NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

More documents

Recommendations

Info

NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Enterprise Risk Management – The methods and processes used by an enterprise to manage risks to its mission and to establish the trust necessary for the enterprise to support shared missions. It involves the identification of mission dependencies on enterprise capabilities, the identification and prioritization of risks due to defined threats, the implementation of countermeasures to provide both a static risk posture and an effective dynamic response to active threats; and it assesses enterprise performance against threats and adjusts countermeasures as necessary. SOURCE: CNSSI-4009 Enterprise Service – A set of one or more computer applications and middleware systems hosted on computer hardware that provides standard information systems capabilities to end users and hosted mission applications and services. SOURCE: CNSSI-4009 Entity – Either a subject (an active element that operates on information or the system state) or an object (a passive element that contains or receives information). SOURCE: SP 800-27 Entity – An active element in an open system. SOURCE: FIPS 188 Entity – Any participant in an authentication exchange; such a participant may be human or nonhuman, and may take the role of a claimant and/or verifier. SOURCE: FIPS 196 Entrapment – Deliberate planting of apparent flaws in an IS for the purpose of detecting attempted penetrations. SOURCE: CNSSI-4009 Entropy – A measure of the amount of uncertainty that an attacker faces to determine the value of a secret. SOURCE: SP 800-63 Environment – Aggregate of external procedures, conditions, and objects affecting the development, operation, and maintenance of an information system. SOURCE: FIPS 200; CNSSI-4009 Environment of Operation – The physical surroundings in which an information system processes, stores, and transmits information. SOURCE: SP 800-37; SP 800-53A Pg 70
NIST IR 7298 Revision 1, Glossary of Key Information Security Terms Ephemeral Key – A cryptographic key that is generated for each execution of a key establishment process and that meets other requirements of the key type (e.g., unique to each message or session). SOURCE: SP 800-57 Erasure – Process intended to render magnetically stored information irretrievable by normal means. SOURCE: CNSSI-4009 Error Detection Code – A code computed from data and comprised of redundant bits of information designed to detect, but not correct, unintentional changes in the data. SOURCE: FIPS 140-2; CNSSI-4009 Escrow – Something (e.g., a document, an encryption key) that is "delivered to a third person to be given to the grantee only upon the fulfillment of a condition." SOURCE: FIPS 185 Evaluation Products List (EPL) – List of validated products that have been successfully evaluated under the National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS). SOURCE: CNSSI-4009 Evaluation Assurance Level (EAL) – Set of assurance requirements that represent a point on the Common Criteria predefined assurance scale. SOURCE: CNSSI-4009 Event – Any observable occurrence in a network or system. SOURCE: SP 800-61 Any observable occurrence in a system and/or network. Events sometimes provide indication that an incident is occurring. SOURCE: CNSSI-4009 Examination – A technical review that makes the evidence visible and suitable for analysis; tests performed on the evidence to determine the presence or absence of specific data. SOURCE: SP 800-72 Pg 71
Page 2 and 3:
NIST IR 7298 Revision 1 Glossary of
Page 4 and 5:
NIST IR 7298 Revision 1, Glossary o
Page 6 and 7:
Page 8 and 9:
Page 10 and 11:
Page 12 and 13:
Page 14 and 15:
Page 16 and 17:
Page 18 and 19:
Page 20 and 21: NIST IR 7298 Revision 1, Glossary o
Page 120 and 121:
Page 122 and 123:
Page 124 and 125:
Page 126 and 127:
Page 128 and 129:
Page 130 and 131:
Page 132 and 133:
Page 134 and 135:
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
NIST IR 7298, Glossary of Key Infor
show all

NISTIR 7298 Revision 1, Glossary of Key Information Security Terms

Create successful ePaper yourself

Delete template?

Save as template?