A
An attribute of information that describes how data is protected from disclosure or exposure to unauthorized individuals or systems
Confidentiality
A set of information that could uniquely identify an individual
Personally Identifiable Information (PII)
A graphical representation of the architectural approach widely used in computer and information security
McCumber Cube
An attack that makes use of malware that is not yet known by the anti-malware software companies
Zero-day attack
A legal requirement to make compensation or payment resulting from a loss or injury
Restitution
A hacker of limited skill who uses expertly written software to attack a system
Script kiddie
A form of social engineering, typically conducted via e-mail, in which an organization or some third party indicates that the recipient is due an exorbitant amount of money and needs only a small advance fee or personal banking information to facilitate the transfer
Advance-fee fraud
An adverse event that could result in loss of an information asset or assets, but does not currently threaten the viability of the entire organization
Incident
A component of policy or law that defines an expected end date for its applicability
Sunset clause
A virus that is capable of installing itself in a computer’s operating system, starting when the computer is activated, and residing in the system’s memory even after the host application is terminated
Memory-resident virus
The group of senior managers and project members organized to conduct and lead all CP efforts
Contingency Planning Management Team
An organizational policy that specifies employees must inspect their work areas and ensure that all classified information, documents, and materials are secured at the end of every workday
Clean Desk Policy
The affirmation or guarantee of the confidentiality, integrity, and availability of information in storage, processing, and transmission
Information Assurance
The point in time prior to a disruption or system outage to which mission/business process data can be recovered after an outage
Recovery Point Objective
An authentication card that contains digital user data, such as a personal identification number (PIN), against which user input is compared
Dumb Card
An attribute of information that describes how data is whole, complete, and uncorrupted.
Integrity
An intentional or unintentional act that can damage or otherwise compromise information and the systems that support it
Attack
The amount of effort (expressed as elapsed time) necessary to make the business function operational after the technology element is recovered
Word Recovery Time
Specifications of authorization that govern the rights and privileges of users to a particular information asset
Access Control List
In a cost-benefit analysis, the expected percentage of loss that would occur from a particular attack
Exposure Factor
In information security, a combination of hardware and software that filters or prevents specific information from moving between the outside network and the inside network
Firewall
An assessment of which controls can and cannot occur based on the consensus and relationships among communities of interest
Within TCB, a conceptual piece of the system that manages access controls
Reference Monitor
A systems-specific security policy that expresses management’s intent for the acquisition, implementation, configuration, and management of a particular technology, written from a business perspective
Managerial Guidance SysSP
A private, secure network operated over a public and insecure network
VPN