Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
Glossary InfoSec

Glossary InfoSec

Ratings: (0)|Views: 43|Likes:
Published by ulliisseess

More info:

Published by: ulliisseess on Aug 12, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





© 2009 by Taylor & Francis Group, LLC
45 CFR—
Code of Federal Regulations Title 45 Public Welfare.
Family of IEEE standards for wireless LANS first introduced in 1997. The first standard to beimplemented, 802.11b, specifies from 1 to 11 Mbps in the unlicensed band using DSSS directsequence spread spectrum technology. The Wireless Ethernet Compatibility Association (WECA) brands it as Wireless Fidelity (Wi-Fi).
An IEEE standard for port based layer two authentications in 802 standard networks. WirelessLANS often use 802.1X for authentication of a user before the user has the ability to access thenetwork.
A/S, A.S., or AS—
Under HIPAA, see
administrative simplification.
ATM adaptation layer.
AppleTalk Address Resolution Protocol.
A form of inference that generates plausible conclusions (which may not necessarily betrue). As an example, knowing that if it is night, then a movie is on television and that a movie ison television, then abductive reasoning allows the inference that it is night.
Acronym for abnormal end of a task. It generally means a software crash. The abnormaltermination of a computer application or job because of a non-system condition or failure thatcauses a program to halt.
Capacity, fitness, or tendency to act in specified or desired manner. Skill, especially the physical, mental, or legal power to perform a task.
Area border router.
The process of identifying the characteristics that distinguish a collection of similar objects; the result of the process of abstraction is a type.
Access Control (Token Ring).
Audio Communications Controller 
.Acceptable risk—
The level of 
residual risk 
that has been determined to be a reasonable level of potentialloss/disruption for a specific IT system. See also
total risk, residual risk 
, and
minimum level of  protection
Acceptable use policy—
A policy that a user must agree to follow to gain access to a network or to theInternet.
Acceptance confidence level—
The degree of certainty in a statement of probabilities that a conclusion iscorrect. In sampling, a specified confidence level is expressed as a percentage of certainty.
Acceptance Inspection—
The final inspection to determine whether or not a facility or system meets thespecified technical and performance standards. Note: This inspection is held immediately after facility and software testing and is the basis for commissioning or accepting the informationsystem.
Acceptance Testing—
The formal testing conducted to determine whether a software system satisfies itsacceptance criteria, enabling the customer to determine whether to accept the system.
The ability of a subject to view, change, or communicate with an object. Typically, accessinvolves a flow of information between the subject and the object.
Access Control—
The process of allowing only authorized users, programs, or other computer system(i.e., networks) to access the resources of a computer system. A mechanism for limiting use of some resource (system) to authorized users.
Access control certificate—
ADI in the form of a security certificate.
Access control check—
The security function that decides whether a subject’s request to perform anaction on a protected resource should be granted or denied.
Access Control Decision Function (ADF)—
A specialized function that makes access control decisions by applying access control policy rules to a requested action, ACI (of initiators, targets, actions,or that retained from prior actions), and the context in which the request is made.
© 2009 by Taylor & Francis Group, LLC
Access Control Decision Information (ADI)—
The portion (possibly all) of the ACI made available tothe ADF in making a particular access control decision.
Access Control Enforcement Function (AEF)—
A specialized function that is part of the access path between an initiator and a target on each access that enforces the decisions made by the ADF.
Access Control Information (ACI)—
Any information used for access control purposes, includingcontextual information.
Access Control List (ACL)—
An access control list is the usual means by which access to, and denial of,service is controlled. It is simply a list of the services available, each with a list of the hosts permitted to use the services. Most network security systems operate by allowing selective use of services.
Access Control Mechanisms—
Hardware, software, or firmware features and operating and management procedures in various combinations designed to detect and prevent unauthorized access and to permit authorized access to a computer system.
Access control policy—
The set of rules that define the conditions under which an access may take place.
Access Controls—
The management of permission for logging on to a computer or network.
Access list—
A catalog of users, programs, or processes and the specifications of the access categories towhich each is assigned.
Access Path—
The logical route that an end user takes to access computerized information. Typically, itincludes a route through the operating system, telecommunications software, selected applicationsoftware and the access control system.
Access Period—
A segment of time, generally expressed on a daily or weekly basis, during which accessrights prevail.
Access protocol—
A defined set of procedures that is adopted at an interface at a specified reference point between a user and a network to enable the user to employ the services or facilities of thatnetwork.
Access Provider (AP)—
Provides a user of some network with access from the user’s terminal to thatnetwork. This definition applies specifically for the present document. In a particular case, the APand network operator (NWO) may be a common commercial entity.
Access Rights—
Also called permissions or privileges, these are the right granted to users by theadministrator or supervisor. These permissions can be read, write, execute, create, delete, etc.
Access Type—
The nature of access granted to a particular device, program, or file (e.g., read, write,execute, append, modify, delete, or create).
(1) Technical — any unplanned or unintended event, sequence, or combination of events thatresults in death, injury, or illness to personnel or damage to or loss of equipment or property(including data, intellectual property, etc.), or damage to the environment. (2) Legal — anyunpleasant or unfortunate occurrence that causes injury, loss, suffering, or death; an event thattakes place without one’s foresight or expectation.
A security principle stating that individuals must be able to be identified. Withaccountability, violations or attempted violations can be traced to individuals who can be heldresponsible for their actions.
The ability to map a given activity or event back to the responsible party; the propertythat ensures that the actions of an entity may be traced to that entity.
The process of apportioning charges between the home environment, serving network, anduser.
A program whereby a laboratory demonstrates that something is operating under accepted standards to ensure quality assurance.
(1) A management or administrative process of accepting a specific siteinstallation/implementation for operational use based upon evaluations and certifications. (2) Aformal declaration by a Designated Approving Authority (DAA) that the AIS is approved to
© 2009 by Taylor & Francis Group, LLC

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->