Security Taxonomy - Anne & Lynn Wheeler

Concepts

access control, assurance, attack, audit, authentication, authorization, automated information system, availability, certification, Common Criteria for Information Technology Security, cryptography, evaluation, identity, key management, privacy, requirements, risk, risk management, security, security target, software development, threat, trust, Trusted Computer System Evaluation Criteria, user,

Terms

*-property: IncludedBy:Bell-LaPadula security model,; PreferredFor:star (*) property,; Related:model,; Synonym:confinement property,
2-factor authentication: IncludedBy:3-factor authentication,
3-factor authentication: IncludedBy:authentication,; Includes:2-factor authentication, authentication information,; Related:biometric authentication, challenge/response, passwords, personal identification number, personal identity verification, proof of possession protocol, tokens,
ABA Guidelines: Related:certificate, digital signature,
abend: Related:failure, test,
abort: Related:failure,
Abrams, Jojodia, Podell essays: Related:security,
Abstract Syntax Notation One: Includes:Basic Encoding Rules, Distinguished Encoding Rules, object identifier,; Related:certificate, public-key infrastructure,
abuse of privilege: IncludedBy:threat,
acceptable level of risk: IncludedBy:threat,; Related:assessment, countermeasure, networks,
acceptable risk: IncludedBy:risk,
acceptable use policy: IncludedBy:policy,; Related:networks,
acceptance criteria: IncludedBy:acceptance procedure,; Related:authorized,
acceptance inspection: IncludedBy:acceptance procedure,; Related:security testing, software, test,
acceptance procedure: IncludedBy:software development, target of evaluation,; Includes:acceptance criteria, acceptance inspection, acceptance testing, object,; Related:control system,
acceptance testing: IncludedBy:acceptance procedure, security testing, test,
access: IncludedBy:access control,; Includes:delete access, execute access, merge access, object, read access, remote access, subject, update access,
access category: IncludedBy:access control,; Related:authorized,
access control: IncludedBy:Automated Information System security, authorization, risk management, security, security-relevant event, trusted computing base, user,; Includes:IT default file protection parameters, Terminal Access Controller Access Control System, access, access category, access control center, access control list, access control mechanism, access control officer, access control service, access level, access list, access mode, access period, access port, access profile, access type, access with limited privileges, accessibility, administrative access, browse access protection, centralized authorization, classified information, component reference monitor, context-dependent access control, controlled access area, controlled access protection, controlled sharing, cookies, default file protection, discretionary access control, entry control, failure access, fetch protection, file protection, file security, file transfer access management, formal access approval, granularity, identity based access control, logged in, logical access, logical access control, login, logoff, logon, mandatory access control, media access control address, multiple access rights terminal, need-to-know, network reference monitor, non-discretionary access control, on-access scanning, partition rule base access control, peer access approval, peer access enforcement, physical access control, privileged, random access memory, remote access software, role-based access control, sandboxed environment, secure state, security kernel, security perimeter, sensitivity label, special access office, special access program, special access program facility, system entry, technical policy, unauthorized access, write access,; Related:Bell-LaPadula model, Bell-LaPadula security model, Clark Wilson integrity model, Defensive Information Operations, Escrowed Encryption Standard, Identification Protocol, Internet Engineering Task Force, Internet Protocol Security Option, Internet Protocol security, Network File System, PIV issuer, POSIX, RA domains, Remote Authentication Dial-In User Service, SOCKS, TCB subset, TOE security functions interface, U.S.-controlled facility, U.S.-controlled space, accreditation range, active wiretapping, adequate security, administrative security, adversary, application, application program interface, application proxy, archiving, attack, audit, audit trail, authenticate, authentication, authorized, availability, availability service, backdoor, bastion host, benign, between-the-lines-entry, boundary, boundary host, breach, buffer overflow, call back, capability, category, classified, clearance, clearance level, client, client server, common gateway interface, communications, compartment, compartmentalization, compartmented mode, computer intrusion, computer security, computer security intrusion, confidentiality, confinement property, controlled security mode, controlled space, covert channel, covert channel analysis, cracker, credentials, critical, critical system, cryptographic application programming interface, cryptographic equipment room, data compromise, data integrity service, data management, dedicated mode, default account, demilitarized zone, demon dialer, denial of service, dictionary attack, directory service, disclosure of information, domain, domain name system, domain parameter, dominated by, dual control, encapsulation, exploit, exploitation, external security controls, external system exposure, extranet, federated identity, federation, fedline, firewall, flooding, formulary, guard, hacker, host, https, hyperlink, hypertext, identification, identification and authentication, identification authentication, identity credential issuer, identity verification, identity-based security policy, impersonation, inadvertent disclosure, individual accountability, individual electronic accountability, inference, information assurance product, information category, information security, information systems security, integrity, interception, interface, internal security controls, internal system exposure, internet service provider, intranet, intruder, intrusion, intrusion detection, intrusion detection tools, kerberos, key recovery, key-escrow, kiosk, labeled security protections, list-oriented, lock-and-key protection system, lockout, logic bomb, logical completeness measure, maintenance hook, major application, malicious intruder, malicious logic, masquerade, masquerading, minimum essential infrastructure, mode of operation, modes of operation, motivation, multilevel mode, multilevel secure, multilevel security, multilevel security mode, national security information, need to know determination, network component, network security, network weaving, networks, no-lone zone, non-discretionary security, noncomputing security methods, operations manager, operator, packet filtering, partitioned security mode, password system, passwords, peer-to-peer communication, penetration, permissions, personal identification number, personnel security, physical and environmental protection, physical security, piggyback, piggyback attack, piggyback entry, point-to-point tunneling protocol, policy, pop-up box, privacy, probe, protected network, protection ring, protection-critical portions of the TCB, proximity, proxy server, real-time reaction, records, reference monitor, reference monitor concept, reference validation mechanism, remote administration tool, repository, resource encapsulation, restricted area, rootkit, rule-based security policy, rules of behavior, ruleset, salt, sampling frame, scoping guidance, screen scraping, secure single sign-on, security clearance, security compromise, security controls, security domain, security incident, security intrusion, security label, security management, security management infrastructure, security policy, security safeguards, security violation, segregation of duties, sensitive compartmented information, sensitive information, signature, simple network management protocol, simple security condition, simple security property, single sign-on, social engineering, software, source program, spoof, spoofing, star (*) property, storage object, subject security level, subset-domain, system high mode, system resources, system software, system-high security mode, tcpwrapper, technological attack, term rule-based security policy, theft, threat, threat consequence, ticket, ticket-oriented, timing attacks, tokens, transaction, trap door, trespass, trojan horse, trust relationship, trusted gateway, trusted identification forwarding, trusted subject, two-person integrity, uniform resource locator, unprotected network, user PIN, verification, virus, vulnerability, web browser cache, website, wide-area network, wireless gateway server, wiretapping, workstation, world wide web,
access control center: IncludedBy:access control,; Related:cryptography, key,
access control list: IncludedBy:access control,; Includes:ACL-based authorization,; PreferredFor:access list,; Related:authorized, communications security,
access control mechanism: IncludedBy:access control,; Related:authorized, software, unauthorized access,
access control officer: IncludedBy:access control,
access control service: IncludedBy:access control,; Related:authorized, unauthorized access,
access level: IncludedBy:access control, security level,; Related:identify,
access list: HasPreferred:access control list,; IncludedBy:access control,; Related:authorized,
access mediation: Related:authorized,
access mode: IncludedBy:access control, automated information system,
access period: IncludedBy:access control,
access port: IncludedBy:access control,
access profile: IncludedBy:access control,
access type: IncludedBy:access control,
access with limited privileges: IncludedBy:access control,
accessibility: IncludedBy:access control,
account aggregation
account authority digital signature: IncludedBy:public-key infrastructure,; Related:authentication,
account fraud: IncludedBy:identity theft,; PreferredFor:account hijacking, account takeover,
account hijacking: HasPreferred:account fraud,
account management
account takeover: HasPreferred:account fraud,
accountability: IncludedBy:security goals,; Includes:automated information system, identification, object, user,; Related:audit, communications security, deterrence, failure, fault isolation, identify, intrusion, intrusion detection, intrusion prevention, minimum essential infrastructure, nonrepudiation, quality, recovery, trust,
accounting legend code: Related:communications security, control system,
accounting number: Related:communications security,
accredit: HasPreferred:accreditation,
accreditation: IncludedBy:certification,; Includes:DoD Information Technology Security Certification and Accreditation Process, National Voluntary Laboratory Accreditation Program, Scope of Accreditation, accreditation authority, accreditation body, accreditation boundary, accreditation disapproval, accreditation multiplicity parameter, accreditation package, accreditation phase, accreditation range, approval/accreditation, automated information system, certification and accreditation, designated approving authority, full accreditation, interim accreditation, interim accreditation action plan, post-accreditation phase, private accreditation exponent, private accreditation information, public accreditation verification exponent, security, site accreditation, system accreditation, type accreditation,; PreferredFor:accredit,; Related:Common Criteria Testing Laboratory, National Information Assurance Partnership, accredited, approved technologies list, approved test methods list, assessment, authorization, cascading, certificate, certificate revocation list, certification phase, certifier, controlled security mode, dedicated security mode, evaluation, external security controls, multilevel security mode, networks, partitioned security mode, pre-certification phase, risk, security evaluation, security testing, site certification, system-high security mode, test, trust, trusted computer system,
accreditation authority: IncludedBy:accreditation,; Related:trust,
accreditation body: IncludedBy:National Information Assurance Partnership, accreditation,
accreditation boundary: IncludedBy:accreditation,; Related:security,; Synonym:security perimeter,
accreditation disapproval: IncludedBy:accreditation,; Related:risk, security,
accreditation multiplicity parameter: IncludedBy:accreditation,
accreditation package: IncludedBy:accreditation,
accreditation phase: IncludedBy:accreditation,; Related:assessment, risk, security,
accreditation range: IncludedBy:accreditation,; Related:access control, computer security, evaluation, networks, risk, security, trust, trusted computer system,
accredited: Related:accreditation, evaluation,
accrediting authority
accuracy: Related:assessment,
ACH debit fraud: IncludedBy:fraud, identity theft,; Related:authorized,
ACL-based authorization: IncludedBy:access control list, authorization,; Includes:distributed computing environment,
acquirer: IncludedBy:Secure Electronic Transaction,; Related:authorization,
acquisition plan: Related:analysis,
acquisition strategy
active attack: IncludedBy:attack,; Related:authentication, impersonation,
active content
active security testing: IncludedBy:security testing,
active wiretapping: IncludedBy:wiretapping,; Related:access control, authorized, communications,
activity analysis: IncludedBy:analysis, security software,
activity-based costing: IncludedBy:business process,
actuator
ad hoc
ad hoc testing: IncludedBy:security testing, test,
ad-lib test: IncludedBy:test,
adaptive predictive coding
add-on security: IncludedBy:security,; Related:software,
address
address indicator group
address of record
address spoofing: IncludedBy:masquerade, spoofing,; Includes:ip spoofing,; Related:impersonation, networks,
adequate security: IncludedBy:security,; Related:access control, authorized, risk, unauthorized access,
administration documentation: IncludedBy:target of evaluation,
administrative access: IncludedBy:access control,; Related:authorized,
administrative security: HasPreferred:procedural security,; IncludedBy:security,; Related:access control, authorized, unauthorized access,
administrator: IncludedBy:target of evaluation,
advanced development model: IncludedBy:software development,
advanced encryption standard: IncludedBy:National Institute of Standards and Technology, symmetric cryptography,; Related:classified, encryption,
advanced intelligence network: IncludedBy:networks,
advanced intelligent network: IncludedBy:networks,
Advanced Mobile Phone Service: IncludedBy:user,
advanced narrowband digital voice terminal
Advanced Research Projects Agency Network: IncludedBy:networks,
advanced self-protection jammer: IncludedBy:communications security,; Related:assurance,
adversary: IncludedBy:security,; Related:access control, threat,
advisory: Related:threat,
agency
agent: Related:attack, intrusion, intrusion detection,
aggregation: Related:security,
aggressive mode: Related:Internet Protocol security,
alarm: Related:countermeasure,
alarm reporting: Related:fault, identification, networks, security software,
alarm surveillance: Related:analysis, fault, networks, security software,
alert: Related:attack, audit, communications security, identify, networks, security,
algorithm: Includes:International Data Encryption Algorithm, Rivest-Shamir-Adelman algorithm, asymmetric algorithm, crypto-algorithm, digital signature algorithm, message digest algorithm 5, secure hash algorithm, symmetric algorithm,; Related:Data Encryption Standard, cryptanalysis, cryptographic key, cryptographic module, cryptography, cyclic redundancy check, initialization vector, key-escrow system, metric,
alias: Related:anonymous, masquerade,
alignment
allowed traffic: Related:bit forwarding rate, ruleset, test,
alternate COMSEC custodian: IncludedBy:communications security,
alternative work site
American institute of certified public accountants
American National Standards Institute: Related:automated information system,
American Standard Code for Information Interchange: Related:automated information system,
analog signal
analysis: Includes:SWOT analysis, activity analysis, analysis of alternatives, boundary value analysis, business impact analysis, cost-risk analysis, cost/benefit, cost/benefit analysis, cost/benefit estimate, covert channel analysis, cryptanalysis, cryptosystem analysis, dynamic analysis, emanations analysis, error analysis, gap analysis, information sharing and analysis center, mutation analysis, network behavior analysis system, requirements analysis, risk analysis, risk reduction analysis, root cause analysis, security fault analysis, security flow analysis, sensitivity analysis, signals analysis, stateful protocol analysis, static analysis, target identification and analysis techniques, threat analysis, traffic analysis, value analysis, vulnerability analysis,; Related:Federal Standard 1027, Integrated CASE tools, SOF-basic, SOF-high, SOF-medium, TCB subset, acquisition plan, alarm surveillance, assessment, black-box testing, break, brute force, brute force attack, business case, chosen-ciphertext attack, chosen-plaintext attack, ciphertext-only attack, code coverage, correctness, countermeasure, cryptology, cryptoperiod, data historian, diagnostics, electronic security, elliptic curve cryptography, emanations security, emissions security, error seeding, evaluation assurance, fault injection, flaw hypothesis methodology, flooding, functional test case design, global requirements, hashed message authentication code, independent validation and verification, instrumentation, intelligence, judgment sample, known-plaintext attack, local requirements, model, national computer security assessment program, network sniffing, one-time pad, privacy impact assessment, reference monitor, reference validation mechanism, risk assessment, risk identification, risk management, security test and evaluation, symbolic execution, system development, system development methodologies, target vulnerability validation techniques, threat event, threat monitoring, traffic flow confidentiality, transmission security, trust, trust level, vulnerability,; Synonym:evaluation, test,
analysis of alternatives: IncludedBy:analysis,
ankle-biter: IncludedBy:threat,
anomaly: Related:bug, failure, fault, software,
anomaly detection: IncludedBy:security software,; Related:countermeasure, intrusion,
anomaly detection model: IncludedBy:model, security policy model,; Related:intrusion,
anonymity: IncludedBy:user,; Related:identification,
anonymous: Related:alias, attack, authorized, privacy, security,
anonymous and guest login: IncludedBy:login,; Related:authentication,
anonymous login: IncludedBy:internet, login,; Related:passwords, threat,
anti-jam: IncludedBy:communications security,
anti-jamming: IncludedBy:communications security,
anti-spoof: Antonym:spoofing,; Related:security software,
antivirus software: IncludedBy:security software, virus,; Related:countermeasure, identify, integrity, intrusion, intrusion detection,
antivirus tools: IncludedBy:virus,; Related:countermeasure,
appendix
applet: Related:world wide web,
applicant
applicant assertion: Related:identity,
application: IncludedBy:software,; Related:access control,
application controls: Related:authorized, security controls,
application data backup/recovery: IncludedBy:availability, backup,
application entity
application gateway firewall: IncludedBy:firewall,
application generator: Related:software,
application level gateway: Related:firewall,; Synonym:application proxy,
application program interface: IncludedBy:security, software,; Related:access control, networks,
application programming interface: Related:software,
application proxy: IncludedBy:firewall, proxy,; Includes:gateway,; Related:access control, audit,; Synonym:application level gateway,
application server attack: IncludedBy:attack,; Related:authorized, availability, compromise, integrity, user,
application software: IncludedBy:software,
application system: Related:automated information system,
application-level firewall: IncludedBy:firewall, security,
approach
approval for service use
approval/accreditation: IncludedBy:accreditation,; Related:TEMPEST, authorization, communications security, evaluation, security, software,
approved
approved technologies list: IncludedBy:Common Criteria Testing Laboratory, National Information Assurance Partnership,; Related:accreditation, computer security, evaluation, test,
approved test methods list: IncludedBy:Common Criteria Testing Laboratory, National Information Assurance Partnership, test,; Related:accreditation, authorized, computer security, evaluation,
architectural design: IncludedBy:software development, target of evaluation,
architecture: Related:user,
archive: IncludedBy:recovery,; Related:audit, backup, certificate, digital signature, integrity, key, public-key infrastructure,; Synonym:archiving,
archiving: Related:access control, backup,; Synonym:archive,
area interswitch rekeying key: IncludedBy:key, rekey,
areas of control
areas of potential compromise: IncludedBy:compromise, vulnerability,; Related:minimum essential infrastructure,
ARPANET: IncludedBy:internet, networks,
as is process model: IncludedBy:model,; Related:baseline, business process,
assessment: Includes:computer incident assessment capability, criticality assessment, independent assessment, national computer security assessment program, privacy impact assessment, qualitative risk assessment, risk assessment, threat assessment, vulnerability assessment, web risk assessment,; Related:Common Criteria for Information Technology Security, Common Criteria for Information Technology Security Evaluation, acceptable level of risk, accreditation, accreditation phase, accuracy, analysis, authorize processing, binding of functionality, certification, certification package, certification phase, cost-risk analysis, deliverable, ease of use, evaluation, evaluation pass statement, evaluator, metric, monitoring and evaluation, operations security, pre-certification phase, process assurance, rating, risk analysis, risk management, scheme, security, security category, security fault analysis, site certification, strength of mechanisms, suitability of functionality, threat monitoring, verification,
asset: IncludedBy:target of evaluation,; Related:countermeasure,
assignment: IncludedBy:protection profile,
association: Related:risk,
assurance: IncludedBy:European Information Technology Security Evaluation Criteria, Federal Criteria for Information Technology Security, evaluation, security, security goals, target of evaluation,; Includes:assurance approach, assurance authority, assurance component, assurance element, assurance level, assurance method, assurance profile, assurance results, assurance scheme, assurance stage, assure, automated information system, confidence, configuration management, development assurance, development assurance component, development assurance package, development assurance requirements, effectiveness, evaluation assurance, evaluation assurance component, evaluation assurance package, evaluation assurance requirements, evidence, high assurance guard, identification and authentication, information assurance, infrastructure assurance, integrity, process assurance, profile assurance, quality assurance, quality assurance/control, rating, robustness, software quality assurance, test,; Related:Common Criteria, advanced self-protection jammer, augmentation, authentication, availability, bebugging, closed security environment, communications deception, component dependencies, component extensibility, component hierarchy, computer security, computing security methods, confidentiality, controlled access protection, data privacy, demilitarized zone, electronic protection, environmental failure protection, error seeding, exploit, extension, fetch protection, file protection, functional protection requirements, hardening, identity, information protection policy, information systems security manager, infrastructure protection, level of protection, lock-and-key protection system, minimum level of protection, network security, nonrepudiation, object, open security environment, package, physical protection, port protection device, privacy protection, product rationale, protection needs elicitation, protection philosophy, protection profile, protection profile family, protection ring, protection-critical portions of the TCB, public-key infrastructure, purge, quality of protection, security evaluation, security objectives, security target, suspicious activity report, trusted computer system, trusted computing system, user, validation,
assurance approach: IncludedBy:assurance,
assurance authority: IncludedBy:assurance,
assurance component: IncludedBy:Common Criteria for Information Technology Security Evaluation, assurance, component,
assurance element: IncludedBy:assurance,
assurance level: IncludedBy:assurance,; Related:confidence, federation,
assurance method: IncludedBy:assurance,
assurance profile: IncludedBy:assurance,; Related:confidence,
assurance results: IncludedBy:assurance,
assurance scheme: IncludedBy:assurance,
assurance stage: IncludedBy:assurance,
assure: IncludedBy:assurance,; Related:ensure,
assured software
asymmetric algorithm: IncludedBy:algorithm, asymmetric cryptography,; Includes:Diffie-Hellman, Rivest-Shamir-Adleman, elliptic curve cryptosystem, private key, public key, public-key cryptography standards,
asymmetric cipher: IncludedBy:asymmetric cryptography, cipher,
asymmetric cryptographic algorithm: IncludedBy:encryption, key,
asymmetric cryptographic technique: IncludedBy:asymmetric cryptography,; Related:cipher, cryptographic system,
asymmetric cryptography: IncludedBy:cryptography,; Includes:asymmetric algorithm, asymmetric cipher, asymmetric cryptographic technique, asymmetric encipherment system, asymmetric encryption algorithm, asymmetric key pair, asymmetric signature system, public key derivation function, public key information, public key system,; Related:authentication, confidentiality, digital signature, encryption, integrity, key,
asymmetric encipherment system: IncludedBy:asymmetric cryptography, cipher, system,
asymmetric encryption algorithm: IncludedBy:asymmetric cryptography,; Related:cipher,
asymmetric key pair: IncludedBy:asymmetric cryptography,
asymmetric keys
asymmetric signature system: IncludedBy:asymmetric cryptography, system,
asynchronous attacks: IncludedBy:attack,
asynchronous communication: IncludedBy:communications,
asynchronous transfer mode: IncludedBy:security,; Related:networks,
attack: Antonym:security software,; IncludedBy:incident, risk, security, threat,; Includes:Attack Sensing and Warning, C2-attack, ICMP flood, IP splicing/hijacking, SYN flood, Star Trek attack, TTY watcher, active attack, application server attack, asynchronous attacks, attack potential, attack signature, attackers, between-the-lines-entry, blended attack, browsing, brute force, brute force attack, check_password, chosen-ciphertext attack, chosen-plaintext attack, ciphertext-only attack, computer intrusion, computer network attack, cut-and-paste attack, cyberattack, data diddling, data driven attack, demon dialer, denial of service, dictionary attack, eavesdropping, eavesdropping attack, electronic attack, flooding, hijack attack, impersonation, insider attack, interleaving attack, keystroke monitoring, killer packets, known-plaintext attack, laboratory attack, leapfrog attack, man-in-the-middle, man-in-the-middle attack, masquerade attack, masquerading, mimicking, nak attack, off-line attack, on-line attack, online guessing attack, pagejacking, passive attack, penetration, perpetrator, phreaking, piggyback attack, ping of death, ping sweep, port scan, reflection attack, replay attack, rootkit, scanning, scavenging, session hijack attack, shoulder surfing, smurf, smurfing, social engineering, spoofing, spoofing attack, subversion, tampering, technical attack, technological attack, terminal hijacking, timing attacks, tunneling attack, warehouse attack, wiretapping,; Related:Diffie-Hellman, POP3 APOP, SOF-basic, SOF-high, SOF-medium, access control, agent, alert, anonymous, attack signature recognition, authentication header, authorization, authorized, availability, bastion host, blinding, checksum, compromise, computer emergency response team/ coordination center, cookies, countermeasure, cryptanalysis, elliptic curve cryptography, entropy, evasion, exploit, flaw hypothesis methodology, guessing entropy, handler, hash function, hijacking, honeypot, impact, indicator, internet, jamming, kerberos, key validation, mailbombing, manipulation detection code, min-entropy, networks, nonce, pharming, precursor, privacy system, protected checksum, remote administration tool, risk value, salt, scenario, security audit, security management infrastructure, signature, strength of a requirement, strength of function, strength of mechanisms, survivability, threat consequence, tiger team, traceability, trusted process, victim, vulnerability, vulnerability assessment, zombie,
attack potential: IncludedBy:attack,
Attack Sensing and Warning: IncludedBy:attack,; Related:authorized,
attack signature: IncludedBy:attack, attack signature recognition,; Related:audit,
attack signature recognition: IncludedBy:security software,; Includes:attack signature, virus signature,; Related:attack,
attackers: IncludedBy:attack,; Related:min-entropy,
attribute: Related:quality,
attribute authority: IncludedBy:public-key infrastructure,; Related:certificate, trust,
attribute certificate: IncludedBy:certificate,; Related:cryptography, digital signature, identification, key,
attribute sampling
audit: IncludedBy:security,; Includes:audit charter, audit data, audit plan, audit program, audit record, audit service, audit software, audit trail, audit/review, auditing tool, computer operations, audit, and security technology, computer-assisted audit technique, information systems audit and control association, information systems audit and control foundation, multihost based auditing, security audit, test, vulnerability audit,; Related:Identification Protocol, access control, accountability, alert, application proxy, archive, attack signature, confidence, distributed computing environment, functional component, gap analysis, host based, identify, independence, intrusion detection, intrusion detection system, key management, key-escrow, keystroke monitoring, login, network based, network component, population, sas 70 report, secure single sign-on, security features, security software, sniffer, system security officer, threat monitoring, trust, vulnerability analysis, work program,
audit charter: IncludedBy:audit,
audit data: IncludedBy:audit,
audit plan: IncludedBy:audit,
audit program: IncludedBy:audit,
audit record: IncludedBy:audit,
audit service: IncludedBy:audit,
audit software: IncludedBy:audit, software,
audit trail: IncludedBy:audit, threat monitoring,; Includes:automated information system, console logs, security audit trail,; Related:access control, authorized, communications security, computer security, evidence, login, user,; Synonym:logging,
audit/review: IncludedBy:audit,; Related:identify,
auditing tool: IncludedBy:audit,; Related:networks, passwords,
augmentation: Related:assurance,
authentic signature: Related:digital signature, trust,
authenticate: IncludedBy:authentication,; Related:access control, authorized, certificate, digital signature, identity, integrity, networks, public-key infrastructure, user,
authentication: IncludedBy:quality of protection, security,; Includes:3-factor authentication, Challenge Handshake Authentication Protocol, Challenge-Response Authentication Mechanism, Data Authentication Algorithm, Distributed Authentication Security Service, Extensible Authentication Protocol, Password Authentication Protocol, SAML authentication assertion, Simple Authentication and Security Layer, authenticate, authentication code, authentication data, authentication exchange, authentication header, authentication header protocol, authentication protocol, authentication service, authentication system, authentication token, authentication tools, biometric authentication, challenge and reply authentication, data authentication code, data authentication code vs. Data Authentication Code, data origin authentication, data origin authentication service, electronic authentication, entity authentication, entity authentication of A to B, explicit key authentication from A to B, identification, identification authentication, implicit key authentication from A to B, key authentication, logon, low-cost encryption/authentication device, message authentication code, mutual authentication, mutual entity authentication, peer entity authentication, peer entity authentication service, privacy, authentication, integrity, non-repudiation, simple authentication, source authentication, strong authentication, unilateral authentication,; Related:COMSEC control program, COMSEC equipment, Diffie-Hellman, FIPS approved security method, Generic Security Service Application Program Interface, IMAP4 AUTHENTICATE, IP splicing/hijacking, IPsec Key Exchange, IT security, Internet Engineering Task Force, Internet Protocol security, Internet Security Association and Key Management Protocol, Lightweight Directory Access Protocol, OAKLEY, POP3 APOP, POP3 AUTH, Post Office Protocol, version 3, Rivest-Shamir-Adleman, S/Key, SOCKS, Secure Electronic Transaction, Terminal Access Controller Access Control System, The Exponential Encryption System, X.509, access control, account authority digital signature, active attack, anonymous and guest login, assurance, asymmetric cryptography, authenticity, authorization, authorized, biometric measurement, biometrics, call back, certificate policy, certificate revocation list, certificate status responder, certification authority digital signature, challenge-response protocol, challenge/response, claimant, code, common data security architecture, communications security, computer cryptography, confidence, credentials, critical security parameters, crypto-algorithm, cryptographic key, data integrity service, data key, defense-wide information assurance program, dictionary attack, digital id, digital signature, distributed computing environment, domain name system, dongle, eavesdropping attack, electronic credentials, encapsulating security payload, entity, exchange multiplicity parameter, fingerprint, fraud, handshaking procedures, hash function, impersonation, individual electronic accountability, information assurance, information systems security, integrity, interleaving attack, keyed hash, keyed hash algorithm, keying material, man-in-the-middle, man-in-the-middle attack, masquerading, message integrity code, network component, non-repudiation service, nonce, nonrepudiation, object, off-line attack, on-line attack, one-time passwords, origin authenticity, passive attack, password system, passwords, point-to-point protocol, practice statement, pretty good privacy, privacy enhanced mail, proof of possession protocol, protection suite, proxy, proxy server, public-key forward secrecy, public-key infrastructure, realm, registration, registration authority, replay attack, sandboxed environment, secret, secure shell, secure socket layer, secure sockets layer, security assertion mark-up language, security association identifier, security controls, security mechanism, session hijack attack, shared secret, simple network management protocol, single sign-on, software, spoofing, symmetric key, system entity, system entry, test, third party trusted host model, tokens, transport layer security, trust, trusted third party, user, user identifier, validate vs. verify, verifier, verifier impersonation attack, vulnerability, zero-knowledge password protocol,
authentication code: IncludedBy:authentication,; Related:cryptography, encryption, integrity, software,
authentication data: IncludedBy:authentication,; Related:identity,
authentication exchange: IncludedBy:authentication,; Related:identity,
authentication header: IncludedBy:Internet Protocol security, authentication, security protocol,; Related:attack, confidentiality, integrity,; Synonym:authentication header protocol,
authentication header protocol: IncludedBy:authentication,; Related:Internet Protocol security,; Synonym:authentication header,
authentication information: IncludedBy:3-factor authentication,; Related:identity,
authentication protocol: IncludedBy:authentication,; Related:identity,
authentication service: IncludedBy:authentication,; Related:identity, networks,
authentication system: IncludedBy:authentication, system,; Related:cryptographic system, cryptography,
authentication token: IncludedBy:authentication, tokens,
authentication tools: IncludedBy:authentication, security software,
authenticator: Related:identity,
authenticity: IncludedBy:integrity,; Related:authentication, confidence, identity, trust,
authority: Related:certificate, certification, public-key infrastructure,
authority certificate: IncludedBy:certificate,; Related:certification,
authority revocation list: Related:certificate, key,
authorization: IncludedBy:user,; Includes:ACL-based authorization, access control, authorization to process, authorize processing, authorized, delegation, list-oriented, multilevel security, need to know determination, permissions, pre-authorization, privilege, regrade, secure single sign-on, system security authorization agreement, ticket-oriented,; Related:Bell-LaPadula security model, Identification Protocol, RA domains, Remote Authentication Dial-In User Service, Simple Public Key Infrastructure/Simple Distributed Security Infrastructure, accreditation, acquirer, approval/accreditation, attack, authentication, category, certificate update, closed security environment, covert channel, cracker, credentials, dedicated security mode, eavesdropping, hacker, identity, insider, interface control document, interim accreditation, internal system exposure, intruder, intrusion, intrusion detection, key-escrow system, management controls, mode of operation, modes of operation, multilevel secure, multilevel security mode, open security environment, partitioned security mode, passwords, payment gateway, periods processing, personality label, personnel security, privilege management infrastructure, registration, risk index, risk management, security, security assertion mark-up language, security clearance, security intrusion, security management infrastructure, simple network management protocol, system-high security mode, trojan horse, trust, user partnership program, vulnerability,
authorization to process: IncludedBy:authorization,
authorize processing: IncludedBy:authorization,; Related:assessment, risk,
authorized: IncludedBy:authorization,; Includes:authorized person, authorized user, authorized vendor, authorized vendor program, unauthorized disclosure,; Related:ACH debit fraud, Attack Sensing and Warning, Automated Information System security, Bell-LaPadula model, Bell-LaPadula security model, COMSEC equipment, COMSEC facility, Escrowed Encryption Standard, FIPS PUB 140-1, IP splicing/hijacking, IS related risk, IT security database, IT security incident, IT-related risk, PIV issuer, SOCKS, Simple Public Key Infrastructure/Simple Distributed Security Infrastructure, U.S.-controlled facility, U.S.-controlled space, acceptance criteria, access category, access control, access control list, access control mechanism, access control service, access list, access mediation, active wiretapping, adequate security, administrative access, administrative security, anonymous, application controls, application server attack, approved test methods list, attack, audit trail, authenticate, authentication, automated security incident measurement, availability, between-the-lines-entry, browse access protection, call back, call back security, capability, certification, certification authority, change control and life cycle management, classified, classified information, clearance, client server, communications security, compromise, compromised key list, computer abuse, computer intrusion, computer security intrusion, confidentiality, configuration control, control zone, controlled access area, controlled space, covert channel, covert channel analysis, critical system, cryptography, cryptoperiod, data compromise, data confidentiality, data confidentiality service, data integrity, data integrity service, data security, deception, deliberate exposure, demon dialer, denial of service, designated, designated laboratories list, disaster plan, disclosure of information, discretionary access control, downgrade, eavesdropping, egress point, electronic security, emanations security, emissions security, encryption, entry control, exposure, extranet, failure access, false acceptance rate, falsification, fetch protection, file protection, file security, firewall, fishbowl, frequency hopping, guard, hacker, hacking, honeypot, human error, identity, impact, impersonation, implant, inadvertent disclosure, inference, information assurance product, information security, information systems security, insertion, insider, integrity, integrity policy, intelligence activities, interception, internal security controls, intranet, intrusion, intrusion detection, intrusion detection system, intrusion detection tools, issuer, key distribution service, key recovery, leakage, least privilege, list-oriented, logic bomb, logical access, logical access control, logoff, logon, major application, malicious applets, malicious code, malicious logic, malicious program, malware, masquerade, masquerading, media protection, misappropriation, mission critical, mode of operation, modes of operation, motivation, national security information, need to know determination, network security, no-lone zone, open storage, operational data security, overt channel, passive, passive attack, passive threat, passwords, penetration, permissions, phage, physical and environmental protection, physical security, piggyback, piggyback entry, privacy, privileged access, privileged process, probe, protected network, protection ring, regrade, remote access, risk, rogue device, safeguarding statement, scavenging, secrecy policy, secret, secure state, security, security compromise, security incident, security violation, segregation of duties, sensitive information, session hijacking, signature, social engineering, split knowledge, sponsor, spoof, spoofing, subcommittee on Automated Information System security, subcommittee on telecommunications security, subject, substitution, superuser, system integrity, system integrity service, system security officer, system-high security mode, tamper, tamper resisting, tampering, tcpwrapper, theft of data, theft of functionality, theft of service, threat, ticket-oriented, time bomb, traditional INFOSEC program, trespass, trojan horse, trusted agent, trusted computing base, trusted identification forwarding, two-person control, two-person integrity, unclassified, unforgeable, user representative, usurpation, violation of permissions, vulnerability,
authorized person: IncludedBy:authorized,; Related:classified,; Synonym:authorized user,
authorized user: IncludedBy:authorized,; Synonym:authorized person,
authorized vendor: IncludedBy:authorized,; Related:cryptography,
authorized vendor program: IncludedBy:authorized,
authorizing official: Related:risk,
auto-manual system: IncludedBy:system,
automated clearing house
automated data processing: HasPreferred:automated information system,
automated data processing security: HasPreferred:Automated Information System security,
automated data processing system: IncludedBy:automated information system, system,; Related:software,
automated information system: IncludedBy:accountability, accreditation, assurance, audit trail, certification, declassification of AIS storage media, designated approving authority, modes of operation, security, system,; Includes:Automated Information System security, CPU time, International organization for standardization, access mode, automated data processing system, bastion host, batch mode, batch processing, big-endian, bit, byte, central processing unit, centralized data processing, client server, computer abuse, data, data administration, data aggregation, data architecture, data contamination, data control language, data definition language, data dictionary, data flow diagram, data input, data management, data manipulation language, data processing, data reengineering, data storage, data structure, data validation, database administration, debugging, direct memory access, distributed data processing, distributed processing, fail soft, front-end processor, host, host based, host to front-end protocol, host-based firewall, information architecture, information center, information engineering, information environment, information flow, information operations, information ratio, information technology, information technology system, interface control unit, life cycle management, logical system definition, master file, memory scavenging, million instruction per second, multihost based auditing, networks, random access memory, remote job entry, remote terminal emulation, screened host firewall, workstation,; PreferredFor:IT system, automated data processing,; Related:American National Standards Institute, American Standard Code for Information Interchange, PCMCIA, application system, backus-naur form, computer, data synchronization, digital document, direct access storage device, extended industry standard architecture, fiber distributed data interface, frame relay, industry standard architecture, input/output, language, laptop computer, large scale integration, legacy data, logged in, network protocol stack, nibble, object code, object-oriented programming, personal computer, personal computer memory card international association, personal digital assistant, read-only memory, remote procedure call, reusability, rotational delay, safety-critical software, screen scraping, software, standard generalized markup language, structured query language, system resources, workflow, workload,
Automated Information System security: IncludedBy:automated information system, risk management, subcommittee on Automated Information System security, system,; Includes:IT Security Evaluation Criteria, IT Security Evaluation Methodology, IT security, IT security certification, access control, communications security, emissions security, physical security, security safeguards,; PreferredFor:automated data processing security,; Related:authorized, denial of service, security software, software,; Synonym:computer security,
automated key distribution: IncludedBy:key, key management,; Related:networks,
automated key management center: IncludedBy:key,
automated key management system: IncludedBy:key, system,
automated logon sequences: IncludedBy:logon,; Related:user,
automated office support systems: IncludedBy:system,
automated security incident measurement: IncludedBy:incident, security software,; Related:authorized, networks,
automated security monitoring: IncludedBy:risk management, security software,; Related:classified, software,
automatic digital network: IncludedBy:networks,
automatic key distribution center: IncludedBy:key,
automatic key distribution/rekeying control unit: IncludedBy:key, rekey,
automatic log-on
automatic remote rekeying: IncludedBy:key, rekey,
autonomous message switch
auxiliary power unit
auxiliary vector
availability: IncludedBy:risk management, security, security goals,; Includes:application data backup/recovery, availability of data, availability service, business continuity plan, business impact analysis, contingency planning, continuity of operations, environmentally controlled area, fire barrier, fire suppression system, object, privacy, authentication, integrity, non-repudiation, recovery, system retention/backup, token backup,; Related:Common Criteria for Information Technology Security, IT security, IT security controls, IT security incident, National Computer Security Center, access control, application server attack, assurance, attack, authorized, computer abuse, computer emergency response team, computer related controls, computer security, critical, defense-in-depth, defense-wide information assurance program, denial of service, entry-level certification, failure, fault tolerant, hardening, high-impact system, impact, incident, information assurance, information security, intrusion, levels of concern, line managers, low-impact system, maintainability, malware, mid-level certification, minimum essential infrastructure, mirroring, moderate-impact system, post-accreditation phase, potential impact, redundant control server, reliability, remediation, requirements for procedures and standards, resource starvation, retro-virus, security category, security controls, security event, security policy, security requirements, simple network management protocol, software, token management, top-level certification, trustworthy system, turnaround time, uniform resource name, user, vaulting, vulnerability,
availability of data: IncludedBy:availability,; Related:user,
availability service: IncludedBy:availability,; Related:access control,
back up vs. backup: IncludedBy:backup, contingency plan,
backdoor: IncludedBy:malicious code,; Related:access control, login, privileged, risk, security, software,; Synonym:trap door,
backup: IncludedBy:recovery,; Includes:application data backup/recovery, back up vs. backup, backup generations, backup operations, backup plan, backup procedures, card backup, system retention/backup, token backup,; Related:archive, archiving, contingency plan, contingency planning, fallback procedures, key recovery, mirroring, operations manager, redundancy, redundant control server, remediation, retro-virus, security event, token management, vaulting,
backup generations: IncludedBy:backup, contingency plan,
backup operations: IncludedBy:backup, contingency plan,; Related:business process,
backup plan: IncludedBy:backup, contingency plan,
backup procedures: IncludedBy:backup, recovery,; Related:failure,
backus-naur form: Related:automated information system,
baggage: IncludedBy:Secure Electronic Transaction,; Related:encryption,
bandwidth: PreferredFor:information rate,; Related:channel capacity, communications, networks,
bank identification number: IncludedBy:Secure Electronic Transaction, identification,; Related:identify,
banking and finance: IncludedBy:critical infrastructures,
banner
banner grabbing
bar code
barograph
barometer
baseline: IncludedBy:security,; Includes:baseline architecture, baseline controls, baseline management, baselining, security requirements baseline,; Related:as is process model, interface control document, release, revision, security target, site accreditation, software, software library, software system test and evaluation process, version,
baseline architecture: IncludedBy:baseline,
baseline controls: IncludedBy:baseline,; Related:security controls,
baseline management: IncludedBy:baseline, configuration management,; Related:identify,
baselining: IncludedBy:baseline,
basic component: IncludedBy:component,
Basic Encoding Rules: IncludedBy:Abstract Syntax Notation One,; Includes:Distinguished Encoding Rules,
bastion host: IncludedBy:automated information system, firewall,; Related:access control, attack, networks, software,
batch mode: IncludedBy:automated information system,
batch process: Related:subject,
batch processing: IncludedBy:automated information system,
bebugging: Related:assurance, test,; Synonym:error seeding,
Bell-LaPadula model: HasPreferred:Bell-LaPadula security model,; Related:access control, authorized, classified,
Bell-LaPadula security model: IncludedBy:formal security policy model, model, security model,; Includes:*-property, lattice, lattice model, object, simple security condition, simple security property, subject, tranquility, trusted subject,; PreferredFor:Bell-LaPadula model, tranquility property,; Related:access control, authorization, authorized, classification level, classified, computer security, confinement property,
benchmark: Related:business process, evaluation, software, test,
benchmarking: Related:identify, quality,
benign: Related:access control, compromise, countermeasure, cryptography,
benign environment: Related:countermeasure, security,
best practices: IncludedBy:risk management,; Related:business process, identify, recommended practices,
between-the-lines-entry: IncludedBy:attack,; Includes:piggyback,; Related:access control, authorized, unauthorized access,
beyond A1: IncludedBy:trusted computer system,; Related:evaluation, security,
bias
Biba Integrity model: IncludedBy:formal security policy model, integrity, model,; Synonym:Biba model,
Biba model: IncludedBy:model,; Related:integrity, trust,; Synonym:Biba Integrity model,
big-endian: IncludedBy:automated information system,
bilateral trust: IncludedBy:public-key infrastructure, trust,; Related:business process,
bill payment: Related:internet,
bill presentment: Related:internet,
bind: Related:certificate, digital signature, key, public-key infrastructure,
binding: Related:cryptography, identity, key, security, trust,
binding of functionality: IncludedBy:target of evaluation,; Related:assessment, security,
binding of security functionality: IncludedBy:security,
biometric authentication: IncludedBy:authentication, biometrics,; Includes:thumbprint,; Related:3-factor authentication,
biometric information: IncludedBy:biometrics,
biometric measurement: IncludedBy:biometrics,; Related:authentication, identity, user,
biometric system: IncludedBy:biometrics,; Related:identity, user,
biometric template: IncludedBy:biometrics,
biometrics: IncludedBy:security,; Includes:biometric authentication, biometric information, biometric measurement, biometric system, biometric template, capture, comparisons, false acceptance rate, match, minutiae,; Related:authentication, identify, identity,
bit: IncludedBy:automated information system,
bit error rate: Related:communications,
bit forwarding rate: Related:allowed traffic, goodput, illegal traffic, rejected traffic, test, unit of transfer,
BLACK: Related:cipher, classified, communications security, cryptography, security,
black-box testing: IncludedBy:security testing, test,; Related:analysis, functional test case design, functional testing, software, stress testing,
blacklist: Related:threat,
blended attack: IncludedBy:attack,
blinding: Related:attack,
block
block chaining: Related:cipher,; Synonym:cipher block chaining,
block cipher: IncludedBy:cipher,; Related:encryption, key,
block cipher key: IncludedBy:cipher, key,
Blowfish: IncludedBy:symmetric cryptography,; Related:cipher, key,
blue box devices: IncludedBy:threat,
blue team: Related:security, security testing,
bomb: IncludedBy:threat,; Related:failure, software,
boot sector virus: IncludedBy:virus,
bounce: Related:email,
boundary: Related:access control,
boundary host: Related:access control,
boundary value: Related:stress testing,
boundary value analysis: IncludedBy:analysis,; Related:security testing, test,
boundary value coverage: Related:test,
boundary value testing: IncludedBy:security testing, test,
branch coverage: Related:test,
brand: IncludedBy:Secure Electronic Transaction,; Related:networks,
brand certification authority: IncludedBy:Secure Electronic Transaction, public-key infrastructure,; Related:certification,
brand CRL identifier: IncludedBy:Secure Electronic Transaction, public-key infrastructure,; Related:digital signature,
breach: IncludedBy:threat,; Related:access control, penetration, security,
break: Related:analysis, cryptography, encryption, key, networks,
brevity list
bridge: Related:router,
British Standard 7799: Related:certification, security,
broadband network: IncludedBy:networks,
broadcast
brouters: Related:networks,
browse acce