asset value, asset measure, risk, risk measure, and residual risk
Preferred Products List (PPL): Commercially produced equipment that meets TEMPEST and other requirements defined by the U.S. National Security Agency
Preliminary Damage Assessment (PDA): Determines impact and magnitude of damage and the resulting unmet needs of individuals, businesses, the public sector, and the community as a whole; data collected is used by State (primarily) or other government agencies as a basis for the Governor's request for a Presidential disaster declaration, and by FEMA/DHS to document the recommendation made to the President in response to the Governor's request
Preparation Phase: Involves taking preparedness actions to implement plans, procedures, and programs; commences with decision by appropriate authorities to increase national readiness in one or more areas for a major domestic emergency or during periods of escalating international tensions; included in this phase are activities such as increased stockpiling, increased industrial production, imposition of added taxes, call-up of Civil Reserve Air Fleet and National Defense Executive Reserve, ordering to active duty of selected reservists, institution of military stop-loss actions, and resumption of conscription Preparedness: 1) Involves development and regular testing of warning systems (linked to forecasting systems) and plans for evacuation or other measures to be taken during a disaster alert period to minimize potential loss of life and physical damage; 2) education and training of officials and population at risk; 3) establishment of policies, standards, organizational arrangements and operational plans for use following a disaster; 4) securing of resources; 5) training of intervention teams; 6) designing warning systems, planning for evacuation and relocation, building temporary shelter, devising management strategies, and holding disaster drills and exercises
Preparedness Activities: Enhance abilities of individuals, communities, and businesses to respond to a disaster through disaster exercises, disaster-preparedness training, and public education
Preparedness Measures: 1) Steps that ensure readiness and ability of a society to a) forecast and take precautionary measures in advance of an imminent threat (especially where advance warnings are possible), and b) respond to and cope with effects of a disaster by organizing and delivering timely and effective rescue, relief and other appropriate post-disaster assistance; involves development and regular testing of warning systems (linked to forecasting systems) and plans for evacuation or other measures activated during a disaster alert period to minimize potential loss of life and physical damage; 2) education and training of officials and the population at risk; 3) establishment of policies, standards, organizational arrangements and operational plans to be applied following a disaster impact; 4) securing of resources (possibly including the stockpiling of supplies and the earmarking of funds); 5) training of intervention teams; 6) activities designed to minimize loss of life and damage, organize the temporary removal of people and property from a threatened location, and facilitate timely and effective rescue, relief and rehabilitation; 7) administrative, individual and community actions to minimize loss of life and damage, and facilitate effective rescue, relief and rehabilitation; 8) activities, programs, and systems that exist prior to an emergency that support and enhance response to an emergency or disaster
Press Conference: Organized gathering of electronic and print media representatives for the purpose of obtaining information about an event for their programs and publications, respectively; ideally defines an organization spokesperson(s) who appears at a specific venue and time(s) to brief and answer questions from the media
Press Briefings: See also Press Conference
Press Statements: Prepared statements issued to the media during and/or after a emergency. See also Press Briefings, Press Conference
Pretty Good Privacy (PGP)TM: Computer program (and related protocols) that uses cryptography to provide data security for electronic mail and other Internet applications; trademark of Network Associates, Inc.
Prevalence: Number of events, e.g., instances of a given disease or other condition, in a given population at a designated time
Prevention: Measures put in place to lessen likelihood of a business threatening event; actions aimed at eradicating, eliminating, or minimizing the impact of disease and disability, or if none of these is feasible, retarding the progress of disease and disability; three prevention levels are defined: a) primary prevention prevents the occurrence of death, injury, illness in a disaster (e.g., evacuation of a community in a flood-prone area, sensitizing warning systems for tornadoes and severe storms); b) secondary prevention mitigates health consequences of disasters, e.g., using carbon monoxide detectors or building "safe rooms" in dwellings located in tornado-prone areas; c) tertiary prevention minimizes the effects of disease and disability among those with pre-existing health conditions; shields persons with health conditions from negative health effects relating to a disaster; includes protecting persons with respiratory illnesses and those prone to respiratory conditions from the haze and smoke that originates from forest fires and sheltering elderly who are prone to heat illnesses during episodes of extreme ambient temperatures
Prevention, Primary: See Prevention
Prevention, Secondary: See Prevention
Prevention, Tertiary: See Prevention
Preventive Control: See Controls
Primary Agency: Federal department or agency assigned primary responsibility to manage and coordinate a specific emergency support organization as part of a Federal response to a major disaster; designated on the basis of their having the most authorities, resources, capabilities, or expertise relative to accomplishment of the specific emergency support activities
Primary Contact: Person(s) in direct contact or associated with a communicable disease case. See also Communicable Disease; Direct Contact
Print Suppression: Eliminate displaying of characters to preserve their secrecy; e.g., not displaying characters of a password as it is keyed at the input terminal
Prioritization: Order in which mission critical activities and their dependencies are addressed following invocation of an emergency plan or business continuity plan
Privacy: Condition of being isolated from view, or secret; right of an entity (normally a person), acting in its own behalf, to determine the degree to which it will interact with its environment, including the degree to which the entity is willing to share information about itself with others. See also Anonymity
Private Key: Refers either to a shared key in a symmetric encryption system, or the confidential part of the key pair used in an asymmetric system
Privilege: See also Permission
Privileged Instructions: Rules (e.g., interrupt handling or special computer instructions) used to control features (such as storage protection) that are generally executable only when the automated system is operating in the executive state
Probability: Likelihood of a risk occurring
Probe: Device or program used to gather information about a system or its users; pinging is commonly used utility for sending such a probe. See also Ping
Procedural Security: See also Administrative Security
Process: Program in execution. See also Domain and Subject
Procurement Unit: Functional unit within ICS Finance/Administration Section responsible for financial matters involving vendor contracts
Profiler: Automated configuration tool that scans networks for live systems and guides through process of defining systems that the user wants to monitor, as well as attack signatures that the user wants associated with each system
Profiling: Process of scanning a network for live systems to monitor and of associating attack signatures with those particular systems. See also Profiler
Program: Formal set of procedures to conduct an activity, e.g., eradication of smallpox or developing a business continuity exercise
Program Infector: Malware that attaches itself to existing program files
Program Policy: High-level policy that sets the overall tone of an organization's security approach
Project Management: Techniques and tools used to describe, control and deliver a series of activities with given deliverables, timeframes and budgets
Promiscuous Mode: Situation where a machine reads all packets off a network, regardless of to whom they are addressed; used by network administrators to diagnose network problems, but also by others who are trying to eavesdrop on network traffic (which might contain passwords or other information)
Property Filtering: Subcategory of a security policy that pertains to properties of email messages, such as attachment size, number of recipients, or whether an attachment is encrypted
Proprietary: Refers to information (or other property) that is owned by an individual or organization and for which the use is restricted by that entity
Proprietary Information: Content that is unique to a company and its ability to compete, such as customer lists, technical data, product costs, and trade secrets
Protection Philosophy: Informal description of overall system design that delineates each of the protection mechanisms employed; a combination, appropriate to the evaluation class, of formal and informal techniques is used to show that the mechanisms are adequate to enforce the security policy
Protection Ring: One of a hierarchy of privileged modes of a system that gives certain access rights to user programs and processes authorized to operate in a given mode; currently applied to Intel Pentium processors and Windows NT and 2000 operating systems
Protection-Critical Portions of the TCB: Portions of the Trusted Computer Base whose normal function is to deal with access control between subjects and objects; correct operation is essential to data protection
Protective Action Zone (PAZ): See Emergency Planning Zones
Protocol: Formal specification or rules for communicating; an IP address provides the rules that end points in a telecommunication connection use when they communicate
Protocol Stacks (OSI): Set of network protocol layers that work together
Proxy: Software agent, often a firewall mechanism, which performs a function or operation on behalf of another application or system while hiding the details involved
Proxy Server: Acts as an intermediary between a workstation user and the Internet so that a business or government agency can ensure security, administrative control, and caching service; proxy servers are associated with or part of a gateway server that separates the enterprise network from outside networks and a firewall server that protects the enterprise network from outside intrusion
Pseudo Flaw: Loophole deliberately implanted in an operating system program as a trap for intruders. See also Honeypot and Entrapment
Public Access System: Emergency telephone system through which the public notifies authorities of a medical emergency; accessed in North America by dialing 911
Public Affairs Officer (PAO): Federal agency headquarters official responsible for preparing and coordinating the dissemination of public information in cooperation with other responding Federal, state, and local government agencies
Public Apathy: Indifference to prompt to action among public at large, caused by underestimation of risk, reliance on technology, fatalism/denial, and social pressures. See also Apathy; Governmental Apathy
Public Domain: Implies access to and use by anyone, for any purpose, in any manner, without restriction; often refers to freeware, which requires no payment, but for which the author still assumes copyright and control, and shareware, which requires payment for continued use. See also Commercial, Open Source
Public Health: Science and art of preventing disease, prolonging life, and promoting health through organized efforts of society
Public Health Surveillance: Systematic collection, analysis and interpretation of health data that is used to plan, implement, and evaluate public health programs; also used to determine need for public health action. See also Public Health
Public Information Officer (PIO): Individual at field emergency level that has been delegated the authority to prepare public information releases and to interact with the media Public Key: Publicly disclosed component of a pair of cryptographic keys used for asymmetric cryptography
Public Key Encryption: Synonymous with asymmetric cryptography
Public Key Infrastructure (PKI): Enables users of a basically unsecured public network such as the Internet to securely and privately exchange data and money through the use of public and a private cryptographic key pairs that are obtained and shared through a trusted authority; provides a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates
Public-Key Forward Secrecy (PFS): Based on asymmetric cryptography, property that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the private keys is compromised in the future
Public Law 100-235 (P.L. 100-235): Also known as the Computer Security Act of 1987, creates a means for establishing minimum acceptable security practices for improving the security and privacy of sensitive information in Federal computer systems; designates the National Institute of Standards and Technology with responsibility for developing standards and guidelines for Federal computer systems processing unclassified data; also requires establishment of security plans by all Federal computer system operators that contain sensitive information
Purge: Removal of sensitive data from a system, system storage device, or peripheral device with storage capacity, at the end of a processing period; performed in such a way that there is assurance proportional to the sensitivity of the data that the data may not be reconstructed
Push Packages: See National Pharmaceutical Stockpile Program
PZ: See Emergency Planning Zones; Precautionary Zone
CPM Dictionary
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z