An IP protocol used to transmit diagnostic messages.
The means by which a user claims a specific, unproven identity to a system. See also Authentication.
The processes and procedures that support the life cycle of identities of persons in an organization.
Internet Engineering Task Force.
The ability of users to infer or deduce information about data at a higher sensitivity level for which they are not authorized.
A link that allows inference to occur.
An artificial intelligence system that derives answers from a knowledge base.
The individual with day-to-day responsibility for protecting information assets.
A lattice-based model in which objects are assigned a security class and value and their direction of flow is controlled by a security policy.
The individual who decides who is allowed access to a file and what privileges are granted.
Initial electric power rush.
Safeguards the accuracy and completeness of information and processing methods and ensures that
Modifications to data aren’t made by unauthorized users or processes.
Unauthorized modifications to data aren’t made by authorized users or processes.
Data is internally and externally consistent; that is, a given input produces an expected output.
Includes patents, trademarks, copyrights, and trade secrets.
The worldwide, publicly accessible network that connects the networks of organizations.
An organization’s private network that is used to secure share information among the organization’s employees.
A hardware or software application that detects and reports on suspected network or host intrusions.
A hardware or software application that both detects and blocks suspected network or host intrusions.
The OSI layer 3 protocol that is the basis of the modern Internet.
An IETF open standard VPN protocol for secure communications over public IP-based networks.
A network packet-oriented protocol that is the basis for Novell Netware networks. IPX is analogous to IP.
A low-bandwidth communications protocol that operates over analog telecommunications voice lines.
Formal evaluation criteria that addresses confidentiality, integrity, and availability, and also evaluates an entire system.