National Information Assurance Glossary

Last updated

Committee on National Security Systems Instruction No. 4009, National Information Assurance Glossary, published by the United States federal government, is an unclassified glossary of Information security terms intended to provide a common vocabulary for discussing Information Assurance concepts.

Committee on National Security Systems

The Committee on National Security Systems (CNSS) is a United States intergovernmental organization that sets policy for the security of the US security systems.

United States Federal republic in North America

The United States of America (USA), commonly known as the United States or America, is a country comprising 50 states, a federal district, five major self-governing territories, and various possessions. At 3.8 million square miles, the United States is the world's third or fourth largest country by total area and is slightly smaller than the entire continent of Europe's 3.9 million square miles. With a population of over 327 million people, the U.S. is the third most populous country. The capital is Washington, D.C., and the largest city by population is New York City. Forty-eight states and the capital's federal district are contiguous in North America between Canada and Mexico. The State of Alaska is in the northwest corner of North America, bordered by Canada to the east and across the Bering Strait from Russia to the west. The State of Hawaii is an archipelago in the mid-Pacific Ocean. The U.S. territories are scattered about the Pacific Ocean and the Caribbean Sea, stretching across nine official time zones. The extremely diverse geography, climate, and wildlife of the United States make it one of the world's 17 megadiverse countries.

Glossary Alphabetical list of terms relevant to a certain field of study or action

A glossary, also known as a vocabulary or clavis, is an alphabetical list of terms in a particular domain of knowledge with the definitions for those terms. Traditionally, a glossary appears at the end of a book and includes terms within that book that are either newly introduced, uncommon, or specialized. While glossaries are most commonly associated with non-fiction books, in some cases, fiction novels may come with a glossary for unfamiliar terms.

Contents

The glossary was previously published as the National Information Systems Security Glossary (NSTISSI No. 4009) by the National Security Telecommunications and Information Systems Security Committee (NSTISSC). Under Executive Order (E.O.) 13231 of October 16, 2001, Critical Infrastructure Protection in the Information Age, the President George W. Bush redesignated the National Security Telecommunications and Information Systems Security Committee (NSTISSC) as the Committee on National Security Systems (CNSS).

Critical infrastructure protection

Critical infrastructure protection (CIP) is a concept that relates to the preparedness and response to serious incidents that involve the critical infrastructure of a region or nation.

The Information Age is a historic period in the 21st century characterized by the rapid shift from traditional industry that the Industrial Revolution brought through industrialization, to an economy based on information technology. The onset of the Information Age can be associated with William Shockley, Walter Houser Brattain and John Bardeen, the inventors and engineers behind the first transistors, revolutionising modern technologies. With the Digital Revolution, just as the Industrial Revolution marked the onset of the Industrial Age. The definition of what "digital" means continues to change over time as new technologies, user devices, methods of interaction with other humans and devices enter the domain of research, development and market launch.

George W. Bush 43rd president of the United States

George Walker Bush is an American politician and businessman who served as the 43rd president of the United States from 2001 to 2009. He had previously served as the 46th governor of Texas from 1995 to 2000.

The most recent version was revised April 26, 2010. [1]

See also

Related Research Articles

Federal Standard 1037C, titled Telecommunications: Glossary of Telecommunication Terms, is a United States Federal Standard issued by the General Services Administration pursuant to the Federal Property and Administrative Services Act of 1949, as amended.

An audit trail is a security-relevant chronological record, set of records, and/or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event. Audit records typically result from activities such as financial transactions, scientific research and health care data transactions, or communications by individual people, systems, accounts, or other entities.

A protective distribution system (PDS), also called protected distribution system, is a US government term for wireline or fiber-optics telecommunication system that includes terminals and adequate acoustical, electrical, electromagnetic, and physical safeguards to permit its use for the unencrypted transmission of classified information. At one time these systems were called "approved circuits".

In telecommunications, the term system integrity has the following meanings:

  1. That condition of a system wherein its mandated operational and technical parameters are within the prescribed limits.
  2. The quality of an AIS when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
  3. The state that exists when there is complete assurance that under all conditions an IT system is based on the logical correctness and reliability of the operating system, the logical completeness of the hardware and software that implement the protection mechanisms, and data integrity.

The U.S. National Security Agency (NSA) ranks cryptographic products or algorithms by a certification called product types. Product types are defined in the National Information Assurance Glossary which defines Type 1, 2, 3, and 4 products.

Glossary of cryptographic keys

This glossary lists types of keys as the term is used in cryptography, as opposed to door locks. Terms that are primarily used by the U.S. National Security Agency are marked (NSA). For classification of keys according to their usage see cryptographic key types.

The vast majority of the National Security Agency's work on encryption is classified, but from time to time NSA participates in standards processes or otherwise publishes information about its cryptographic algorithms. The NSA has categorized encryption items into four product types, and algorithms into two suites. The following is a brief and incomplete summary of public knowledge about NSA algorithms and protocols.

In computer security, a vulnerability is a weakness which can be exploited by a threat actor, such as an attacker, to perform unauthorized actions within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface.

Software assurance (SwA) is defined as "the level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner."

The National Information Assurance Certification and Accreditation Process (NIACAP) formerly was the minimum-standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. national-security information. NIACAP was derived from the Department of Defense Certification and Accreditation Process (DITSCAP), and it played a key role in the National Information Assurance Partnership.

Information assurance (IA) is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes. Information assurance includes protection of the integrity, availability, authenticity, non-repudiation and confidentiality of user data. It uses physical, technical, and administrative controls to accomplish these tasks. While focused predominantly on information in digital form, the full range of IA encompasses not only digital, but also analog or physical form. These protections apply to data in transit, both physical and electronic forms, as well as data at rest in various types of physical and electronic storage facilities. Information assurance as a field has grown from the practice of information security.

The College of Engineering and Computing, commonly known as CEC, formerly the Graduate School of Computer and Information Sciences, at Nova Southeastern University provides educational programs to prepare students for leadership roles in technology. The college is located on the main campus in Fort Lauderdale, Florida within the Carl DeSantis building. In addition to its regional accreditation by the Commission on Colleges of the Southern Association of Colleges and Schools, NSU has been designated a National Center of Academic Excellence in Information Assurance Education by the U.S. National Security Agency and the United States Department of Homeland Security.

Information technology risk, IT risk, IT-related risk, or cyber risk is any risk related to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale.

In computer security a countermeasure is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken.

Security service is a service, provided by a layer of communicating open systems, which ensures adequate security of the systems or of data transfers as defined by ITU-T X.800 Recommendation.
X.800 and ISO 7498-2 are technically aligned. This model is widely recognized

Information Assurance Technology Analysis Center (IATAC) is a United States Department of Defense (DoD) Government Organization. IATAC is an Information Assurance and Cyber Security (CS) Information Analysis Center (IAC), which is administered by the Defense Technical Information Center (DTIC). IATAC aims to provide knowledge needed to develop network defenses in a timely manner. IATAC has an IA scope including research, acquisition, testing, demonstration, operational implementation or logistics. IATAC provides access to IA/CS, Defensive Information Operations (DIO), and Defensive Information Warfare (DIW) security tools, situational awareness resources, and training.

Spillage of classified information is a contamination of lower level systems with material of a higher classification.

A Master of Science in Information Assurance is a type of postgraduate academic master's degree awarded by universities in many countries. This degree is typically studied for in information assurance.

References

  1. National Information Assurance (IA) Glossary (PDF)
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.