تدريب ومعارف -
مصطلحات امن المعلومات (1)

An entity responsible for monitoring and granting access privileges for other authorized entities.

The process of granting or denying specific requests:

1) for obtaining and using information and related information processing services; and

2) to enter specific physical facilities (e.g., Federal buildings, military establishments, and border crossing entrances).

The official management decision given by a senior agency official to authorize operation of an system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls.

All components of an information system to be accredited by an authorizing official and excludes separately accredited systems, to which the information system is connected.

The evidence provided to the authorizing official to be used in the security accreditation decision process. Evidence includes, but is not limited to:

1) the system security plan;

2) the assessment results from the security certification; and

3) the plan of action and milestones.

Official with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals.

A specific sequence of events indicative of an unauthorized access attempt.

An entity, recognized by the Federal Public Key Infrastructure (PKI) Policy Authority or comparable Agency body as having the authority to verify the association of attributes to an identity.

Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures, and to recommend necessary changes in controls, policies, or procedures

Chronological record of system activities to enable the reconstruction and examination of the sequence of events and changes in an event.

Preprocessors designed to reduce the volume of audit records to facilitate manual review. Before a security review, these tools can remove many audit records known to have little security significance. These tools generally remove records generated by specified classes of events, such as records generated by nightly backups.

A record showing who has accessed an Information Technology (IT) system and what operations the user has performed during a given period.

To confirm the identity of an entity when that identity is presented.

Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system. The process of establishing confidence of authenticity. Encompasses identity verification, message origin authentication, and message content authentication. A process that establishes the origin of information or determines an entity’s identity.

A cryptographic checksum based on an approved security function (also known as a Message Authentication Code (MAC)).

The process of establishing confidence in user identities electronically presented to an information system.

Hardware or software-based mechanisms that force users to prove their identity before accessing data on a device.

A block cipher mode of operation that can provide assurance of the authenticity and, therefore, the integrity of data.

A well specified message exchange process that verifies possession of a token to remotely authenticate a claimant. Some authentication protocols also generate cryptographic keys that are used to protect an entire session, so that the data transferred in the session is cryptographically protected.

A pair of bit strings associated to data to provide assurance of its authenticity.

Authentication information conveyed during an authentication exchange.

The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator.

The official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls.

Official with the authority to formally assume responsibility for operating an information system at an acceptable level of risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals. Synonymous with Accreditation Authority.

Individual selected by an authorizing official to act on their behalf in coordinating and carrying out the necessary activities required during the security certification and accreditation of an information system.

The transport of cryptographic keys, usually in encrypted form, using electronic means such as a computer network (e.g., key transport/agreement protocols).

An algorithm which creates random passwords that have no association with a particular user.

Ensuring timely and reliable access to and use of information.

Activities which seek to focus an individual’s attention on an (information security) issue or set of issues.

A copy of files and programs made to facilitate recovery if necessary.

The minimum security controls required for safeguarding an IT system based on its identified needs for confidentiality, integrity and/or availability protection.

Monitoring resources to determine typical utilization patterns so that significant deviations can be detected.

A bastion host is typically a firewall implemented on top of an operating system that has been specially configured and hardened to be resistant to attack.

What an individual who has completed the specific training module is expected to be able to accomplish in terms of IT security-related job performance.

Process of associating two related elements of information. An acknowledgement by a trusted third party that associates an entity’s identity with its public key. This may take place through

(1) a certification authority’s generation of a public key certificate,

(2) a security officer’s verification of an entity’s credentials and placement of the entity’s public key and identifier in a secure database, or

(3) an analogous method.

A physical or behavioral characteristic of a human being. A measurable, physical characteristic or personal behavioral trait used to recognize the identity, or verify the claimed identity, of an applicant. Facial images, fingerprints, and handwriting samples are all examples of biometrics.

The stored electronic information pertaining to a biometric. This information can be in terms of raw or compressed pixels or in terms of some characteristic (e.g. patterns.)

An automated system capable of:

1) capturing a biometric sample from an end user;

2) extracting biometric data from that sample;

3) comparing the biometric data with that contained in one or more reference templates;

4) deciding how well they match; and

5) indicating whether or not an identification or verification of identity has been achieved.

A characteristic of biometric information (e.g. minutiae or patterns.)

Malicious code that uses multiple methods to spread.

Sequence of binary bits that comprise the input, output, State, and Round Key. The length of a sequence is the number of bits it contains. Blocks are also interpreted as arrays of bytes.

A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm, the length of the input block is the same as the length of the output block.

A family of functions and their inverses that is parameterized by a cryptographic key; the function maps bit strings of a fixed length to bit strings of the same length.

A virus that plants itself in a system’s boot sector and infects the master boot record.

Monitoring and control of communications at the external boundary between information systems completely under the management and control of the organization and information systems not completely under the management and control of the organization, and at key internal boundaries between information systems completely under the management and control of the organization, to prevent and detect malicious and other unauthorized communication, employing controlled interfaces (e.g., proxies, gateways, routers, firewalls, encrypted tunnels).

A boundary router is located at the organizations boundary to an external network.

A method of accessing an obstructed device through attempting multiple combinations of numeric and/or alphanumeric passwords.

A condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information. Attackers exploit such a condition to crash a system or to insert specially crafted code that allows them to gain control of the system.

A method of overloading a predefined amount of space in a buffer, which can potentially overwrite and corrupt data in memory.

The documentation of a predetermined set of instructions or procedures that describe how an organization’s business functions will be sustained during and after a significant disruption.

An analysis of an information technology (IT) system’s requirements, processes, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption.

The documentation of a predetermined set of instructions or procedures that describe how business processes will be restored after a significant disruption has occurred.

The method of taking a biometric sample from an end user.

An individual possessing an issued Personal Identity Verification (PIV) card.

A digital representation of information which at least

1) identifies the certification authority issuing it,

2) names or identifies its subscriber,

3) contains the subscriber's public key,

4) identifies its operational period, and

5) is digitally signed by the certification authority issuing it. A set of data that uniquely identifies an entity, contains the entity’s public key and possibly other information, and is digitally signed by a trusted party, thereby binding the public key to the entity. Additional information in the certificate could specify how the key is used and its cryptoperiod.

A Certificate Policy is a specialized form of administrative policy tuned to electronic transactions performed during certificate management. A Certificate Policy addresses all aspects associated with the generation, production, distribution, accounting, compromise recovery and administration of digital certificates. Indirectly, a certificate policy can also govern the transactions conducted using a communications system protected by a certificate-based security system. By controlling certificate extensions, such policies and associated enforcement technology can support provision of the security services required by particular applications.

A Certification Authority (CA) or a Registration Authority (RA).

Information, such as a subscriber's postal address, that is not included in a certificate. May be used by a Certification Authority (CA) managing certificates.

A list of revoked public key certificates created and digitally signed by a Certification Authority.

A trusted entity that provides on-line verification to a Relying Party of a subject certificate's trustworthiness, and may also provide additional attribute information for the subject certificate.

A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.

The individual, group, or organization responsible for conducting a security certification.

A trusted entity that issues and revokes public key certificates. The entity in a public key infrastructure (PKI) that is responsible for issuing certificates and exacting compliance to a PKI policy.

The collection of equipment, personnel, procedures and structures that are used by a Certification Authority to perform certificate issuance and revocation.

A statement of the practices that a Certification Authority employs in issuing, suspending, revoking and renewing certificates and providing access to them, in accordance with specific requirements (i.e., requirements specified in this Certificate Policy, or requirements specified in a contract for services).

A process that tracks the movement of evidence through its collection, safeguarding, and analysis lifecycle by documenting each person who handled the evidence, the date/time it was collected or transferred, and the purpose for the transfer.

An authentication protocol where the verifier sends the claimant a challenge (usually a random value or a nonce) that the claimant combines with a shared secret (often by hashing the challenge and secret together) to generate a response that is sent to the verifier. The verifier knows the shared secret and can independently compute the response and compare it with the response generated by the claimant. If the two are the same, the claimant is considered to have successfully authenticated himself. When the shared secret is a cryptographic key, such protocols are generally secure against eavesdroppers. When the shared secret is a password, an eavesdropper does not directly intercept the password itself, but the eavesdropper may be able to find the password with an off-line password guessing attack

Agency official responsible for:

1) Providing advice and other assistance to the head of the executive agency and other senior management personnel of the agency to ensure that information technology is acquired and information resources are managed in a manner that is consistent with laws, executive orders, directives, policies, regulations, and priorities established by the head of the agency;

2) Developing, maintaining, and facilitating the implementation of a sound and integrated information technology architecture for the agency; and Promoting the effective and efficient design and operation of all major information resources management processes for the agency, including improvements to work processes of the agency.

Series of transformations that converts plaintext to ciphertext using the Cipher Key.

A secret-key block-cipher algorithm used to encrypt data and to generate a Message Authentication Code (MAC) to provide assurance that the payload and the associated data are authentic.

Secret, cryptographic key that is used by the Key Expansion routine to generate a set of Round Keys; can be pictured as a rectangular array of bytes, having four rows and Nk columns.

Negotiated algorithm identifiers. Cipher suites are identified in human readable form using a pneumonic code.

Data output from the Cipher or input to the Inverse Cipher.

A party whose identity is to be verified using an authentication protocol. An entity which is or represents a principal for the purposes of authentication, together with the functions involved in an authentication exchange on behalf of that entity. A claimant acting on behalf of a principal must include the functions necessary for engaging in an authentication exchange. (e.g., a smartcard (claimant) can act on behalf of a human user (principal))

Information that has been determined pursuant to Executive Order (E.O.) 13292 or any predecessor order to require protection against unauthorized disclosure and is marked to indicate its classified status when in documentary form.

A system entity, usually a computer process acting on behalf of a human user, that makes use of a service provided by a server.

A backup facility that has the necessary electrical and physical components of a computer facility, but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event that the user has to move from their main computing location to an alternate site.

Two or more distinct inputs produce the same output.

Security control that can be applied to one or more agency information systems and has the following properties:

1) the development, implementation, and assessment of the control can be assigned to a responsible official or organizational element (other than the information system owner); and

2) the results from the assessment of the control can be used to support the security certification and accreditation processes of an agency information system where that control has been applied.

A dictionary of common names for publicly known IT system vulnerabilities.

The management, operational, and technical controls (i.e., safeguards or countermeasures) employed by an organization in lieu of the recommended controls in the low, moderate, or high security control baselines, that provide equivalent or comparable protection for an information system.

The management, operational, and technical controls (i.e., safeguards or countermeasures) employed by an organization in lieu of the recommended controls in the low, moderate, or high baselines described in NIST Special Publication 800-53, that provide equivalent or comparable protection for an information system.

Disclosure of information to unauthorized persons, or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred. The unauthorized disclosure, modification, substitution or use of sensitive data (including plaintext cryptographic keys and other critical security parameters).

The practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data.

A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices.

A capability set up for the purpose of assisting in responding to computer security-related incidents; also called a Computer Incident Response Team (CIRT) or a CIRC (Computer Incident Response Center, Computer Incident Response Capability).

A resource, tool, or mechanism used to maintain a condition of security in a computerized environment. These objects are defined in terms of attributes they possess, operations they perform or are performed on them, and their relationship with other objects.

A collection of Computer Security Object names and definitions kept by a registration authority.

A computer virus is similar to a Trojan horse because it is a program that contains hidden code, which usually performs some unwanted function as a side effect. The main difference between a virus and a Trojan horse is that the hidden code in a computer virus can only replicate by attaching a copy of itself to other programs and may also include an additional "payload" that triggers when specific conditions are met.

Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.

Process for controlling modifications to hardware, firmware, software, and documentation to ensure the information system is protected against improper modifications prior to, during, and after system implementation.

Management policy and procedures designed to maintain or restore business operations, including computer operations, possibly at an alternate location, in the event of emergencies, system failures, or disaster.

A predetermined set of instructions or procedures that describe how an organization’s essential functions will be sustained for up to 30 days as a result of a disaster event before returning to normal operations.

The documentation of a predetermined set of instructions or procedures mandated by Office of Management and Budget (OMB) A-130 that describe how to sustain major applications and general support systems in the event of a significant disruption.

Information that is entered into a cryptographic module for the purposes of directing the operation of the module.

Mechanism that facilitates the adjudication of different interconnected system security policies (e.g., controlling the flow of information into or out of an interconnected system).

A piece of information supplied by a web server to a browser, along with requested resource, for the browser to store temporarily and return to the server on any subsequent visits or requests.

A mode of operation for a symmetric key block cipher algorithm. It combines the techniques of the Counter (CTR) mode and the Cipher Block Chaining-Message Authentication Code (CBC-MAC) algorithm to provide assurance of the confidentiality and the authenticity of computer data.

Actions, devices, procedures, techniques, or other measures that reduce the vulnerability of an information system. Synonymous with security controls and safeguards.

An object that authoritatively binds an identity (and optionally, additional attributes) to a token possessed and controlled by a person. Evidence attesting to one’s right to credit or authority.