*-property - A Bell-LaPadula security model rule that stipulates that a subject cannot write data to an object at a lower security level.
ABAC - (Attribute-Based Access Control) - This is an access control paradigm whereby access rights are granted to users with policies that combine attributes together.
ABAC - (Attribute-Based Access Control) - An access control model in which access decisions are based on attributes of any component of or action on the system.
acceptable risk - A suitable level of risk commensurate with the potential benefits of the organization\'s operations as determined by senior management.
access - A subject\'s ability to view, modify, or communicate with an object. Access enables the flow of information between the subject and the object.
access control - Mechanisms, controls, and methods of limiting access to resources to authorized subjects only.
access control list - A list of subjects that are authorized to access a particular object. Typically, the types of access are read, write, execute, append, modify, delete, and create.
access control mechanism - Administrative, physical, or technical control that is designed to detect and prevent unauthorized access to a resource or environment.
access control system - Means to ensure that access to assets is authorized and restricted based on business and security requirements related to logical and physical systems.
access control tokens - The system decides if access is to be granted or denied based upon the validity of the token for the point where it is read based on time, date, day, holiday, or other condition used for controlling validation.
accountability - A security principle indicating that individuals must be identifiable and must be held responsible for their actions.
accredited - A computer system or network that has received official authorization and approval to process sensitive data in a specific operational environment. There must be a security evaluation of the system\'s hardware, software, configurations, and controls by technical personnel.
ACL - (Access Control List) - A list of subjects that are authorized to access a particular object. Typically, the types of access are read, write, execute, append, modify, delete, and create.
add-on security - Security protection mechanisms that are hardware or software retrofitted to a system to increase that system\'s protection level.
administrative controls - Security mechanisms that are management\'s responsibility and referred to as soft controls. These controls include the development and publication of policies, standards, procedures, and guidelines
aggregation - The act of combining information from separate sources of a lower classification level that results in the creation of information of a higher classification level, which the subject does not have the necessary rights to access.
AIC triad - The three security principles: availability, integrity, and confidentiality. Sometimes also presented as CIA: confidentiality, integrity, and availability.
ALE - (Annualized Loss Expectency) - A dollar amount that estimates the loss potential from a risk in a span of a year. [single loss expectancy (SLE)
algorithm - A mathematical function that is used in the encryption and decryption processes.
annualized loss expectancy - A dollar amount that estimates the loss potential from a risk in a span of a year.single loss expectancy (SLE)
annualized rate of occurrence - The value that represents the estimated possibility of a specific threat taking place within a one-year timeframe.
antimalware - Software whose principal functions include the identification and mitigation of malware
ARO - (Annualized Rate of Occurrence) - The value that represents the estimated possibility of a specific threat taking place within a one-year timeframe.
asset - An item perceived as having value.
asset lifecycle - The phases that an asset goes through from creation (collection) to destruction.
assurance - A measurement of confidence in the level of protection that a specific security control delivers and the degree to which it enforces the security policy.
asymettric - Not identical on both sides. In cryptography, key pairs are used
attack - An attempt to bypass security controls in a system with the mission of using that system or compromising it. An attack is usually accomplished by exploiting a current vulnerability.
attack surface - Different security testing methods find different vulnerability types.
attribute-based access control - This is an access control paradigm whereby access rights are granted to users with policies that combine attributes together.
attribute-based access control - An access control model in which access decisions are based on attributes of any component of or action on the system.
audit - A systematic assessment of significant importance to the organization that determines whether the system or process being audited satisfies some external standards.
audit - The tools, processes, and activities used to perform compliance reviews.
audit trail - A chronological set of logs and records used to provide evidence of a system\\'s performance or activity that took place on the system. These logs and records can be used to attempt to reconstruct past events and track the activities that took place, and possibly detect and identify intruders.
authenticate - To verify the identity of a subject requesting the use of a system and/or access to network resources. The steps to giving a subject access to an object should be identification, authentication, and authorization.
authorization - Granting access to an object after the subject has been properly identified and authenticated.
availability - The reliability and accessibility of data and resources to authorized individuals in a timely manner.
back door - An undocumented way of gaining access to a computer system. After a system is compromised, an attacker may load a program that listens on a port (back door) so that the attacker can enter the system at any time. A back door is also referred to as a trapdoor.
back up - Copy and move data to a medium so that it may be restored if the original data is corrupted or destroyed. A full backup copies all the data from the system to the backup medium. An incremental backup copies only the files that have been modified since the previous backup. A differential backup backs up all files since the last full backup.
baseline - The minimum level of security necessary to support and enforce a security policy.
BC - (Business Continuity) - Actions, processes, and tools for ensuring an organization can continue critical operations during a contingency.=SW-CMM(SoftWare Capability Maturity Model) - Maturity model focused on quality management processes and has five maturity levels that contain several key practices within each maturity level.
Bell-LaPadula model - The model uses a formal state transition model that describes its access controls and how they should perform. When the system must transition from one state to another, the security of the system should never be lowered or compromised. See also multilevel security, simple security property, and star property (*-property).
BIA - (Business Impact Analysis) - A functional analysis in which a team collects data, documents business functions, develops a hierarchy of business functions, and applies a classification scheme to indicate each individual function\'s criticality level.
Biba model - A formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity.
biometrics - When used within computer security, identifies individuals by physiological characteristics, such as a fingerprint, hand geometry, or pattern in the iris.
bit - Most essential representation of data (zero or one) at Layer 1 of the Open Systems Interconnection (OSI) model.
black-box testing - Testing where no internal details of the system implementation are used.
blacklist - A set of known-bad resources such as IP addresses, domain names, or applications.
bluetooth - Bluetooth wireless techology is an open standard for short-range radio frequency communication used primarily to establish wireless personal area networks (WPANs), and it has been integrated into many types of business and consumer devices.
bridges - Layer 2 devices that filter traffic between segments based on Media Access Control (MAC) addresses.