Link to the home page.
Print from PDF version
Wireless Security Practices PDF Document
 

Glossary of Security Acronyms and Terminology

AAMVA
American Association of Motor Vehicle Administrators
Acceptable Risk
A concern that is acceptable to responsible management, due to the cost and magnitude of implementing controls.
Access Control
Procedures and controls that limit or detect access to critical information resources. This can be accomplished through software, biometrics devices, or physical access to a controlled space. The ability of a system to grant, limit, or deny access to specific data, applications, or resources for specific users, devices, or systems.
Access Control Policy
The set of rules that define the conditions under which an access may take place.
Access Level
The hierarchical security level used to identify the sensitivity of data and the clearance or authorization of users.
Accountability
The security objective that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports nonrepudiation, deterrence, fault isolation, intrusion detection, and after-action recovery and legal action.
ACL
Access Control List
ACLU
American Civil Liberties Union
AEA
Advanced Encryption Algorithm
AES
Advanced Encryption Standard
AFIS
Automated Fingerprint Identification System
AIS
Automated Information System
Algorithms
Complex mathematical formulae that are one component of encryption.
Analog
A signal that may vary continuously over a specific range of values.
Anonymizer
Anonymizer is a gateway to keep Web surfing anonymous and preserve privacy online when surfing the Web, sending e-mail, or posting to a newsgroup. Through the use of an anonymizer, any information and IP addresses that are collected will be false information. By hiding an IP address, one can eliminate the possibility of a DoS attack.
Antenna
A device (usually metallic) for radiating or receiving radio waves.
ANSI
American National Standards Institute
Armored Virus
An armored virus tries to prevent analysts from examining its code. The virus may use methods to make tracing, disassembling, and reverse engineering its code more difficult.
APB
Advisory Policy Board
ASCII
American Standard Code for Information Interchange
Assurance
The grounds for confidence that an entity meets its security objectives.
Attack Detection and Prevention
The communications networks must be resistant to jamming, capable of passive/active attack monitoring and defense deployment, able to geolocate the source of an attack, and capable of monitoring all functional aspects by authorized users/devices.
Audit
The independent examination of records and activities to ensure compliance with established controls, policy, and operational procedures and to recommend any indicated changes in controls, policy, or procedures.
Audit Trail
A chronological record of system activities that is sufficient to enable the reconstruction and examination of the sequence of environments and activities surrounding or leading to an operation, procedure, or event in a security-relevant transaction from inception to results.
Authentication
Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in a system. Authentication methods can include passwords, hardware tokens, software tokens, smart cards, software smart cards, and biometrics devices.
Authorization
The granting or denying of access rights to a user, program, or process.
Authorized
A system entity or actor is granted the right, permission, or capability to access a system resource. See Authorization.
Availability
Timely, reliable access to data and information services for authorized users; protection against intentional or accidental attempts to perform unauthorized deletion of data or otherwise cause a denial of service or data.
Back Door
A feature built into a program by its designer that allows the designer special privileges that are denied to the normal users of the program. A back door in an EXE or COM program, for instance, could enable the designer to access special setup functions.
Backup
A duplicate copy of data made for archiving purposes or for protecting against data loss. A backup is considered secure only if it is stored away from the original.
Band
A well-defined range of wavelengths or frequencies.
Bandwidth
The range within a band of frquencies. A measure of the amount of information that can flow through a given point at any given time.
BIA
Business Impact Analysis
Binary
A numbering system based on twos (2s) rather than tens (10s). Each element has a digit value of either one (1) or zero (0) and is known as a bit.
Biometrics
Biometrics is the science and technology of measuring and statistically analyzing biological data. In information technology, biometrics usually refers to automated technologies for authenticating and verifying human body characteristics such as fingerprints, eye retinas and irises, voice patterns, facial patterns, and hand measurements.
Bit
See Binary.
Brute Force Attack
An attack in which each possible key or password is attempted until the correct one is found.
C&A
Certification and Accreditation
CA Privacy Root Key
Cryptographic key known only to the CA. It is used to verify user or server certificate requests (digitally signed certificates).
CAPI
Cryptographic Application Programming Interface
Carnivore
The Internet surveillance system developed by the Federal Bureau of Investigation to monitor the electronic transmissions of criminal suspects.
CCITSE
Common Criteria for Information Technology Security Evaluation
CDL
Commercial Driver's License
CERT®/CC
CERT® Coordination Center
Certificate
In cryptography, an electronic document binding some pieces of information together, such as a user's identity and public key. Certification Authorities (CAs) provide certificates.
Certificate Owner
The person that has access to use the certificate. This access could be protected by a password, a smart card, or other device.
Certification Authority (CA)
An authority that issues and manages security credentials for a PKI.
CFR
Code of Federal Regulations
Channel
A band of frquencies of sufficient width to support a single radio communications path.
Chief Information Officer (CIO)
The highest-level person responsible for policy concerning information systems and telecommunications systems.
CHRI
Criminal History Record Information
CIP
Critical Infrastructure Protection
Cipher
An alternative term for an encryption algorithm.
Ciphertext
Encrypted data.
CIR
Centralized Information Repository
CIS
Center for Internet Security
CJIS
Criminal Justice Information Services
CKMS
Centralized Key Management System
Common Information Model (CIM)
A standard for extensible, object-oriented schema for managing information collected from computers, networking devices, protocols, and applications.
Compromise
To access or disclose information without authorization.
Computer Emergency Response Team (CERT®)
(1) The people who are responsible for coordinating the response to somputer security incidents in an organization. (2) CERT® is one of the main agencies for Internet security formed by the Defense Advanced Research Projects Agency (DARPA) in 1988 to aid the Internet community in responding to computer security events, raise awareness of computer security issues, and conduct research aimed at improving security systems. See http://www.cert.org for more information.
Computer Security Incident Response Capability (CSIRC)
A set of policies and procedures defining security incidents and governing the actions to be taken when they occur.
Confidentiality
Assurance that information is not disclosed to unauthorized persons, processes, or devices. Confidentiality covers data in storage, during processing, and while in transit.
Contingency Plan
A plan maintained for emergency response, backup operations, and postdisaster recovery for an AIS, to ensure availability of critical resources and to facilitate the continuity of operations in an emergency.
Cookies
Blocks of text placed in a file on a computer's hard disk. Web sites use cookies to identify users who revisit the site.
COTS
Commercial Off-the-Shelf
Countermeasure
Any action, device, procedure, technique, or other measure that reduces a system's vulnerability to a threat.
Coverage
The amount or percentage of area reached by a communications medium.
CPO
Chief Privacy Officer
Cracker
One who breaks security on an automated system.
Critical Security Perimeters (CSPs)
Security-related information (e.g., cryptographic keys, authentication data such as passwords and PINs) appearing in plaintext or an otherwise unprotected form and whose disclosure or modification can compromise the security of a cryptographic module or the security of the information protected by the module.
CRL
Certificate Revocation List
CRT
Central Response Team
Cryptography
The art and science of using mathematics to secure information and create a high degree of trust in the electronic realm.
CSA
Computer Security Act of 1987
CSD
Computer Security Division
CSIRTs
Computer Security Incident Response Teams
CSMA/CD
Carrier Sense Multiple Access/Collision Detect
CSO
Central Security Officer
CSRC
Computer Security Resource Center
CSS
Card Scanning Service
CTA
Control Terminal Agency
CTO
Control Terminal Officer
Customer Information Control System (CICS)
An online transaction processing (OLTP) program from IBM that, together with the COBOL programming language, has formed over the past several decades the most common set of tools for building customer transaction applications in the world of large enterprise mainframe computing.
DAC
Discretionary Access Control
Data Authentication Code (DAC)
Also known as a Message Authentication Code (MAC) in ANSI standards.
Data Integrity
Proof that a file or communication has been changed only by authorized parties.
Data Security
The communication networks must not allow unauthorized interception of communications or information, they must not allow communications replay attacks, and they must have nonrepudiation capabilities to ensure evidence in the event of a dispute.
DBMS
Database Management System
Decryption
The process of changing ciphertext into plaintext.
Demilitarized Zone (DMZ)
A network inserted as a "buffer zone" between a company's private, or trusted, network and the outside, nontrusted network.
Denial-of-Service (DoS)
This is an indirect attack to a site. Hackers are not trying to get into the site itself, but they are trying to keep everyone else from getting into the site.
DES
Data Encryption Standard
Dictionary Attack
A password-cracking technique that uses words in a dictionary to crack passwords.
DID
Distributed Intrusion Detection
Digital
Information that can be represented by two discrete states (either 0 or 1). Most information in the speaking/seeing world is not digital but must be converted into this form to be used by computers.
Digital Certificate
A data structure used in a public key infrastructure to bind a particular individual to a particular public key.
Digital Fingerprint
A number that is unique to a digital certificate, used to verify whether a signature is valid.
Digital Signature (Standard)
The digital signature algorithm (DSA) developed by the U.S. National Security Agency to generate a digital signature for the authentication of electronic documents.
Digital Signature
The result of a cryptographic transformation of data that, when properly implemented, provides the services of origin authentication, data integrity, and signer nonrepudiation.
Digital Signature Algorithm (DSA)
Used by a signatory to generate a digital signature on data and by a verifier to verify the authenticity of the signature.
Digital Timestamp
A record mathematically linking a document to a time and a date.
Distributed Denial-of-Service (DDoS) Attacks
Hackers launch attacks by using several smaller network connections, making it harder to detect. DDoS can inundate the largest ISPs and consume all their bandwidth.
DMS
Defense Messaging System
DSO
District Security Officer
DSS
Digital Signature Standard, a.k.a. Digital Signature Algorithm
DSSV
Digital Signature Storage and Verification
Dynamic Host Conficuration Protocol (DHCP)
A protocol used to dynamically assign IP addresses to mobile devices.
EAL
Evaluation Assurance Level 4 as defined by the Common Criteria for Information Technology Security Evaluation (CCITSE). EALs provide a uniformly increasing scale that balances the level of assurance obtained with the cost and feasibility of acquiring that degree of assurance. There are seven hierarchically ordered EALs. The higher the EAL, the greater the degree of assurance.
EAM
Extranet Access Management
EAP
Extensible Authentication Protocol
ECC
Elliptic Curve Cryptosystem
EDI
Electronic Data Interchange
E-Mail Bombing
Flooding a site with enough mail to overwhelm its e-mail system. Used to hide or prevent receipt of e-mail during an attack or as retaliation against a site.
Emergency Medical Services Event Management System
A database containing information on the real-time status of emergency medical personnel, resources, hospitals, and patients that is accessible by command personnel, authorized responders, health care facilities, etc.
Encryption
The process of cryptographically converting plaintext electronic data to a form unintelligible to anyone except the intended recipient.
EPIC
Electronic Privacy Information Center
ERB
Engineering Review Board
EvDO
Evolution Data Optimized
Expiration Date IEEE
All digital certificates should have an expiration date (Institute of Electrical and Electronics Engineers). A body that creates some cryptographic standards.
Extended Area Network (EAN)
Networks that are linked with county, regional, state, and national systems or extended area networks.
 
Extensible Markup Language (XML)
The universal language for computers to exchange information with other computers over the World Wide Web.
FAR
False Acceptance Rate
FBI
Federal Bureau of Investigation
FCC
Federal Communications Commission
File Viruses
Usually replace or attach themselves to COM and EXE files. They can also be files with the extensions SYS, DRV, BIN, OVL, DOC, VBS, SCR, and OVY.
FIPs
Fair Information Practices
FIPS
Federal Information Processing Standard
FIPS PUB
Federal Information Processing Standard Publication
Firewall
A system designed to prevent unauthorized accesses to or from a private network. Often used to prevent Internet users from accessing private networks connected to the Internet.
Firewall Boundary
A commonly used term referring to a security perimeter that is largely defined by the presence of one or more firewalls.
FIRST
Forum of Incident Response and Security Teams. See http://www.first.org.
Footprinting
Also known as profiling, the process of obtaining data about a particular individual or company.
Frequency
The number of repetitions of a periodic process in a unit of time.
FRR
False Rejection Rate
FTC
Federal Trade Commission
FTP
File Transfer Protocol, a means to exchange files across a network.
GASSP
Generally Accepted System Security Principles
General Packet Radio Service (GPRS)
One of the network protocols that are used by commercial mobile data network providers in the United States.
Gopher Protocol
Designed to allow a user to transfer text or binary files among computer hosts across networks.
Hacking
Unauthorized use or attempts to circumvent or bypass the security mechanisms of an information system or network.
"Hactivism"
Politically motivated attacks on publicly accessible Web pages or e-mail servers.
HIDS
Host Computer Intrusion Detection Systems
HIPAA
The Health Insurance Portability & Accountability Act of 1996 (August 21), Public Law 104-191, which amends the Internal Revenue Service Code of 1986. Also known as the Kennedy-Kassebaum Act.
HyperText Language Protocol (HTTP)
The set of rules for exchanging files (text, graphic images, sound, video, and other multimedia files) on the Web.
HyperText Markup Language (HTML)
The mechanism used to create Web pages.
I&A
Identification and Authentication
IAFIS
Integrated Automated Fingerprint Identification System
ICDAG
Interagency Confidentiality and Data Access Group
ICMP
Internet Control Message Protocol
IDIP
Intruder Detection and Isolation Protocol
IDWG
Intrusion Detection Working Group
IDXP
Intrusion Detection Exchange Protocol
IEEE 802.11
Wi-Fi
IEEE 802.11i
WPA2, an amendment to the 802.11 standard specifying security mechanisms for wireless networks.
IEEE 802.16
WiMAX
IEEE 802.20
Mobile Broadband Wireless Access
IEEE 1451.5
Wireless Sensor Standards
IETF
Internet Engineering Task Force
III
Interstate Identification Index
IJIS
IJIS Institute. See http://www.ijis.org.
IMAP
Internet Message Access Protocol
Incident Area Network (IAN)
A network created for a specific incident. This network is temporary in nature.
Infrastructure
The underlying permanent installations required for radio communications. Infrastructure includes antennas, base/repeater stations, consoles, links (fiber, microwave, radio, and wire), towers, and support structures (such as buildings and towers).
Insider Threat
A disgruntled insider with knowledge of the victim's system.
Integrity
Preservation of the original quality and accuracy of data in written or electronic form.
Interference
Confusion of received radio signals due to strays or undesired signals.
Intermediary
A program or set of programs that in some way evaluate, filter, modify, or otherwise interject some function between two end users or end-use programs such as a client/server. An example is the proxy server that most companies place between their internal Web users and the public Internet.
Intrusion Detection Systems (IDS)
Techniques that try to detect intrusion or unauthorized entry into a computer or network by observation of actions, security logs, or audit data. Intrusion detection is the discovery of break-ins or attempted break-ins either manually or via specific software systems that operate on logs or other information available on the network.
IP
Internet Protocol, a network protocol that facilitates the routing of data across a set of networks connected by routers (an Internet). IP addresses are used to identify the locations within the network.
IP Security (IPsec)
Adds security features to the standard IP protocol to provide confidentiality and integrity services.
IP Spoofing
An attack in which a hacker outside the network attempts to impersonate a computer from the trusted network.
ISDN
Integrated Services Digital Network
ISO
Information Security Officer
ISO
International Standards Organization
ISPs
Internet Service Providers
IT
Information Technology
ITMS
Information Technology Management Section
ITN
Identification Tasking and Networking
IWG
Industry Working Group—now known as the IJIS Institute. See http://www.ijis.org.
JISN
Justice Interconnection Services Network
JTF
Joint Task Force
Jurisdiction Area Network (JAN)
The main communications network for first responders. It is responsible for all non-JAN voice and data traffic. It handles any JAN traffic that needs access to the general network, as well as providing the connectivity to the EAN.
KEA
Key Exchange Algorithm
Key
A series of numbers used by an encryption algorithm to transform plaintext data into encrypted data.
Key Encrypting Key (KEK)
A cryptographic key that is used for the encryption or decryption of other keys.
Key Escrow
The system of giving a piece of a key to each of a certain number of trustees such that the key can be recovered with the collaboration of all the trustees.
Key Recovery
A secure means for backup and recovery of encryption key pairs.
Key Serial Number
A 128-bit number associated with a certificate.
Keyring File
A file that can house the certificate.
Killer Packets
A method of disabling a system by sending Ethernet or IP packets that exploit bugs in the networking code to crash the system. See SYN Floods.
KMF
Key Management Facility
KTC
Key Translation Center
LAN
Local Area Network
LEIF
Law Enforcement Interconnecting Facilities
Lightweight Directory Access Protocol (LDAP)
A standardized way to connect with a directory that might hold passwords, addresses, public encryption keys, and other exchange-facilitating data.
Local Registration Authority (LRA)
A person who evaluates and approves or rejects certificate applications on behalf of a CA.
MAC
Mandatory Access Control or Message Authentication Code
MIME
Multipurpose Internet Mail Extensions
MISPC
Minimum Interoperability Specification for PKI Components
Misuse
Illicit activity that exploits system vulnerabilities or file access privileges.
MIT
Massachusetts Institution of Technology
Mobile Ad-hoc NETwork (MANET)
A collection of mobile nodes that communicate over radio and do not need any preinstalled communication infrastructure. Communication can be performed if two nodes are close enough to exchange packets. Mobile ad hoc networks are envisioned to be self-forming, self-maintaining, and self-healing and will not require any existing infrastructure.
Mobile IP
The current standard for supporting mobility in IP networks.
Modem
An acronym for modulator/demodulator, which is a device that translates digital signals coming from your computer or other digital device into analog signals that can be transmitted over standard telephone lines or radio circuits. The modem also translates the analog signal back into a digital signal.
Multicast
Occurs when one device sends data across the network to multiple devices; however, depending on the multicast protocol, only nodes that are on the path from the originating device to the receiving device receive and forward the data.
Mutual Aid
This mode describes those major events with large numbers of agencies involved, including agencies from remote locations. Their communications are not usually well planned or rehearsed. The communications must allow the individual agencies to carry out their missions at the event but follow the command and control structure appropriate to coordinate the many agencies involved with the event.
NAPs
Network Access Points
NASCIO
National Association of State Chief Information Officers
NAT
Network Address Translation
NCIC
National Crime Information Center
NCS
Network Control Software
NCSC
National Center for State Courts
NIAP
National Information Assurance Partnership
NIDS
Network Intrusion Detection System
NIPC
National Infrastructure Protection Center
NIST
National Institute of Standards and Technology. See http://www.nist.gov.
Nlets
The International Justice and Public Safety Information Sharing Network
NNTP
Network News Transfer Protocol, protocol for Usenet news distribution.
Noise
An unwanted signal or disturbance (e.g., static) in a radio communications system.
Noninteractive Data Communications
A one-way stream of data, such as the monitoring of firefighter biometrics and location, that greatly increases the safety of the practitioners. This form of communications also makes the command and control requirements easier when the commander is aware of the condition and location of the on-scene personnel.
Noninteractive Voice Communications
These communications occur when a dispatcher or supervisor alerts members of a group about emergency situations and/or to share information. In many cases, the noninteractive voice communications have the same mission-critical needs as the interactive service.
Nonrepudiation
The cryptographic assurance that a message sender cannot later deny sending a message or that the recipient cannot deny receipt.
NSA
National Security Agency. See http://www.nsa.gov.
NTIS
National Technical Information Service
OASIS
Organization for the Advancement of Structured Information Standards.
OECD
Organisation for Economic Cooperation and Development
OMB
Office of Management and Budget
OMI
Open Model Interface
Open Systems Interconnection (OSI)
Also known as the OSI reference model. This describes a standard for how messages should be transmitted between any two points in a network. The reference model defines seven layers that take place at each end of a communication.
ORI
Originating Agency Identifier
OSCA
Office of State Court Administrators
P3P
Platform for Privacy Preferences
Packet
A unit of data that is routed between an origin and a destination on the Internet.
Password
A string of characters used to authenticate an identity or to verify access authorization.
PDP
Privacy Design Principle
Personal Area Network (PAN)
A collection of fixed, portable, or moving components that form a network through local interfaces, with a typical radius of about 10 meters. These can include components that are carried, worn, or located near the body, such as wireless devices used to monitor the first responder's physical location, pulse rate, breathing rate, and oxygen tank status, as well as devices for hazardous gases detection and voice communications.
Personal/Person-Identifiable Information
Information about the characteristics or activities of an identifiable natural person, including information about individuals who may not be explicitly identified but whose identity could be inferred from elements of the data. Sensitive data elements in existing databases can include name, address, social security number, ID numbers, and birth date.
Physical Security Policy
A document specifying the steps to take to protect the actual machines used to store and process sensitive or valuable data.
PIA
Privacy Impact Assessment
PIN
Personal Identification Number
PKCS
Public Key Cryptography Standards
Plaintext
Unencrypted (unenciphered) data
POC
Point-of-Contact
PP
Protection Profile
PPP
Point-to-Point Protocol
PPTP
Point-to-Point Tunneling Protocol
Pretty Good Privacy (PGP)
This set of standardized security procedures and algorithms provides authentication and privacy services and is most frequently used for secure e-mail.
Privacy
The right of an entity (normally a person), acting on its own behalf, to determine the degree to which it will interact with its environment, including the degree to which the entity is willing to share information about itself with others. In the context of information sharing, privacy is the right of an individual to have his or her personal information accessed only by authorized and intended individuals. Rules governing these privacy rights are subject to state and national policies and regulations. Security safeguards and mechanisms are used to enforce privacy through the protection of integrity, availability, and confidentiality of information. These mechanisms should not be confused with privacy.
Privacy Seals
The seals of approval granted by organizations such as TRUSTe, BBBOnline, and WebTrust. The seals intend to demonstrate that a Web site has adopted appropriate policies to protect personal information and to assure individuals that they are visiting a Web site they can trust. Disclaimer—keep in mind that these seals are not monitored, and anyone can "stick" a seal on their Web site.
Private Key
The key of the public key pair that is not shared by its owner.
PRNG
PseudoRandom Number Generator
Protected Resource
A target, access to which is restricted by an access control policy.
Protocol
In information technology, a protocol is the special set of rules that end points in telecommunication connection use when they communicate. Protocols exist at several levels in a telecommunication connection. There are hardware telephone protocols, and there are protocols between each of several functional layers and each corresponding layer at the other end of a communication. Both end points must recognize and observe a protocol.
Public Key
The key of the public key pair that is widely shared, generally through a digital certificate.
Public Key Cryptography
Cryptography based on methods involving a public key and a private key.
Public Key Infrastructure (PKI)
An architecture that is used to bind public keys to entities, enable other entities to verify public key bindings, revoke such bindings, and provide other services critical to managing public keys.
Public Safety Answering Point (PSAP)
The answering center for 9-1-1 calls.
Public Switched Telephone Network (PSTN)
The public telephone system.
PVC
Permanent Virtual Circuits
QoS
Quality of Service
RACF
Resource Access Control Facility
RBAC
Role-Based Access Control
RC2, RC4
Specific standardized block ciphers algorithms (Rivest Cipher or Ron's Code).
"Recreational Hackers"
Persons who crack into networks for the thrill of the challenge or for bragging rights in the hacker community.
Refarming
An administrative process being conducted by the FCC to reduce channel bandwidths and, as a result, promote spectrum efficiency.
Registration Authority
A mechanism or person that, as part of a PKI, is involved in verifying and enrolling users.
Release
Disclosure of documents (records) containing personal information to a third-party requester.
Remote Access
Potential entry point for an attack that uses a war dialer and a password hacking tool to make login attempts.
RFC
Request for Comments
Risk
An expectation of loss or threat that can be expressed as the probability that a particular threat (or set of threats) will exploit a particular vulnerability with particularly harmful results.
Risk Analysis/Risk Assessment
The process of examining all risks, then ranking those risks by level of severity. Risk analysis involves determining what you need to protect, what you need to protect it from, and how to protect it.
Risk Management
The total process of identifying, controlling, and mitigating information technology-related risks; cost-benefit analysis; and the selection, implementation, testing, and security evaluation of safeguards. This overall system security review considers both effectiveness and efficiency, including impact on the mission/business and constraints due to policy, regulations, and laws.
RISS
Regional Information Sharing Systems®
Router
A device or, in some cases, software in a computer that determines the next network point to which a packet should be forwarded toward its destination.
RSA
Rivest-Shamir-Adelman public key encryption algorithm
Rules of Behavior
The rules that have been established and implemented concerning use of, security in, and acceptable level of risk for the system. Rules will clearly delineate responsibilities and expected behavior of all individuals with access to the system. Rules should cover such matters as work at home, dial-in access, connection to the Internet, use of copyrighted works, unofficial use of federal government equipment, assignment and limitation of system privileges, and individual accountability.
SAICS
Southwest Alabama Integrated Criminal Justice System
S-HTTP
Secure HyperText Transfer Protocol
S/MIME
Secure Multipurpose Internet Mail Extensions
S/WAN
Secure Wide Area Network
Secret Key
In secret-key cryptography, this is the key used both for encryption and decryption.
Secure Socket Layer Protocol (SSL)
Invented by Netscape Communications, Inc. This protocol provides end-to-end encryption of application layer network traffic.
Security Assertion Markup Language (SAML)
An XML security standard for exchanging authentication and authorization information.
Security Discipline
A set of subjects, their information objects, and a common security policy.
Security Goal
To enable an organization to meet all mission/business objectives by implementing systems with due care and consideration of information technology-related risks to the organization, its partners, and its customers.
Security Objectives
The five security objectives are integrity, availability, confidentiality, accountability, and assurance.
Security Policy
The statement of required protection of the information objects.
Security Token
A device issued to authorized individuals that generates a code used to provide proof of their identity in a two-factor authentication system; can be a hardware or software token. Also called an authenticator.
Sensitive Information
Information whose loss, misuse, or unauthorized access to or modification of could adversely affect the national interest or the conduct of federal programs or the privacy to which individuals are entitled.
Service Set Identifier (SSID)
The default wireless network name.
SHA-1
Cryptographic hash algorithm that is optimized for high-end processors and produces a 160-bit digest.
Shoulder Surfing
Stealing passwords or PINs by looking over someone's shoulder.
Simple Object Access Protocol (SOAP)
A Web protocol that defines specific fields in an XML message that enables multiple programs to communicate over the Web.
SLA
Service-Level Agreement
Smart Card
A small plastic card with a microprocessor that can store information.
SMTP
Simple Mail Transfer Protocol
Smurfing
The attacking of a network by exploiting Internet Protocol broadcast addressing and certain other aspects of Internet operations. Smurfing uses a program called Smurf and similar programs to cause the attacked part of a network to become inoperable.
SNA
Systems Network Architecture
Sniffer
A program to capture data across a computer network. Used by hackers to capture user names and passwords. Software tool that audits and identifies network traffic packets. It is also used legitimately by network operations and maintenance personnel to troubleshoot network problems.
Social Engineering
Subverting information system security by using nontechnical, social means.
Spamming
Sending unsolicited e-mail.
Spectrum
The region of the electromagnetic spectrum in which radio transmission and detection techniques may be used.
Spectrum Frequency
Optimizing the amount of information sent over a given amount of bandwidth.
Standards
Conditions and protocols set forth to allow uniformity within communications and virtually all computer activity.
Symmetric Encryption
An approach that uses the same algorithm and key to both encrypt and decrypt information.
SYN Floods
A method of disabling a system by sending more TCP SYN packets than its networking code can handle. See Killer Packets.
Target of Evaluation
An information technology (IT) product or system and its associated administrator and user guidance documentation that are the subject of an evaluation.
TCP
Transmission Control Protocol
TCP/IP
Transmission Control Protocol and Internet Protocol
Telnet Protocol
A communication protocol (possibly remote) used to log on to a computer host.
Temporary Network
JANs and EANs are networks that exist at all times, whereas the JANs are created on a temporary basis to serve a particular purpose, such as an incident, and then are dissolved. The nature of the JAN is such that it may not reach all areas of an incident. In such cases, the user would either connect to the JAN or create a temporary network to extend the JAN to the area not covered.
Threat
An event or activity, deliberate or unintentional, with the potential for causing harm to an information technology (IT) system or activity.
TIA CDMA2000 1x
1xRTT
TIA CDMA2000 1xED-VO
Evolution Data Only
TLS
Transport Layer Security
TOC
Technical and Operations Committee
Tokens
Something that the claimant possesses and controls that may be used to authenticate the claimant's identity.
TRB
Technical Review Board
Trinoo
A Trojan horse used by hackers to launch a Distributed Denial-of-Service (DDoS) attack.
Triple DES
A technique used to make Data Encryption Standard encryption stronger by applying the algorithm three times.
Tripwires
A mechanism or tool that detects hack attacks and alerts someone, such as an administrator, about the attack.
Trojan Horse
A computer program that appears to have a useful function but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.
Tuxedo
Tuxedo (which stands for Transactions for Unix, Enhanced for distributed Operation) is a middleware product that uses a message-based communications system to distribute applications across various operating system platforms and databases.
Universal Description, Discovery, and Integration (UDDI)
An XML-based registry of services listed in Web services description language format.
UPS
Uninterruptible Power Source
USENET
An e-mail-based discussion system, originally supported by dial-up connections, now usually accessed via TCP/IP.
VAN
Value-Added Network
VIN
Vehicle Identification Number
Virtual Private Network (VPN)
A collection of technologies that creates secure connections via nonsecure networks (such as the Internet).
Virus
A small program that inserts itself into another program when executed and generally produces a detrimental result.
Vulnerability
A weakness in system security procedures, hardware, design, implementation, internal controls, technical controls, physical controls, or other controls that could be accidentally triggered or intentionally exploited and result in a violation of the system's security policy.
W3C
World Wide Web Consortium
WAN
Wide Area Network
War Dialer
A simple database and an automated modem script that dials every phone number in a group designated by the user. After it successfully connects with a modem tone, the war dialer will record the phone number in a database. The hacker can then review the database and select a likely target for a hack attempt.
Wave
A disturbance or variation that transfers energy progressively from point to point in a medium and that may take the form of a variation in electric or magnetic intensity or electric potential.
Wavelength
The disturbance from one point along the progression of a wave to the next point on the wave of corresponding amplitude and phase.
Web Services Description Language (WSDL)
An XML-based standard that is used to describe the types of services that an online business (or justice organization) might offer. WDSL works in conjunction with UDDI.
Web Services for Interactive Applications (WSIA)
OASIS Technical Committee that is working on specifications for Web services for interactive applications.
Web Services Remote Portal (WSRP)
OASIS Technical Committee that is working on specifications for Web services remote portals.
Web Services Security (WS-Security)
A proposed information technology industry standard that addresses security when data is exchanged as part of a Web service.
Wired Equivalent Privacy (WEP)
A combined access control, link privacy, and message integrity system for WLANs.
Wireless Access Protocol (WAP)
A specification for a set of communication protocols to standardize the way that wireless devices, such as cellular telephones and radio transceivers, can be used for Internet access, including e-mail, the World Wide Web, newsgroups, and Internet Relay Chat (IRC).
Wireless Local Area Network (WLAN)
A network of computers or terminals connected by radio frequencies. Wireless LANs were conceived to compliment fixed wired networks. Wireless access points (similar to traditional Ethernet hubs) provide acccess to devices that have wireless network interface cards.
Worm
A program that copies itself from system to system via the network.
WPA2
Wi-Fi Protected Access 2. See IEEE 802.11i.
WPA/RSN
Wi-Fi Protected Access/Robust Security Networks
XML
Extensible Markup Language
XML Key Management Specification (XKMS)
A proposed XML security standard that defines trust issues beyond the XML Signature specification.
Zeroization
A method of erasing electronically stored data by altering the contents of the data storage in order to prevent the recovery of the data.