| < Day Day Up > |
|
In the business world, everyone has different ideas relative to the meaning of terms, so here is a small glossary that will make sure we are on the same page of music.
The expected loss, expressed in money units, for a given asset as a result of a given threat.
Calculated frequency of a threat expressed in fractions of a whole.
Something of value, divided into one of three pillars: personnel, data, and physical facilities. Assets include tangible (hardware) and intangible (intellectual property) items.
The total replacement value of an asset.
An attempt, successful or not, to gain access to a computer system by bypassing security controls.
People using technical or social means to gain access to facilities, employees, or systems.
Access privileges granted to a user, process, or program.
Exact copies of files and programs to facilitate recovery.
A notice appearing as users gain access to facilities or systems advising they may be monitored.
Basic input/output system.
Short-speak for robot; a script or program that runs automatically.
Assets needed to assure continuing profitability of operations.
Is the cost of the safeguard worth more than the value of the asset? Essentially defined as the "biggest bang for the buck."
Demilitarized zone; used in establishing a buffer zone between the organization's interior network, usually protected by a firewall, and the exterior open-ended network, such as the Internet.
The amount of anticipated asset loss attributable to a given threat. Usually expressed in a percent value.
Electronic Communications Privacy Act, Title 18, United States Code, Sections 2701-2711.
Assets required assuring profitability. What does the organization really need to continue profitably?
Fear, uncertainty, doubt.
Size of the units under consideration.
Person using technical or social means to gain access to facilities, employees, or systems; an attacker.
Mathematical procedure easily computed, but the calculation of its reverse is infeasible. A one-way hash function produces a mathematical product of a file resulting in a fingerprint of that file.
Any device on a network; same as node.
Software capable of performing unauthorized functions on a computer system.
An obscene item recognized by most children, yet not clearly defined by some of our great legal minds.
Process expressed in the experience of the evaluators.
Process measured in numeric terms.
The probability of something harmful happening to assets.
The process of identifying assets, threats, and vulnerabilities and contrasting with safeguards. There are two means of risk analysis: quantitative and qualitative.
A narrative and tables reflecting critical assets, threats, vulnerabilities, cost/benefit analyses, and recovery program.
Person logged on has complete system privileges, same as administrator; possesses the system's crown jewels.
Protective measures, the purpose of which is to ensure assets are available to meet business profitability requirements.
This expression is the value (V) of the asset multiplied by the exposure factor expressed as a percent (E): E×× V = SLE.
Unsolicited, unwanted e-mail.
Combination of many elements, human resources, data, physical facilities, the objective of which is to achieve profitability.
Hidden mechanism circumventing access and security controls; same as back door.
A piece of software that mimics a valid function but whose purpose is to cause damage.
Event causing potential harm to an asset.
A weakness that can be exploited by a threat.
Following is a list of commonly used abbreviations:
AES Advanced Encryption Standard
ASCII American Standard Code for Information Interchange
BIOS basic input/output system
CA certification (or certificate) authority
CCIPS Computer Crime and Intellectual Property Section (Criminal Division, U.S. Department of Justice)
CPU central processing unit
CTC Computer and Telecommunications Communicator (U.S. Attorney's Office)
DES Data Encryption Standard
DNS Domain Name System (or Service)
DoJ Department of Justice
ESN electronic serial number
FBI Federal Bureau of Investigation
FRR false rejection rate
FTP file transfer protocol
Gb gigabyte
hex hexadecimal
HTML Hypertext Markup Language
HTTP Hypertext Transfer Protocol
IDEA International Data Encryption Algorithm
IM instant messenger
IP Internet Protocol
IRC Internet relay chat (or channel)
ISDN Integrated Services Digital Network
ISO International Standards Organization
ISP Internet service provider
kbps kilobits per second
KBps kilobytes per second
LAN local area network
mbps megabits per second
MBps megabytes per second
MIME Multipurpose Internet Mail Extensions
MoA/MoU memorandum of agreement/memorandum of understanding
NNTP Network News Transfer Protocol
PBX private branch exchange
PCMCIA Personal Computer Memory Card International Association
PDA personal digital assistant
PGP Pretty Good Privacy
PIN personal identification number
Ping Packet Internet Groper
PKI public key infrastructure
RA registration authority
RFC request for comments
ROM read-only memory
RSA encryption Rivest-Shamir-Adleman encryption
TCP Transmission Control Protocol
TCP/IP Transmission Control Protocol/Internet Protocol
TLD top-level domain
TTL time-to-live
URI Universal Resource Identifier
URL Uniform Resource Locator
WAN wide area network
WWW World Wide Web
| < Day Day Up > |
|