Security Dictionary

I'm in the process of consolidating frequently used security terms in Security Checks Matter Security Dictionary, and providing simple definitions for non-security professionals to understand.

Acceptable Risk: Degree of human and material loss that is perceived as tolerable in action to minimize risk.

Access: The ability and opportunity to obtain knowledge of classified information. (CDSE Insider Threat)

Access Control: A procedure to limit access to authorized personnel. Process of managing databases or other records, and determining the parameters of authorized entry, such as who or what will be granted access, when they may enter, and where access will occur. In the information system, access to resources is limited to only authorized users, programs, processes, or systems.

Access Control Measure: hardware and software features, physical controls, operating procedures, administrative procedures, and various combinations of these designed to detect or prevent unauthorized access to protected information, facilities, or materials, and to enforce utilization of these measures to protect.

Access Evaluation: The process of reviewing the security qualifications of employees.

Access Roster: A database or listing of authorized individuals permitted to access the restricted area or protected information.

Acoustical Intelligence: Intelligence information derived from the collection and analysis of acoustical phenomena.

Agroterrorism: The deliberate introduction of a chemical or a disease agent into the food chain for the purpose of undermining stability and generating fear.

All-Hazards: A risk management approach for prevention , protection, preparedness, response, and recovery that considers the likelihood and consequences of a full range of threats and hazards, including terrorist attacks, natural and manmade disasters,  industrial hazards, and other emergencies.

Asset: Any resource - person, facility, equipment - the organization owns.

Authenticate: To verify the true identity of the individual or entity requesting access.

Back Door: Hidden software or hardware mechanism used to circumvent security controls. Synonymous with trap door.

Biometrics: Automated methods of authenticating or verifying an individual based upon a physical or behavioral characteristic.

Bioterrorism: The deliberate release of viruses, bacteria, or other germs (agents) used to cause illness or death in people, animals, or plants in order to cause general panic and undermining stability.

Classified information: Information that has been determine pursuant to EO 13526, or any successor order, EO 12951, or any successor order, or the Atomic Energy Act of 1954 (42 U.S.C. 2011), to require protection against unauthorized disclosure and that is marked to indicate its classified status when in documentary form.

Cleared Employee: A person who has been vetted and granted access.

Compromise: Unauthorized disclosure of information or data to unauthorized persons. Within a computer network, compromise is a security policy violation in which, modification, destruction, or loss of an object may have occurred.

Computer Security Act: The Computer Security Act of 1987, Public Law (PL) No. 100-235 (H.R. 145), was enacted by Congress on January 8, 1988 to improve the security and privacy of sensitive information in Federal computer systems and to establish a minimum acceptable security practices for such systems. The act requires the creation of computer security plans and the appropriate training of system users or owners where the systems house sensitive information. This act was superseded by the Federal Information Security Management Act (FISMA) of 2002.

Confidentiality: As assurance that information is not disclosed to unauthorized entities or processes.

Contingency Plan: Plan maintained for emergency response, backup operations, and post-disaster recovery of critical assets to continue mission.

Controlled Building/Facility: A building or facility that restricts access and controls entry for only authorized individuals for security reasons.

Countermeasure: Measure taken to counter a threat or reduce a risk. Countermeasures can be procedural, involve equipment, or other structural item.

Courier: An authorized employee whose principal duty is to transmit sensitive information to its destination.

Credit Check: Information provided by credit bureaus or other reporting services to the credit history of the subject of the background investigation.

Data Aggregation: The compilation of separate innocuous bits of information that creates sensitive document/file.

Data Mining: The analysis of data for relationships that have not previously been discovered.

Deterrence: Discouraging an adversary from attempting an attacks by giving the illusion that a successful attack would be very difficult or impossible.

Derogatory Information: Information that could adversely reflect on a person's character, trustworthiness, loyalty, or reliability, for example, a history of drug abuse or criminal activity. Information that is unrelated to character, such as foreign connections while of adjudicative significance, is not derogatory  information. Generally, derogatory information is characterized as minor or significant.

Disgruntled Employee:  An extremely dissatisfied employee that could potentially be an insider threat.

Electronic Security (ELSEC): Protection resulting from measures designed to deny unauthorized persons information derived from the interception and analysis of non-communications electromagnetic radiations.

Electronic Surveillance: Acquisition of a non-public communication by electronic means without the consent of a person who is a party to an electronic communication or, in the case of a person who is visibly present at the place of communication, but not including the use of radio direction-finding equipment solely to determine the location of the transmitter. Electronic surveillance may involve consensual interception of electronic communication and the use of tagging, tracking, and location devices.

Inadvertent disclosure: Type of incident involving accidental exposure of information to a person not authorized access.

Insider: Any person with authorized access to organization resources to include personnel, facilities, information, equipment, networks, or systems.

Insider Threat: The threat that an insider will use their authorized access, wittingly or unwittingly, to do harm. The threat can include damage through espionage, terrorism, unauthorized disclosure of sensitive information, or through the loss or degradation of departmental resources or capabilities.

Intrusion Detection System (IDS): A security alarm system to detect unauthorized entry.

Malicious applets: Small application programs automatically downloaded and executed that perform an unauthorized function on an information system.

Need-to-know: The necessity for access to, or knowledge or possession of, specific information required to carry out official duties. The holder of the information must make the determination whether or not the prospective recipient requires the information to fulfill required duties.

Operations Security (OPSEC): Process of identifying critical information and subsequently analyzing friendly actions attendant to military operations and other activities to: (a) identify those actions that can be observed by adversary intelligence systems; (b) determine indicators adversary intelligence systems might obtain that could b interpreted or pieced together to derive critical information in time to be useful to adversaries; and (c) select and execute measures that eliminate or reduce to an acceptable level the vulnerabilities of friendly actions to adversary exploitation. The OPSEC analytical process involves identification of critical information, analysis of threats, analysis of vulnerabilities, assessment of risks, and application of appropriate countermeasures.

OPSEC Process: The Operations Security (OPSEC) process is an analytical, risk-based process that incorporates five distinct elements:
  • identifying critical information
  • analyzing threats
  • analyzing vulnerabilities
  • assessing risks; and
  • applying countermeasures
The OPSEC process examines a complete activity to determine what, if any, exploitable evidence of sensitive activity may be acquired by potential adversaries.

Pass Phrase: Sequence of characters longer than the acceptable length of a password that is transformed by a password system into a virtual password of acceptable length.

Password: Protected or private character string used to authenticate an identity or to authorize access to data.

Physical Security (PHYSEC): The application of physical barriers and control procedures as countermeasures against threats to resources and sensitive information. The security discipline uses the concepts of deter, detect, delay, and respond to physically protect assets.

Plain text: unencrypted information.

Protective Measures: Those actions, procedures, or designs implemented to safeguard protected information.

Restricted Area: A controlled access area established to safeguard sensitive assets/information.

Risk: A measure of the potential degree to which protected information is subject to loss through adversary exploitation.

Risk Analysis: A method by which individual vulnerabilities are compared to perceived or actual security threat scenarios in order to determine the likelihood of compromise of critical information.

Risk Avoidance: A security philosophy which postulates that adversaries are all-knowing and highly competent, against which risks are avoided by maximizing defenses and minimizing vulnerabilities.

Risk Management: The comparison and analysis of the relative threat (intent and capability to collect the information); the vulnerability of the asset; the cost and administrative burden of possible countermeasures; and the value of the asset used to determine the appropriate level of protection to control and reduce the risk of compromise or disclosure to acceptable levels. Risk management allows the acceptance of risk in the security process based upon a cost-benefit analysis.

Sabotage: An act or acts with the intent to injure or interfere with, or obstruct operations by willfully injuring, destroying, or attempting to destroy any material, premises, or utilities to include human or natural resources.

Security: A condition that results from the establishment and maintenance of protective measures that enable an organization to perform its mission or critical functions despite risks posed by threats. Protective measures may involve a combination of deterrence, avoidance, prevention, detection, recovery, and correction that should form part of the enterprise's risk management approach.

Sniffer: Software tool for auditing and identifying network traffic packets.

Spoofing: Trying to impersonate online legitimate identification.

TEMPEST: Short name referring to investigation, study, and control of compromising emanations from electronic equipment.

TRASHINT: Short for trash intelligence. It is the information collected from items thrown away, typically in the trash or recycling bin. Also referred to as dumpster diving.

References:
Blanchard, B.W. (2007 October 25). Dictionary of emergency management and related terms, efinitions and acronyms. Homeland Security Digital Library (HSDL). Retrieved from https://www.hsdl.org/?view&did=480596 

Center for Development of Security Excellence (n.d.) Insider threat awarenss: Glossary. Defense Security Service. Retrieved (2014 August 5) from http://cdsetrain.dtic.mil/itawareness/common/cw/data/glossary.pdf 

Garcia, M. (2008). The design and evaluation of physical protection systems, 2nd ed. Burlington, MA: Butterworth-Heinemann.

National Security Agency (2000 September). National Information System Security (INFOSEC) glossary. Retrieved from http://www.dtic.mil/docs/citations/ADA433929

No comments:

Post a Comment