Most of the terms from the version of the Glossary remain, but a number of them have updated definitions in order to remove inconsistencies among the communities. Both sets of terms have been included in this update of the glossary. Many cyber terms are coming into vogue and the Glossary Working Group has tried to include significant examples that have a useful distinction when compared to existing Information Assurance terms. But the net affect has been to add quite a few new terms to the glossary. When glossary terms have common acronyms, we have noted the acronym with the term and added the acronym to the acronym list. In some instances, there may be several meanings for the same acronym, and in that case we have tried to list all the common IA meanings.
|Published (Last):||4 December 2017|
|PDF File Size:||4.17 Mb|
|ePub File Size:||6.95 Mb|
|Price:||Free* [*Free Regsitration Required]|
Ability to make use of any information system IS resource. Source: CNSSI Access Control The process of granting or denying specific requests: 1 obtain and use information and related information processing services; and 2 enter specific physical facilities.
Source: FIPS Access Control Mechanism Security safeguards designed to detect and deny unauthorized access and permit authorized access to an information system.
Source: CNSSI Advanced Persistent Threat An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors e.
These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. Source: NIST SP Individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.
Source: CNSSI Antivirus Software A program that monitors a computer or network to identify all major types of malware and prevent or contain malware incidents. Source: CNSSI Attack An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity, availability, or confidentiality.
Source: NIST SP 63 Rev 2 Audit Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures, and to recommend necessary changes in controls, policies, or procedures. Also known as basic testing. Source: CNSSI Confidentiality Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.
Source: CNSSI NIST SP Critical Infrastructure System and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.
Source: NIPP Partnering for Critical Infrastructure Security and Resilience Cryptography The use of mathematical techniques to provide security services such as confidentiality, data integrity, entity authentication, and data origin authentication. Source: NIST SP Cybersecurity Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation.
Source: NIST SP Digital Forensics The application of science to the identification, collection, examination, and analysis, of data while preserving the integrity of the information and maintaining a strict chain of custody for the data. Source: NIST SP Digital Signature The result of a cryptographic transformation of data which, when properly implemented, provides the services of: 1 origin authentication, 2 data integrity, and 3 signer non-repudiation. Source: FIPS Disruption An unplanned event that causes an information system to be inoperable for a length of time e.
Source: CNSSI Hash Function An algorithm that computes a numerical value called the hash value on a data file or electronic message that is used to represent that file or message, and depends on the entire contents of the file or message. A hash function can be considered to be a fingerprint of the file or message.
Source: NIST SP Incident An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.
Also called IO. Source: CNSSI Information Security Policy Aggregate of directives, regulations, rules, and practices that prescribes how an organization manages, protects, and distributes information. Source: NIST SP CNSSI Information System Resilience The ability of an information system to continue to: i operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and ii recover to an effective operational posture in a time frame consistent with mission needs.
Source: CNSSI NIST SP Information Technology Any equipment or interconnected system that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information.
It commonly includes computers, ancillary equipment, software, firmware, similar procedures, services, and related resources. Source: NIST SP Intrusion A security event, or a combination of multiple security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system or system resource without having authorization to do so.
Factors include: i something you know e. Source: NIST SP Password A string of characters letters, numbers, and other symbols used to authenticate an identity or to verify access authorization.
Source: FIPS Patch An update to an operating system, application, or other software issued specifically to correct particular problems with the software. Source: NIST SP Penetration Testing Security testing in which evaluators mimic real-world attacks in an attempt to identify ways to circumvent the security features of an application, system, or network. Penetration testing often involves issuing real attacks on real systems and data, using the same tools and techniques used by actual attackers.
Most penetration tests involve looking for combinations of vulnerabilities on a single system or multiple systems that can be used to gain more access than could be achieved through a single vulnerability. Source: SP Ver 2 Port The entry or exit point from a computer for connecting communications or peripheral devices.
For digital signatures, the private key is uniquely associated with the owner and is not made public. The private key is used to compute a digital signature that may be verified using the corresponding public key.
Source: CNSSI Public Key A cryptographic key that is used with an asymmetric public key cryptographic algorithm and is associated with a private key. The public key is associated with an owner and may be made public. In the case of digital signatures, the public key is used to verify a digital signature that was signed using the corresponding private key. Source: FIPS To store files containing malware in isolation for future disinfection or examination. Source: NIST SP Resilience The ability to continue to: i operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and ii recover to an effective operational posture in a time frame consistent with mission needs.
Part of risk management and synonymous with risk assessment. NIST SP Risk Assessment The process of identifying, estimating, and prioritizing risks to organizational operations including mission, functions, image, reputation , organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system.
Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place.
Source: CNSSI Structured Query Language SQL Injection An attack technique that attempts to subvert the relationship between a webpage and its supporting database, typically in order to trick the database into executing malicious code. This includes all suppliers in the supply chain. Includes i developers or manufacturers of information systems, system components, or information system services; ii vendors; and iii product resellers.
Source: CNSSI System Integrity The quality that a system has when it performs its intended function in an unimpaired manner, free from unauthorized manipulation of the system, whether intentional or accidental.
A Tabletop Exercise A discussion-based exercise where personnel with roles and responsibilities in a particular IT plan meet in a classroom setting or in breakout groups to validate the content of the plan by discussing their roles during an emergency and their responses to a particular emergency situation.
A facilitator initiates the discussion by presenting a scenario and asking questions based on the scenario. Source: NIST SP Target of Attack An information technology product or system and associated administrator and user guidance documentation that is the subject of an attack.
Source: CNSSI Vulnerability Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. Source: FIPS Adapted from CNSSI Whitelist A list of discrete entities, such as hosts, email addresses, network port numbers, runtime processes, or applications that are authorized to be present or active on a system according to a well-defined baseline.
CNSSI NUMBER 4009, NATIONAL INFORMATION ASSURANCE (IA) GLOSSARY (26 APR 2010
Mujind Easily cnsei 24 days ago — save job — more Please note that all salary figures are approximations based upon third party submissions to Indeed. Responsible for preparation, review, revision, adjudication and maintenance of CNSS policy What tips or advice would you give to someone interviewing at ICF? Over 10 million stories shared. Lead a three-person workstream reporting to the program manager of a large comprehensive cnszi security program If you were to leave Booz Allen Hamilton, what would be the reason? Upload your resume — Let employers find you.
CNSSI 4009 Committee on National Security Systems (CNSS) Glossary
Glossary of Key Information Security Terms
CNSSI 4009 PDF