PCI-DSS (Index D-H)

Payment Card Industry (PCI) Data Security Standard (DSS)

Acronyms Glossary, Abbreviations and Acronyms


Database - Structured format for organizing and maintaining easily retrieved information.
Simple database examples are tables and spreadsheets
Data Base Administrator (DBA) - Database Administrator. Individual responsible for managing and administering databases
DBA (Doing Business As) - Doing business as. Compliance validation levels are based on transaction volume of a DBA or chain of stores (not of a corporation that owns several
chains)
Default accounts - System login account predefined in a manufactured system to permit initial access when system is first put into service
Default password - Password on system administration or service accounts when system is shipped from the manufacturer; usually associated with default account. Default
accounts and passwords are published and well known
DES - Data Encryption Standard (DES). Block cipher elected as the official Federal
Information Processing Standard (FIPS) for the United States in 1976. Successor is the Advanced Encryption Standard (AES)
DMZ - Demilitarized zone. Network added between a private and a public network to
provide additional layer of security
DNS - Domain name system or domain name server. System that stores information
associated with domain names in a distributed database on networks, such as
the Internet
DSS - Data Security Standard
Dual Control - Process of using two or more separate entities (usually persons) operating in
concert to protect sensitive functions or information. Both entities are equally responsible for the physical protection of materials involved in vulnerable transactions. No single person is permitted to access or use the materials (for example, the cryptographic key). For manual key generation, conveyance,loading, storage, and retrieval, dual control requires dividing knowledge of the key among the entities. See also, “split knowledge”
ECC - Elliptic curve cryptography. Approach to public-key cryptography based on
elliptic curves over finite fields
Egress - Traffic exiting a network across a communications link and into the customer's
network
Encryption - Process of converting information into an unintelligible form except to holders of a specific cryptographic key. Use of encryption protects information between the encryption process and the decryption process (the inverse of encryption) against unauthorized disclosure
FIPS - Federal Information Processing Standard
Firewall - Hardware, software, or both that protect resources of one network from
intruders from other networks. Typically, an enterprises with an intranet that
permits workers access to the wider Internet must have a firewall to prevent
outsiders from accessing internal private data resources
FTP - File transfer protocol
GPRS - General Packet Radio Service. Mobile data service available to users of GSM
mobile phones. Recognized for efficient use of limited bandwidth. Particularly suited for sending and receiving small bursts of data, such as e-mail and web browsing
GSM - Global System for Mobile Communications. Popular standard for mobile phones
Ubiquity of GSM standard makes international roaming very common between
mobile phone operators, enabling subscribers to use their phones in many parts
of the world
Host - Main computer hardware on which computer software is resident
Hosting Provider - Offer various services to merchants and other service providers. Services range from simple to complex; from shared space on a server to a whole range of
“shopping cart” options; from payment applications to connections to payment gateways and processors; and for hosting dedicated to just one customer per server
HTTP - Hypertext transfer protocol. Open-internet protocol to transfer or convey information on the World Wide Web

C Editing with VIM Editor Multi−file editing

Multi−file editing

One often needs to edit more than one file at a time. For example one maybe editing a header file and a source file at the same time. To edit more than one file at a time, invoke VIM using the following command
$ vim file1 file2 ...
Now you can edit the first file and move onto the next file using the command
:n
You can jump back using the command
:e#
It may be useful while coding if you could see both the files at the same time and switch between the two. In  other words, it would be useful if the screen was split and you could see the header file at the top and the source file at the bottom. VIM has such a command to split the screen. To invoke i, simply say 
:split
The same file will be displayed in both the windows. Whatever command is invoked, will affect only the window in focus. So one can edit another file in another window by using the command 
:e file2
After executing that command, you'll find that there are two files visible. One window shows the first file and the other shows the second file. To switch between the files one has to use the keystroke CTRL−W
CTRL−W. 
To learn more about split windows, just run help on it.

C Editing with VIM Editor - Formating automatically

VIM Editor  (Formating automatically)


Restricting column width
One often has to restrict the column width to 80 or 75 or whatever. One can set this quite easily by using the command  :set textwidth=80


To do this automatically just put the command in your .vimrc.


In addition to textwidth you may want the text to wrap at a certain column. Often such choices are dictated by the terminal one is using or it could just be by choice. The command for such a case is 
:set wrapwidth=60


The above command makes the text wrap at 60 columns



Automatically indent code
While coding in C, one often indents inner−blocks of code. To do this automatically while coding, VIM has  an option called cindent. To set this, just use the command
:set cindent


By setting cindent, code is automatically beautified. To set this command automatically, just add it to your .vimrc





Comments
VIM also allows you to auto−format comments. You can split comments into 3 stages: The first part, the  middle part and the end part. For example your coding style requirements may require comments to be in the following style
/*
* This is the comment
*/


In such a case the following command can be used


:set comments=sl:/*,mb:*,elx:*/


Let me decipher the command for you. The commands has three parts. The first part is sl:/*. This tells VIM  that three piece comments begin with /*. The next part tells VIM that the middle part of the comment is *. The last part of the command tells vim a couple of things. One that the command should end with */ and that  it should automatically complete the comment when you hit just /.


Let me give another example. Lets say your coding guidelines are as follows
/*
** This is the comment
*/
In such a situation you can use following command for comments
:set comments=sl:/*,mb:**,elx:*


to insert a comment just type /* and hit enter. The next line will automatically contain the **. After you've  finished the comment just hit enter again and another ** will be inserted. However to end the comment you want a */ and not **/. VIM is quite clever here. You don't need to delete the last * and replace it with /. Instead, just hit / and VIM will recognise it as the end of the comment and will automatically change the line from ** to */.


For more info hit :h comments

PCI-DSS (Index B-C)

Payment Card Industry (PCI) Data Security Standard (DSS)

Acronyms Glossary, Abbreviations and Acronyms

• Backup - Duplicate copy of data made for archiving purposes or for protecting against damage or loss
• Cardholder - Customer to whom a card is issued or individual authorized to use the card
• Cardholder data - Full magnetic stripe or the PAN plus any of the following: Cardholder name,Expiration date, Service Code
• Cardholder data environment - Area of computer system network that possesses cardholder data or sensitive authentication data and those systems and segments that directly attach or support cardholder processing, storage, or transmission. Adequate network segmentation, which isolates systems that store, process, or transmit cardholder data from those that do not, may reduce the scope of the cardholder data environment and thus the scope of the PCI assessment
• Card Validation Value or Code - Data element on a card's magnetic stripe that uses secure cryptographic process to protect data integrity on the stripe, and reveals any alteration or counterfeiting. Referred to as CAV, CVC, CVV, or CSC depending on payment card brand. The following list provides the terms for each card brand:

• CAV Card Authentication Value (JCB payment cards)
• CVC Card Validation Code (MasterCard payment cards)
• CVV Card Verification Value (Visa and Discover payment cards)
• CSC Card Security Code (American Express)
• Note: The second type of card validation value or code is the three-digit value
• printed to the right of the credit card number in the signature panel area on the
• back of the card. For American Express cards, the code is a four-digit
• unembossed number printed above the card number on the face of all payment
• cards. The code is uniquely associated with each individual piece of plastic and
• ties the card account number to the plastic. The following provides an overview:
• CID Card Identification Number (American Express and Discover payment cards)
• CAV2 Card Authentication Value 2 (JCB payment cards)
• CVC2 Card Validation Code 2 (MasterCard payment cards)
• CVV2 Card Verification Value 2 (Visa payment cards)
• Compensating controls - Compensating controls may be considered when an entity cannot meet a requirement explicitly as stated, due to legitimate technical or documented business constraints but has sufficiently mitigated the risk associated with the requirement through implementation of other controls. Compensating controls must 
• meet the intent and rigor of the original stated PCI DSS requirement;  
• repel a compromise attempt with similar force; 
• be “above and beyond” other PCI DSS requirements (not simply in compliance with other PCI DSS requirements); and 
• be commensurate with the additional risk imposed by not adhering to the PCI DSS requirement
• CIS - Center for Internet Security. Non-profit enterprise with mission to help organizations reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls
• Compromise - Intrusion into computer system where unauthorized disclosure, modification, or destruction of cardholder data is suspected
• Console - Screen and keyboard which permits access and control of the server or mainframe computer in a networked environment
• Consumer - Individual purchasing goods, services, or both 
• Cookies - String of data exchanged between a web server and a web browser to maintain a session. Cookies may contain user preferences and personal information
• Cryptography - Discipline of mathematics and computer science concerned with information security and related issues, particularly encryption and authentication and such applications as access control. In computer and network security, a tool for access control and information confidentiality

PCI-DSS (Index A)

Payment Card Industry (PCI) Data Security Standard (DSS)


Acronyms Glossary, Abbreviations and Acronyms

• AAA - Authentication, authorization, and accounting protocol 
• Accounting - Tracking of users’ network resources
• Access control - Mechanisms that limit availability of information or information processing resources only to authorized persons or applications
• Account harvesting - Process of identifying existing user accounts based on trial and error. [Note:Providing excessive information in error messages can disclose enough to make it easier for an attacker to penetrate and ‘harvest’ or compromise the system.]
• Account number - Payment card number (credit or debit) that identifies the issuer and the particular cardholder account. Also called Primary Account Number (PAN)
• Acquirer - Bankcard association member that initiates and maintains relationships with merchants that accept payment cards
• AES -  Advanced encryption standard. Block cipher adopted by NIST in November 2001. Algorithm is specified in FIPS PUB 197
• ANSI - American National Standards Institute. Private, non-profit organization that administers and coordinates the U.S. voluntary standardization and conformity assessment system
• Anti-Virus Program - Programs capable of detecting, removing, and protecting against various forms of malicious code or malware, including viruses, worms, Trojan horses, spyware, and adware.
• Application - Includes all purchased and custom software programs or groups of programs designed for end users, including both internal and external (web) applications
• Approved Standards - Approved standards are standardized algorithms (like in ISO and ANSI) and well-known commercially available standards (like Blowfish) that meet the intent of strong cryptography. Examples of approved standards are AES (128 bits and higher), TDES (two or three independent keys), RSA (1024 bits) and ElGamal (1024 bits) 
• Asset - Information or information processing resources of an organization
• Audit Log - Chronological record of system activities. Provides a trail sufficient to permit reconstruction, review, and examination of sequence of environments and activities surrounding or leading to operation, procedure, or event in a transaction from inception to final results. Sometimes specifically referred to as security audit trail
• Authentication - Process of verifying identity of a subject or process
• Authorization - Granting of access or other rights to a user, program, or process