A

Formal nomenclature for user action(s) not in accordance with organizational policy or law. Actions falling outside, or explicitly proscribed by, acceptable use policy.

A judicious and carefully considered assessment by the appropriate authority that a computing activity or network meets the minimum requirements of applicable security directives. The assessment should take into account the value of assets; threats and vulnerabilities; countermeasures; and operational requirements.

DoD nomenclature for documented standards and/or guidance on usage of information systems and networked assets.

The principle that individuals using a facility or a computer system must be identifiable. With accountability, violations or attempted violations of system security can be traced to individuals who can then be held responsible.

DoD parlance for the notion that information has been maintained and transferred in such a way as to be inviolate (the information has been protected from being modified or otherwise corrupted either maliciously or accidentally). Accuracy protects against forgery or tampering. Typically invoked as a synonym for integrity.

To subdue an adversary without killing him.

A form of attack in which data is actually modified, corrupted, or destroyed.

A device that serves as an interface between the system unit and a device attached to it, such as a SCSI Adapter. Often synonymous with expansion card or board. Can also refer to a special type of connector.

Full-featured advanced counter that is highly customizable allowing you to change digit formats, colors, time, and adjustable data counts.

This is a forensic term that describes, in general terms, data stored in nontraditional computer storage areas and formats. The term was coined in 1996 to help students understand computer-evidence-processing techniques that deal with evidence not stored in standard computer files, formats, and storage areas. The term is now widely used in the computer forensics community and it generally describes data stored in the Windows swap file, unallocated space, and file slack.

A label for the class of intrusion-detection tactics that seek to identify potential intrusion attempts by virtue of their being (presumably) sufficiently deviant (anomalous) in comparison with expected or authorized activities. Phrased another way, anomaly detection begins with a positive model of expected system operations and flags potential intrusions on the basis of their deviation (as particular events or actions) from this presumed norm.

Allows visitors to upload and/or download predetermined files from designated directories without usernames or passwords. For example, distribute your latest software package by allowing visitors to download it through anonymous FTP. This is different than a regular FTP account

Software that detects, repairs, cleans, or removes virus-infected files from a computer.

A more technical term for program.

One form of a firewall in which valid application-level data must be checked or confirmed before allowing a connection. In the case of an ftp connection, the application gateway appears as a ftp server to the client and a ftp client to the server.

Current DoD automated security tool that monitors network traffic, collects information on targeted unit networks, and detects unauthorized network activity.

A measure of confidence that the security features and architecture of an information system or network accurately reflect and enforce the given security policy.

Attacks that take advantage of dynamic system actions—especially by exploiting an ability to manipulate the timing of those actions.

With specific regard to IW—a specific formulation or execution of a plan to carry out a threat. An attempt to bypass security controls on a computer. An active attack alters data. A passive attack releases data. Whether an attack will succeed depends on the vulnerability of the computer system and the effectiveness of existing countermeasures.

Positively or negatively learned orientations toward something or someone that have a tendency to motivate an individual or group toward some behavior. Experienced soldiers, for example, have negative attitudes toward slovenliness.

In computer security systems, a chronological record of when users log-in, how long they are engaged in various activities, what they were doing, and whether any actual or attempted security violations occurred. An automated or manual set of chronological records of system activities that may enable the reconstruction and examination of a sequence of events and/or changes in an event.

Acronym for acceptable use policy.

Sends an automated e-mail response to incoming mail sent to a specific address. For instance, you can have your visitors send an e-mail to ‘info@yourdomain.com’ to get an e-mail explaining your latest product, or automatically reply to orders with a prewritten ‘thank you’ e-mail message.