Definitions

  • Policy - A method or plan of action to guide decisions. A policy can be used to provide a positive benefit such as increased interdepartmental communication or it can be used to avoid negative consequences such as virus infections.
  • Procedure - The word process and procedure are synonyms. The word process is normally used when describing a method used to do something. An example use is "What process is required to get this done?".
  • Process - The word procedure is normally used when describing a set of instructions for doing something. An example use is "John followed the server installation procedure."
  • Reliability - Reliable service and continued production of the business product(s).
  • Security - Confidentiality, integrity, and availability of data and services to authorized parties only.
  • Multi-factor authentication - Authentication can use three types of items which are:
    • Something the user knows.
    • Something the user has.
    • Something the user is.
    Multifactor authentication would use two or three of the above types of items.
  • Public key cryptography - A form of cryptography which uses both a publically available key and a key that is kept private. If data is encrypted with the public key, only the private key can be used to encrypt it. If the data is encrypted with a private key, the public key can be used to decrypt it.
  • Password - Passwords are a method of identifying a user using something they know. Passwords are normally 8 or more characters in length and to be secure may have minimum complexity rules requiring several types of characters to be used in the password such as lower case letters, upper case letters, numbers, and special characters.
  • Pass phrase - A pass phrase is used in much the same way as a password to identify users but is generally much longer and normally considered a more authentication mechanism than passwords since more characters would be harder to crack.
  • Biometrics - Biometrics is a possible method of user authentication that uses something that the user is to determine the user identity. This may include a retinal scan, fingerprint, or facial features.
  • Remote access - Access to a network or system from a long distance connection, normally from another city or area. The access method may be through a dial up line or through a connection that connects to the internet.
  • VPN - Virtual Private Networking is a method used to connect to organizational networks from remote locations primarily over a high speed connection such as DSL or cable modem. The VPN connection is encrypted.
  • Dial-in - The person requesting remote access dials in to a bank of modems and connects to the organizational network using a telephone line through a computer controlled bank of modems.
  • Dial back - When a person dials in to the bank of modems, the system dials the person back to establish the connection. This helps prevent fraud since only approved numbers may be dialed back.
  • Social engineering - A combination of techniques used to trick people into releasing information to unauthorized individuals or to trick people into performing an action which will allow an attacker to take over their computer or gain unauthorized physical access to resources.
  • Phishing - A fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card information by masquerading as a legitimate and trustworthy entity using electronic communication.
  • Spoofing - A person or machine masquerading as another in an attempt to fool a receiver.
  • Account management - The process of managing accounts to perform basic functions in a secure way. Account management includes account creation, account modification, account removal, and the process of resetting passwords.
  • Resource Managers - Managers who are in charge of resources such as servers, web sites, or domains that control access to resources such as files, email, or applications. These managers typically manage administrators of systems or applications.
  • Personnel Managers - All managers which have positions directly below them that they create position descriptions for.
  • Browser extension, Browser helper object (BHO), Plug-in - A software program that can be added to an internet browser which can add a function to the internet browser.
  • DMZ - The term DMZ is an acronym for demilitarized zone. The DMZ is a part of a network where servers that may be accessed by the public are normally placed. The DMZ is normally between the internet and the "trusted network" and is separated by a firewall from the internet and from the trusted part of the network. The DMZ is considered to be a semi-trusted network and is more secure than the internet but less secure than the trusted part of the network since the servers accessed by the public have a higher risk with a greater chance of security incidents.
  • Untrusted network - Any network that is not trusted by your organization and a firewall must exist between it and your organization's semi-trusted or trusted network. Any network not managed by your organization should not be trusted since you cannot guarantee the security of that network.
  • Semi-trusted network - Another name for DMZ.
  • Trusted network - A part of the network protected from the internet and any untrusted network using a firewall. It is also protected from the semi-trusted network using a firewall. Normally workstations and servers that hold data are kept in the trusted network although there is good reason to keep the servers with sensitive data protected from the "trusted network" considering the state of security on many networks.
  • Bandwidth - Indicates the amount of data that can be sent in a specific time period. The more data that can be sent in a set period of time, the higher the bandwidth. Bandwidth for networking is commonly measured in Mbps which is one million bits per second.
  • Permanent Virtual Circuit (PVC) - A networking connection that connects two or more end points and appears as a fixed line from the end points but is a logical connection. Circuitry between the end points routes the data and the circuit may send data through various paths. Frame relay is an example of a permanent virtual circuit.
  • Frame Relay (F/R) - Frame Relay is a communications service which establishes a permanent virtual circuit (PVC) between two points on the network. Frame relay uses frames of varying length and it operates at the data link layer of the OSI model. The route the frames take through the network may change and is determined by the provider of the frame relay service. The frame relay customer pays charges based on usage. Frame relay error checking is handled by devices at both sides of the connection. Frame relay speed is between 56Kbps and 1.544Mbps.
  • Committed Information Rate (CIR) - A telecommunications term describing the bandwidth (expressed in bits per second) associated with the rate at which a network line or virtual circuit supports data transfer. The committed information rate describes the commitment of a carrier to provide a specified throughput to the subscriber. The bandwidth may have limitations of maximum burst rates, overall bandwidth in a given period of time, or other limitations.
  • Indefeasible Right of Use (IRU) - A telecommunications term describing the right to temporarily use (during the lease period) a designated amount of communications capacity of a specific telecommunications line or lines. IRUs are purchased in terms of bandwidth.
  • WAN - A Wide Area Network (WAN) is larger than a MAN and may be an enterprise network or a global network. A WAN spans a large geographical and normally will link two or more LANs together. A WAN will normally use leased lines or a public network to conect LANs or MANs.
  • Encryption - The conversion of data or information from a normal readable format, known as plaintext, into a format that is not readable, known as ciphertext. Ciphertext must be converted back to plaintext to be read and the person who converts it back normally needs to know the secret key.
  • Mobile Device - A mobile device is a device that can be easily carried from location to location.
  • Portable Media - A device that can store information and is easily transported.
  • Sensitive Data or Information - Information which may have restricted access, the disclosure of which could have adverse consequences to the organization or to one or more individuals.
  • Commercial Software - Also known as proprietary software, it is normally accompanied by a licensing agreement which is the terms of use for the software required by the manufacturer.
  • Shareware - Freely distributed software which can be used for a trial period after which the user is expected to make payment or meet terms of the license if they continue its use.
  • Freeware - Software which does not require payment but some terms of use may exist such as Open Source licensing.
  • Copyright - A legal protection against reproduction of created work without permission from the creator.
  • Software License Agreement - A legal contract between a software application creator or manufacturer and the software user.
  • Intellectual Property - Includes copyrights to software code, documents from works of art to technical documentation, and patentable ideas. Intellectual property is the intangable element to inventions and the methods used to document, create tools, create art and other items.
  • Virus - Malicious software that spreads by attaching itself to files or creating files that may be executed in some way. Usually a computer virus is sent to users as an email attachment. A computer virus may require a computer software vulnerability to spread depending on the type of program the virus uses to spread. A computer virus runs on a system against the owner's or user's wishes and knowledge. The computer virus may alter data and files on the infected computer. Computer viruses normally attack at the application layer.
  • Backup - The saving of files onto magnetic tape or other offline mass storage media for the purpose of preventing loss of data in the event of equipment failure or destruction.
  • Archive - The saving of old or unused files onto magnetic tape or other offline mass storage media for the purpose of releasing on-line storage room.
  • Restore - The process of bringing off line storage data back from the offline media and putting it on an online storage system such as a file server.
  • Backup - The saving of files onto magnetic tape or other offline mass storage media for the purpose of preventing loss of data in the event of equipment failure or destruction.
  • Archive - The saving of old or unused files onto magnetic tape or other offline mass storage media for the purpose of releasing on-line storage room.
  • Restore - The process of bringing off line storage data back from the offline media and putting it on an online storage system such as a file server.
  • Data - The term data refers to information but is typically used to describe information stored or transmitted in electronic format.
  • Information - The term information refers to knowledge which may be stored in any form, whether printed or in electronic form. Information includes data but data does not include all information.
  • Confidential - Information to be kept secret or private and should not be shared with others unless required by a business function and with authorization.
  • Sensitive - Information, which when released can cause an irritation or problem for one or more individuals or organizations.
  • Private - Information which belongs to an individual or organization and is not publically known.
  • Data owner - The person, organization, or department which either created the data or that the data describes such as name and address.
  • Data custodian - The person, organization, or department with posession of the data. Custodianship may be shared between the business staff and technical staff since business staff use the data and technical staff maintain the equipment that the data is stored on and take actions to keep the data available and secure.
  • Hazard - Something that can cause harm, injury, sickness, or loss to an individual or an organization.
  • Risk - The chance that a threat or hazard will have an undesirable outcome combined with the amount of harm that may occur.
  • Risk Assessment - An examination of all possible risk along with implemented and non-implemented solutions to reduce, eliminate, or manage the risk.
  • Threat - A potential incident or activity which may be deliberate, accidental, or caused by nature which may cause physical or financial harm to a person or organization.
  • Safeguard Options - Different sets of safeguards put in place to mitigate high risk threat scenarios.
  • Database Password - A password used to access a database.
  • Hash - A mathematical operation on a number or value intended as a one way function so the hash value is unique but the original value cannot be recreated.
  • Proprietary algorithm - An encryption algorithm that is kept private and is not made public.
  • Asymmetric encryption - Also known as public key/private key encryption, asymmetric encryption uses one key to encrypt the data and another key to decrypt the data.
  • Symmetric encryption - The same key is used to both encrypt the data and to decrypt the data.
  • Network based intrusion detection - Network based intrusion detection is a network device which looks at network traffic for suspicious patterns. When suspicious patterns in traffic are noticed, an administrator is notified automatically.
  • Host based intrusion detection - Intrusion detection software that operates on a serveror workstation similar to anti-virus software. The software looks for suspicious activity that may indicate that someone has attempted or has penetrated the security of the computer without authorization.