Definition of Information Security Terms

Jump to: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A

AbacusSentry

Public-domain UNIX utility to detect the use of a PortScanner? in real time.

Abend

See Crash.

Abuse

See ComputerAbuse? or Breach.

AccessControl

The technique of limiting access to a Sensitive resource, such that only Authorised subjects (typically users, systems or programs) can reach the resource. Includes both physical and logical controls e.g. locked doors and passwords.

AccessRights, AccessRules?

Having gained access to an AccessControlled? resource, a system may limit the subject's access rights (abilities) by access rules (criteria), typically using an ACL.

AccessRouter

A Router used to connect directly to TheInternet? or other external network. Generally forms the first SecurityInDepth? layer of network PerimeterControls? .

Account

See UserName?

Accountability

The concept of a higher authority (normally senior management) demanding that an individual takes ownership of a particular issue or activity. When openly promoted by those in authority, the threat of being 'held accountable' for one's actions can be a powerful DeterrentControl? . Implies the ability to trace and link actions uniquely to individuals, generally through the use of an AuditTrail? (recording what happened) coupled with AccessControl and user Authentication (specifically identifying the Perpetrator. Term is used more loosely in the wider sense of management Responsibility e.g. to implement appropriate Governance controls

ACL, AccessControlList?

In most OperatingSystems? , an object (e.g. a NetworkPort? , service, file, directory, memory location or device) may have a set of AccessControl rules attached to it. When a subject (normally a process acting on behalf of a user) attempts to access the object, security functions within the system's Kernel check down the access list until the subject's ID is matched, in which case the rule is executed. There may also be a default or implicit rule (e.g. allow full access or disallow all access) in case there is no explicit matching entry.

ActiveX

No permission to view CISSPForum.ActiveX

B

C

CRC-16

A Simple check sum that implements a Hash Function. It is not cryptographically strong? .

D

E

F

G

H

I

Information Security

characterized in ISO 17799 as "the preservation of confidentiality (ensuring that information is accessible only to those authorized to have access), integrity (safeguarding the accuracy and completeness of information and processing methods) and availability (ensuring that authorized users have access to information and associated assets when required). This classic CIA definition is meant to be conceptual not definitive or restrictive. Integrity? , for example, can be interpreted to include concepts such as trust and ethics.

J

K

L

M

MD5

A cryptogrpahically strong? hash function used to implement Message Authentication? . Need references

N

O

OOO Out Of The Office

An acronym for the pernicious messages that badly configured MUAs send when their owner is away. Good etiquette is that these do not send to mailing lists and do not ever send more than one message. Good security practice, at least in some organizations, means configuring the system so OOO messages are only sent to colleagues from the same organization or on a shortlist of partner organizations, and/or ensuring that people do not give away potentially sensitive information about their whereabouts, personal contact details and so forth that might well be useful for a social engineering attack.

P

Security Policy

A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources.

See WhatIsSecurityPolicy and SecurityPolicy for more info

Poutine

A distintive and unique Quebec food. See http://www.members.shaw.ca/kcic1/poutine.html. Poutine is one of the running jokes on the CISSPForum  on YahooGroups.

Q

R

S

T

Terminal

One of those words that changes meaning with context.

• In Hospitals: a euphenism for "going to die"
  Computers don't 'die', they 'crash'
• In the Trucking industry: that big building the trucks hover around
  People seem to hover around computer terminals as well
• In IT: a workstation or computer, or, in some cases, a notebook

Trust (information systems usage)

The extent to which someone who relies on a system can have confidence that the system meets its specifications, i.e., that the system does what it claims to do and does not perform unwanted functions.

Trust (common parlance)

Confidence that another party will behave responsibly, ethically, correctly etc., and will not act against the first party's interests. Trust is a fragile construct - difficult and slow to build but easily destroyed in an instant.

U

V

W

X

Y

YahooGroups

A mailing list hosting service. See http://groups.yahoo.com/group/.
Orignally this was E-Groups but was bought out by Yahoo.

Z

Jump to: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Other information security-related glossaries

• RSA's Information Security Glossary 
• Rob Slade's glossary of communications, computer, data and information security terms 
• Softsecurity's infosec glossary 
• RFC2828 Internet Security Glossary