Glossary

Access – Ability to make use of any information system (IS) resource.

Alert – Notification that specific attack has been directed at an organization’s information systems.

Agent – A program acting on behalf of a person or organization.

Analysis – The examination of acquired data for its significance and probative value to the case.

Asset – A major application, general support system, high impact program, physical plant, mission critical system, personnel, equipment, or a logically related group of systems.

Attack – Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.

Authorization – Access privileges granted to a user, program, or process or the act of granting those privileges.

Availability – Ensuring timely and reliable access to and use of information.

Backdoor - An undocumented way of gaining access to a computer system. A backdoor is a potential security risk.

Backup – A copy of files and programs made to facilitate recover, if necessary.

Baseline Configuration – A set of specifications for a system or Configuration Item (CI) within a system, that has been formally reviewed and agreed on at a given point in time, and which can be changed only through change control procedures. The baseline configuration is used as a basis for future builds, releases, and/or changes.

Blacklist – A list of discrete entities, such as hosts or applications, that have been previously determined to be associated with malicious activity.

Brute Force Password Attack - A method of accessing an obstructed device through attempting multiple combinations of numeric and/or alphanumeric passwords.

Buffer Overflow Attack - A method of overloading a predefined amount of space in a buffer, which can potentially overwrite and corrupt data in memory.

Client - Individual or process acting on behalf of an individual who makes requests of a guard or dedicated server. The client’s requests to the guard or dedicated server can involve data transfer to, from, or through the guard or dedicated server.

Client (Application) - A system entity, usually a computer process acting on behalf of a human user, that makes use of a service provided by a server.

Common Vulnerabilities and Exposures (CVE) - A dictionary of common names for publicly known information system vulnerabilities.

Compromise – Disclosure of information to unauthorized persons, or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred.

Computing Environment - Workstation or server (host) and its operating system, peripherals, and applications.

Confidentiality – Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.

Configuration Control - Process of controlling modifications to hardware, firmware, software, and documentation to protect the information system against improper modification prior to, during, and after system implementation.

Continuous Monitoring – Maintaining ongoing awareness to support organizational risk decisions.

Continuity of Operations Plan (COOP) - A predetermined set of instructions or procedures that describe how an organization’s mission-essential functions will be sustained within 12 hours and for up to 30 days as a result of a disaster event before returning to normal operations.

Cookie - A piece of state information supplied by a Web server to a browser, in a response for a requested resource, for the browser to store temporarily and return to the server on any subsequent visits or requests.

Critical Asset – Systems and assets, whether physical or virtual, so vital to the organization that the incapacity or destruction of such systems and assets would have a debilitating impact on the organization's ability to perform daily functions.

Cryptography - The discipline that embodies the principles, means, and methods for the transformation of data in order to hide their semantic content, prevent their unauthorized use, or prevent their undetected modification.

Cyber Attack - An attack, via cyberspace, targeting an enterprise’s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the integrity of the data or stealing controlled information.

Cyberspace - A global domain within the information environment consisting of the interdependent network of information systems infrastructures including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.

Data – A subset of information in an electronic format that allows it to be retrieved or transmitted.

Decryption - The process of changing ciphertext into plaintext using a cryptographic algorithm and key.

Defense-in-Depth – Information security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and dimensions of the organization.

Disaster Recovery Plan (DRP) - A written plan for recovering one or more information systems at an alternate facility in response to a major hardware or software failure or destruction of facilities.

Disconnection - The termination of an interconnection between two or more IT systems. A disconnection may be planned (e.g., due to changed business needs) or unplanned (i.e., due to an attack or other contingency).

Distributed Denial of Service (DDoS) - A Denial of Service technique that uses numerous hosts to perform the attack.

Domain – An environment or context that includes a set of system resources and a set of system entities that have the right to access the resources as defined by a common security policy, security model, or security architecture.

Environment – Aggregate of external procedures, conditions, and objects affecting the development, operation, and maintenance of an information system.

Event – Any observable occurrence in a network or system. Events sometimes provide indication that an incident is occurring.

File Encryption – The process of encrypting individual files on as storage medium and permitting access to the encrypted data only after proper authentication is provided

Firewall – A hardware or software gateway that limits access between networks in accordance with local security policy

Firmware – Computer programs and data stored in hardware – typically in read only memory(ROM) or programmable read-only memory (PROM) – such that the programs and data cannot be dynamically written or modified during execution of the programs

Flaw – Error or commission, omission, or oversight in an information system that may allow protection mechanisms to be bypassed

Flooding - An attack that attempts to cause a failure in a system by providing more input than the system can process properly.

Forensics – The practice of gathering, retaining, and analyzing computer related data for investigative purposes in a manner that maintains the integrity of the data.

Gateway – Interface providing compatibility between networks by converting transmission speeds, protocols, codes, or security measures.

Hacker - Unauthorized user who attempts to or gains access to an information system.

Hardening - Configuring a host’s operating systems and applications to reduce the host’s security weaknesses.

Hardware – The physical components of an information system.

Image – An exact bit-stream copy of all electronic data on a device, performed in a manner that the information is not altered.

Impact Level – The magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability.

Incident – An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.

Incident Handling – The mitigation of violations of security policies and recommended practices.

Industrial Control System (ICS) – An information system used to control industrial processes such as manufacturing, product handling, production, and distribution. Industrial control systems include SCADA used to control geographically dispersed assets, as well as Distributed Control Systems (DCS) and smaller control systems using Programmable Logic Controllers (PLCs) to control localized processes.

Information – Any communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual.

Information Management - The planning, budgeting, manipulating, and controlling of information throughout its life cycle.

Insider Threat - An entity with authorized access (i.e., within the security domain) that has the potential to harm an information system or enterprise through destruction, disclosure, modification of data, and/or denial of service.

Integrity – Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity.

Intellectual Property – Creations of the mind – creative works or ideas embodied in a form that can be shared or can enable others to recreate, emulate or manufacture them to include patents, trademarks, copyrights, or trade secrets.

Internet – The Internet is the single, interconnected, worldwide system of commercial, governmental, educational, and other computer networks that share:

• The protocol suite specified by the Internet Architecture Board (IAB), and
• The name and address spaces managed by the Internet Corporation for Assigned Names and Numbers (ICANN).

Jamming - An attack in which a device is used to emit electromagnetic energy on a wireless network’s frequency to make it unusable.

Key Logger - A program designed to record which keys are pressed on a computer keyboard used to obtain passwords or encryption keys and thus bypass other security measures.

Least Privilege - The security objective of granting users only those accesses they need to perform their official duties.

Logic Bomb - A piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.

Management Controls – Actions taken to manage the development, maintenance, and use of the system, including system specific policies, procedures and rules of behavior, individual roles and responsibilities, individual accountability, and personnel security decisions.

Man-in-the-middle Attack (MitM) - A form of active wiretapping attack in which the attacker intercepts and selectively modifies communicated data to masquerade as one or more of the entities involved in a communication association.

Masquerading - A type of threat action whereby an unauthorized entity gains access to a system or performs a malicious act by illegitimately posing as an authorized entity.

Mobile Device – Portable cartridge/disk-based, removable storage media (i.e. compact disks, USB flash drives, external hard drives, and other flash memory cards/drives that contain nonvolatile memory). As well as portable computing and communications devices with information storage capability (i.e. notebook/laptop computers, personal digital assistants, cellular telephones, digital cameras, and audio recording devices)

Network – Access to an organizational system by a user (or a process acting on behalf of a user) communication through a network (i.e. local area network, wide area network, Internet).

Operational Controls - The security controls (i.e., safeguards or countermeasures) for an information system that primarily are implemented and executed by people (as opposed to systems).

Password – A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization.

Password Cracking - The process of recovering secret passwords stored in a computer system or transmitted over a network.

Patch – An update to an operating system, application, or other software issued specifically to correct particular problems with the software.

Personal Identification Number (PIN) – An alphanumeric code or password used to authenticate an identify.

Plaintext – Unencrypted information.

Privacy – Restricting access to subscriber or relying party information in accordance with federal and state laws.

Privilege – A right granted to an individual, a program, or a process.

Privilege Management – The definition and management of policies and processes that define the ways in which the user is provided access rights to enterprise systems. It governs the management of the data that constitutes the user’s privileges and other attributes, including the storage, organization and access to information in directories.

Privileged User – A user that is authorized (and, therefore, trusted) to perform security relevant functions that ordinary users are not authorized to perform.

Probe - A technique that attempts to access a system to learn something about the system.

Quarantine – Store files containing malware in isolation for future disinfection or examination.

Remediation – The act of correcting a vulnerability or eliminating a threat. Three possible types of remediation are installing a patch, adjusting configuration settings, or uninstalling a software application.

Remote Access – Access to organization's information systems by a user (or an information system acting on behalf of a user) communicating through an external network (i.e. Internet).

Residual Risk – The remaining potential risk after all IT security measures are applied. There is a residual risk associated with each threat.

Risk – The level of impact on organization's operations (including mission, functions, image, or reputation), assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring.

Risk Assessment – The process of identifying the risks to system security and determining the likelihood of occurrence, the resulting impact, and the additional safeguards that mitigate this impact.

Risk Management – The process of managing risks to organization's operation (including mission, functions, image, reputation), assets, and individuals from the operation or use of an information system. It includes risk assessment; cost-benefit analysis; the selection, implementation, and assessment of controls. The process consider effectiveness, efficiency, and constraints due to laws, directives, and policies.

Risk Mitigation – Prioritizing, evaluating, and implementing the appropriate risk reducing controls/countermeasures recommended from the risk management process.

Risk Tolerance – The level of risk an entity is willing to assume in order to achieve a potential desired result.

Root Cause Analysis - A principle-based, systems approach for the identification of underlying causes associated with a particular set of risks.

Rootkit - A set of tools used by an attacker after gaining root-level access to a host to conceal the attacker’s activities on the host and permit the attacker to maintain root-level access to the host through covert means.

Safeguards – Protective measures prescribed to meet the security requirements (i.e. confidentiality, integrity, and availability) specified for an information system. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices.

Sanitization – Process to remove information from media such that information recovery is not possible. It includes removing all labels, markings, and activity logs.

Security – A condition that results from the establishment and maintenance of protective measures the enable an organization to perform its mission or critical functions despite risks posed by threats to its use of information system. Protective measures may involve a combination of deterrence, avoidance, prevention, detection, recovery, and correction that should form part of the organization's risk management approach.

Supervisory Control and Data Acquisition (SCADA) – A generic name for a computerized system that is capable of gathering and processing data and applying operational controls over long distances. Typical uses include power transmission and distribution and pipeline systems. SCADA was designed for the unique communication challenges (delays, data integrity, etc.) posed by the various media that must be used, such as phone lines, microwave, and satellite. Usually shared rather than dedicated.

System Administrator – A person who manages the technical aspects of a system.

System Assets – Any software, hardware, data, administrative, physical, communications, or personnel resource within an information system.

Tampering – An intentional event resulting in modification of a system, its intended behavior, or data. unauthorized by self or 3rd party can nullify agreement

Technical Controls - The security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system.

Telecommunications - Preparation, transmission, communication, or related processing of information (writing, images, sounds, or other data) by electrical, electromagnetic, electromechanical, electro-optical, or electronic means.

Threat – Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat source to successfully exploit a particular information system vulnerability.

Time Bomb - Resident computer program that triggers an unauthorized act a predefined time.

Tracking Cookie - A cookie placed on a user’s computer to track the user’s activity on different Web sites, creating a detailed profile of the user’s behavior.

Transmission – The state that exists when information is being electronically sent from one location to on or more other locations.

Unauthorized Access – Occurs when a user, legitimate or unauthorized, accesses a resource that the user is not permitted to use.

Unauthorized Disclosure – An even involving the exposure of information to entities not authorized to access to the information.

User(s) – Individual or system process acting on behalf of an individual authorized to access an information system.

User ID – Unique symbol or character string used by an information system to identify a specific user.

Web Bug - Malicious code, invisible to a user, placed on Web sites in such a way that it allows third parties to track use of Web servers and collect information about the user, including IP address, host name, browser type and version, operating system name and version, and Web browser cookie.

Whitelist – A list of discrete entities, such as hosts or applications that are known to be benign and are approved for use within an organization and/or information system.

Wireless Access Point (WAP) - A device that acts as a conduit to connect wireless communication devices together to allow them to communicate and create a wireless network.

Wireless Local Area Network (WLAN) - A group of wireless networking devices within a limited geographic area, such as an office building, that exchange data through radio communications. The security of each WLAN is heavily dependent on how well each WLAN component—including client devices, APs, and wireless switches—is secured throughout the WLAN lifecycle, from initial WLAN design and deployment through ongoing maintenance and monitoring.