Terms

A denial of service attack that sends a host more ICMP echo request ("ping") packets than the protocol implementation can handle. (See: flooding, smurf.)

A man made threat achieved through exploitation of the information and communications technology (ICT) system’s supply chain, including acquisition processes.

An act or process that presents an identifier to a system so that the system can recognize a system entity and distinguish it from other entities. (See: authentication.)

Synonym for "identifier"; synonym for "authentication information". (See: authentication, identifying information.)

A client server Internet protocol [R1413] for learning the identity of a user of a particular TCP connection.

A data object often, a printable, non blank character string that definitively represents a specific identity of a system entity, distinguishing that identity from all others. (Compare: identity.)

See: /authentication/ under "credential".

Synonym for "identifier"; synonym for "authentication information". (See: authentication, identification information.)

The collective aspect of a set of attribute values (i.e., a set of characteristics) by which a system user or other system entity is recognizable or known. (See: authenticate, registration. Compare: identifier.)

The methods and processes used to manage subjects and their authentication and authorizations to access specific objects.

"A security policy based on the identities and/or attributes of users, a group of users, or entities acting on behalf of the users and the resources/objects being accessed." [I7498 2] (See: rule based security policy.)

A process that vets and verifies the information that is used to establish the identity of a system entity. (See: registration.)

An IEEE committee developing security standards for LANs. (See: SILS.)

An IEEE working group, Standard for Public Key Cryptography, engaged in developing a comprehensive reference standard for asymmetric cryptography. Covers discrete logarithm (e.g., DSA), elliptic curve, and integer factorization (e.g., RSA); and covers key agreement, digital signature, and encryption.

An IMAP4 command (better described as a transaction type, or subprotocol) by which an IMAP4 client optionally proposes a mechanism to an IMAP4 server to authenticate the client to the server and provide other security services. (See: POP3.)

Adversaries may maliciously modify components of a victim environment in order to hinder or disable defensive mechanisms. This not only involves impairing preventative defenses, such as anti virus, but also detection capabilities that defenders can use to audit activity and identify malicious behavior. This may span both native defenses as well as supplemental capabilities installed by users or mobile endpoint administrators.

Adversaries may exploit the lack of authentication in signaling system network nodes to track the location of mobile devices by impersonating a node.(Citation: Engel SS7)(Citation: Engel SS7 2008)(Citation: 3GPP Security)(Citation: Positive SS7)(Citation: CSRIC5 WG10 FinalReport)

An attack type targeted phishing attack where a malicious actor pretends to be someone else or other entities to steal sensitive data

Cannot be done in any reasonable amount of time. (See: break, brute force, strength, work factor.)

A methodology, language, and integrated set of software tools developed at the System Development Corporation for specifying, coding, and verifying software to produce correct and reliable programs. Usage: a.k.a. the Formal Development Methodology. [Cheh]

A type of threat action that prevents or interrupts system operation by disabling a system component. (See: disruption.)

An occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences.

The management and coordination of activities associated with an actual or potential occurrence of an event that may result in adverse consequences to information or information systems.

The activities that address the short term, direct effects of an incident and may also support short term recovery.

A set of predetermined and documented procedures to detect and respond to a cyber incident.

An occurrence or sign that an incident may have occurred or may be in progress.

Adversaries may delete, alter, or hide generated artifacts on a device, including files, jailbreak status, or the malicious application itself. These actions may interfere with event collection, reporting, or other notifications used to detect intrusion activity. This may compromise the integrity of mobile security solutions by causing notable events or information to go unreported.

See: secondary definition under "attack". Compare: direct attack.

In X.509, a CRL that may contain certificate revocation notifications for certificates issued by CAs other than the issuer (i.e., signer) of the ICRL.

An attribute of an encryption algorithm that is a formalization of the notion that the encryption of some string is indistinguishable from the encryption of an equal length string of nonsense. (Compare: semantic security.)

An information system used to control industrial processes such as manufacturing, product handling, production, and distribution or to control infrastructure assets.

A type of threat action that reasons from characteristics or byproducts of communication and thereby indirectly accesses sensitive data, but not necessarily the data contained in the communication. (See: traffic analysis, signal analysis.)

Protection of data confidentiality against inference attack. (See: traffic flow confidentiality.)

a high speed, low latency interconnect standard used in high performance computing (HPC), supercomputers, and AI data centers

Expressed in natural language. [CCIB] (Compare: formal, semiformal.)

Facts and ideas, which can be represented (encoded) as various forms of data.

Any information technology, equipment, or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information.

The measures that protect and defend information and information systems by ensuring their availability, integrity, and confidentiality.

In the NICE Framework, cybersecurity work where a person: Oversees, evaluates, and supports the documentation, validation, and accreditation processes necessary to assure that new IT systems meet the organization's information assurance and security requirements; ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.

A publicly available document [IATF], developed through a collaborative effort by organizations in the U.S. Government and industry, and issued by NSA. Intended for security managers and system security engineers as a tutorial and reference document about security problems in information systems and networks, to improve awareness of tradeoffs among available technology solutions and of desired characteristics of security approaches for particular problems. (See: ISO 17799, [SP14].)

See: secondary definition under "domain".

See: secondary definition under "domain".

A triple consisting of a set of security levels (or their equivalent security labels), a binary operator that maps each pair of security levels into a security level, and a binary relation on the set that selects a set of pairs of levels such that information is permitted to flow from an object of the first level to an object of the second level. (See: flow control, lattice model.)

A comprehensive defense posture and response based on the status of information systems, military operations, and intelligence assessments of adversary capabilities and intent. (See: threat)

Measures that implement and assure security services in information systems, including in computer systems (see: COMPUSEC) and in communication systems (see: COMSEC).

An aggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information.

An exchange of data, information, and/or knowledge to manage risks or respond to incidents.

An organized assembly of computing and communication resources and procedures i.e., equipment and services, together with their supporting infrastructure, facilities, and personnel that create, collect, record, process, store, transport, retrieve, display, disseminate, control, or dispose of information to accomplish a specified set of functions. (See: system entity, system resource. Compare: computer platform.)

The ability of an information system to: (1) continue to operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (2) recover effectively in a timely manner.

In the NICE Framework, cybersecurity work where a person: Oversees the information assurance program of an information system in or outside the network environment; may include procurement duties (e.g., Information Systems Security Office