Terms

A set of security services that cooperate with audit service to detect and react to indications of threat actions, including both inside and outside attacks. (See: indicator.)

A characteristic or distinctive pattern that can be searched for or that can be used in matching to previously identified attacks.

The set of ways in which an adversary can enter a system and potentially cause damage.

A branching, hierarchical data structure that represents a set of potential approaches to achieving an event in which system security is penetrated or compromised in a specified way. [Moor]

Information of a particular type concerning an identifiable system entity or object. An "attribute type" is the component of an attribute that indicates the class of information given by the attribute; and an "attribute value" is a particular instance of the class of information indicated by an attribute type. (See: attribute certificate.)

A CA that issues attribute certificates.

A digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public key certificate. (See: capability token.)

An adversary can leverage a computer's peripheral devices (e.g., microphones and webcams) or applications (e.g., voice and video call services) to capture audio recordings for the purpose of listening into sensitive conversations to gather information.(Citation: ESET Attor Oct 2019)

Synonym for "security audit trail".

A security service that records information needed to establish accountability for system events and for the actions of system entities that cause them. (See: security audit.)

See: security audit trail.

Verify (i.e., establish the truth of) an attribute value claimed by or for a system entity or system resource. (See: authentication, validate vs. verify, "relationship between data integrity service and authentication services" under "data integrity service".)

Authentication is the process of verifying the identity of a user, device, or system before granting access.

Synonym for a checksum based on cryptography. (Compare: Data Authentication Code, Message Authentication Code.)

A mechanism to verify the identity of an entity by means of information exchange.

An Internet protocol [R2402, R4302] designed to provide connectionless data integrity service and connectionless data origin authentication service for IP datagrams, and (optionally) to provide partial sequence integrity and protection against replay attacks. (See: IPsec. Compare: ESP.)

Information used to verify an identity claimed by or for an entity. (See: authentication, credential, user. Compare: identification information.)

A security service that verifies an identity claimed by or for an entity. (See: authentication.)

A property achieved through cryptographic methods of being genuine and being able to be verified and trusted, resulting in confidence in the validity of a transmission, information or a message, or sender of information or a message.

"An entity [that is] responsible for the issuance of certificates." [X509]

"A certificate issued to an authority (e.g. either to a certification authority or to an attribute authority)." [X509] (See: authority.)

The private extension defined by PKIX for X.509 certificates to indicate "how to access CA information and services for the issuer of the certificate in which the extension appears. Information and services may include on line validation services and CA policy data." [R3280] (See: private extension.)

Authorization is the process of determining what an authenticated principal is permitted to do.

See: /access control/ under "credential".

Grant an authorization to a system entity.

A system entity that accesses a system resource for which the entity has received an authorization. (Compare: insider, outsider, unauthorized user.)

Adversaries may automate collection of industrial environment information using tools or scripts. This automated collection may leverage native control protocols and tools available in the control systems environment. For example, the OPC protocol may be used to enumerate and gather information. Access to a system or interface with these native protocols may allow collection and enumeration of other attached, communicating servers and devices.

Adversaries may leverage AutoRun functionality or scripts to execute malicious code. Devices configured to enable AutoRun functionality or legacy operating systems may be susceptible to abuse of these features to run malicious code stored on various forms of removeable media (i.e., USB, Disk Images [.ISO]). Commonly, AutoRun or AutoPlay are disabled in many operating systems configurations to mitigate against this technique. If a device is configured to enable AutoRun or AutoPlay, adversaries may execute code on the device by mounting the removable media to the device, either through physical or virtual means. This may be especially relevant for virtual machine environments where disk images may be dynamically mapped to a guest system on a hypervisor.

Availability is the property that systems and data are accessible and usable when needed.

A security service that protects a system to ensure its availability.

See: secondary definition under "security".

a divides x.