en
CR
NATIONAL INFORMATION SYSTEMS SECURITY (INFOSEC) TERMS
39
accountability:(IS) Process of tracing IS activities to a responsible source.
accreditation:Formal declaration by a Designated Approving Authority (DAA) that an IS is approved to operate in a particular security mode at an acceptable level of risk, based on the implementation of an approved set of technical, managerial, and procedural safeguards.
authenticate:To verify the identity of a user, user device, or other entity, or the integrity of data stored, transmitted, or otherwise exposed to unauthorized modification in an IS, or to establish the validity of a transmission.
authorization:Access privileges granted to a user, program, or process.
availability:Timely, reliable access to data and information services for authorized users.
checksum:Value computed on data to detect error or manipulation during transmission.
confidentiality:Assurance that information is not disclosed to unauthorized persons, processes, or devices.
countermeasure:Action, device, procedure, technique, or other measure that reduces the vulnerability of an IS.
credentials:Information, passed from one entity to another, used to establish the sending entity’s access rights.
cryptography:Art or science concerning the principles, means, and methods for rendering plain information unintelligible and for restoring encrypted information to intelligible form.
decipher:Convert enciphered text to plain text by means of a cryptographic system.
degaussing:Procedure that reduces the magnetic flux to virtual zero by applying a reverse magnetizing field. Also called demagnetizing.
encrypt:Generic term encompassing encipher and encode
entrapment:Deliberate planting of apparent flaws in an IS for the purpose of detecting attempted penetrations.
firewall:System designed to defend against unauthorized access to or from a private network.
flooding:Type of incident involving insertion of a large volume of data resulting in denial of service.
gateway:Interface providing a compatibility between networks by converting transmission speeds, protocols, codes, or security measures.
granularity:Relative fineness to which an access control mechanism can be adjusted.
hacker:Unauthorized user who attempts to or gains access to an IS.
incident:Assessed occurrence having actual or potentially adverse effects on an IS.
indicator:A recognized action, specific, generalized, or theoretical, that an adversary might be expected to take in preparation for an attack.
intrusion:Unauthorized act of bypassing the security mechanisms of a system.
network:IS implemented with a collection of interconnected nodes.
null:Dummy letter, letter symbol, or code group inserted into an encrypted message to delay or prevent its decryption or to complete encrypted groups for transmission or transmission security purposes.
parity:Bit(s) used to determine whether a block of data has been altered.
Password:Protected/private alphanumeric string used to authenticate an identity or to authorize access to data.
probe:Type of incident involving an attempt to gather information about an IS for the apparent purpose of circumventing its security controls.
protocol:Set of rules and formats, semantic and syntactic, permitting IS’s to exchange information.
proxy:Software agent that performs a function or operation on behalf of another application or system while hiding the details involved.
purging:Rendering stored information unrecoverable. See sanitize.
RED:Designation applied to an IS, and associated areas, circuits, components, and equipment in which unencrypted national security information is being processed.
residue:Data left in storage after information processing operations are complete, but before degaussing or overwriting has taken place.
sanitize:Process to remove information from media such that data recovery is not possible. It includes removing all classified labels, markings, and activity logs.
sniffer:Software tool for auditing and identifying network traffic packets.
spoofing:Unauthorized use of legitimate Identification and Authentication (I&A) data, however it was obtained, to mimic a subject different from the attacker. Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing.
tampering:Unauthorized modification altering the proper functioning of INFOSEC equipment.
TEMPEST:Short name referring to investigation, study, and control of compromising emanations from IS equipment.
threat:Any circumstance or event with the potential to adversely impact an IS through unauthorized access, destruction, disclosure, modification of data, and/or denial of service.
tunneling:Technology enabling one network to send its data via another network’s connections. Tunneling works by encapsulating a network protocol within packets carried by the second network.
unclassified:Information that has not been determined pursuant to E.O. 12958 or any predecessor order to require protection against unauthorized disclosure and that is not designated as classified.
updating:Automatic or manual cryptographic process that irreversibly modifies the state of a COMSEC key, equipment, device, or system.
validation:Process of applying specialized security test and evaluation procedures, tools, and equipment needed to establish acceptance for joint usage of an IS by one or more departments or agencies and their contractors.
variant:One of two or more code symbols having the same plain text equivalent.
virus:Self-replicating, malicious code that attaches itself to an application program or other executable system component and leaves no obvious signs of its presence.
vulnerability:Weakness in an IS, system security procedures, internal controls, or implementation that could be exploited.
NATIONAL INFORMATION SYSTEMS SECURITY (INFOSEC) TERMS
Across:1. | Technology enabling one network to send its data via another network’s connections. Tunneling works by encapsulating a network protocol within packets carried by the second network. | 4. | Set of rules and formats, semantic and syntactic, permitting IS’s to exchange information. | 7. | Information that has not been determined pursuant to E.O. 12958 or any predecessor order to require protection against unauthorized disclosure and that is not designated as classified. | 11. | Deliberate planting of apparent flaws in an IS for the purpose of detecting attempted penetrations. | 13. | To verify the identity of a user, user device, or other entity, or the integrity of data stored, transmitted, or otherwise exposed to unauthorized modification in an IS, or to establish the validity of a transmission. | 15. | Short name referring to investigation, study, and control of compromising emanations from IS equipment. | 17. | Any circumstance or event with the potential to adversely impact an IS through unauthorized access, destruction, disclosure, modification of data, and/or denial of service. | 20. | System designed to defend against unauthorized access to or from a private network. | 21. | Software agent that performs a function or operation on behalf of another application or system while hiding the details involved. | 22. | Unauthorized act of bypassing the security mechanisms of a system. | 23. | Unauthorized use of legitimate Identification and Authentication (I&A) data, however it was obtained, to mimic a subject different from the attacker. Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing. | 24. | Data left in storage after information processing operations are complete, but before degaussing or overwriting has taken place. | 27. | IS implemented with a collection of interconnected nodes. | 28. | One of two or more code symbols having the same plain text equivalent. | 29. | Timely, reliable access to data and information services for authorized users. | 31. | Convert enciphered text to plain text by means of a cryptographic system. | 32. | (IS) Process of tracing IS activities to a responsible source. | 34. | A recognized action, specific, generalized, or theoretical, that an adversary might be expected to take in preparation for an attack. | 35. | Weakness in an IS, system security procedures, internal controls, or implementation that could be exploited. | 36. | Information, passed from one entity to another, used to establish the sending entity’s access rights. | 37. | Formal declaration by a Designated Approving Authority (DAA) that an IS is approved to operate in a particular security mode at an acceptable level of risk, based on the implementation of an approved set of technical, managerial, and procedural safeguards. | 38. | Procedure that reduces the magnetic flux to virtual zero by applying a reverse magnetizing field. Also called demagnetizing. |
| | Down:2. | Dummy letter, letter symbol, or code group inserted into an encrypted message to delay or prevent its decryption or to complete encrypted groups for transmission or transmission security purposes. | 3. | Assessed occurrence having actual or potentially adverse effects on an IS. | 4. | Type of incident involving an attempt to gather information about an IS for the apparent purpose of circumventing its security controls. | 5. | Value computed on data to detect error or manipulation during transmission. | 6. | Software tool for auditing and identifying network traffic packets. | 8. | Unauthorized user who attempts to or gains access to an IS. | 9. | Designation applied to an IS, and associated areas, circuits, components, and equipment in which unencrypted national security information is being processed. | 10. | Bit(s) used to determine whether a block of data has been altered. | 12. | Self-replicating, malicious code that attaches itself to an application program or other executable system component and leaves no obvious signs of its presence. | 14. | Protected/private alphanumeric string used to authenticate an identity or to authorize access to data. | 16. | Rendering stored information unrecoverable. See sanitize. | 18. | Process of applying specialized security test and evaluation procedures, tools, and equipment needed to establish acceptance for joint usage of an IS by one or more departments or agencies and their contractors. | 19. | Art or science concerning the principles, means, and methods for rendering plain information unintelligible and for restoring encrypted information to intelligible form. | 25. | Generic term encompassing encipher and encode | 26. | Action, device, procedure, technique, or other measure that reduces the vulnerability of an IS. | 30. | Interface providing a compatibility between networks by converting transmission speeds, protocols, codes, or security measures. | 33. | Automatic or manual cryptographic process that irreversibly modifies the state of a COMSEC key, equipment, device, or system. |
| |
© 2014
PuzzleFast.com, Noncommercial Use Only
NATIONAL INFORMATION SYSTEMS SECURITY (INFOSEC) TERMS
Across:1. | Technology enabling one network to send its data via another network’s connections. Tunneling works by encapsulating a network protocol within packets carried by the second network. | 4. | Set of rules and formats, semantic and syntactic, permitting IS’s to exchange information. | 7. | Information that has not been determined pursuant to E.O. 12958 or any predecessor order to require protection against unauthorized disclosure and that is not designated as classified. | 11. | Deliberate planting of apparent flaws in an IS for the purpose of detecting attempted penetrations. | 13. | To verify the identity of a user, user device, or other entity, or the integrity of data stored, transmitted, or otherwise exposed to unauthorized modification in an IS, or to establish the validity of a transmission. | 15. | Short name referring to investigation, study, and control of compromising emanations from IS equipment. | 17. | Any circumstance or event with the potential to adversely impact an IS through unauthorized access, destruction, disclosure, modification of data, and/or denial of service. | 20. | System designed to defend against unauthorized access to or from a private network. | 21. | Software agent that performs a function or operation on behalf of another application or system while hiding the details involved. | 22. | Unauthorized act of bypassing the security mechanisms of a system. | 23. | Unauthorized use of legitimate Identification and Authentication (I&A) data, however it was obtained, to mimic a subject different from the attacker. Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing. | 24. | Data left in storage after information processing operations are complete, but before degaussing or overwriting has taken place. | 27. | IS implemented with a collection of interconnected nodes. | 28. | One of two or more code symbols having the same plain text equivalent. | 29. | Timely, reliable access to data and information services for authorized users. | 31. | Convert enciphered text to plain text by means of a cryptographic system. | 32. | (IS) Process of tracing IS activities to a responsible source. | 34. | A recognized action, specific, generalized, or theoretical, that an adversary might be expected to take in preparation for an attack. | 35. | Weakness in an IS, system security procedures, internal controls, or implementation that could be exploited. | 36. | Information, passed from one entity to another, used to establish the sending entity’s access rights. | 37. | Formal declaration by a Designated Approving Authority (DAA) that an IS is approved to operate in a particular security mode at an acceptable level of risk, based on the implementation of an approved set of technical, managerial, and procedural safeguards. | 38. | Procedure that reduces the magnetic flux to virtual zero by applying a reverse magnetizing field. Also called demagnetizing. |
| | Down:2. | Dummy letter, letter symbol, or code group inserted into an encrypted message to delay or prevent its decryption or to complete encrypted groups for transmission or transmission security purposes. | 3. | Assessed occurrence having actual or potentially adverse effects on an IS. | 4. | Type of incident involving an attempt to gather information about an IS for the apparent purpose of circumventing its security controls. | 5. | Value computed on data to detect error or manipulation during transmission. | 6. | Software tool for auditing and identifying network traffic packets. | 8. | Unauthorized user who attempts to or gains access to an IS. | 9. | Designation applied to an IS, and associated areas, circuits, components, and equipment in which unencrypted national security information is being processed. | 10. | Bit(s) used to determine whether a block of data has been altered. | 12. | Self-replicating, malicious code that attaches itself to an application program or other executable system component and leaves no obvious signs of its presence. | 14. | Protected/private alphanumeric string used to authenticate an identity or to authorize access to data. | 16. | Rendering stored information unrecoverable. See sanitize. | 18. | Process of applying specialized security test and evaluation procedures, tools, and equipment needed to establish acceptance for joint usage of an IS by one or more departments or agencies and their contractors. | 19. | Art or science concerning the principles, means, and methods for rendering plain information unintelligible and for restoring encrypted information to intelligible form. | 25. | Generic term encompassing encipher and encode | 26. | Action, device, procedure, technique, or other measure that reduces the vulnerability of an IS. | 30. | Interface providing a compatibility between networks by converting transmission speeds, protocols, codes, or security measures. | 33. | Automatic or manual cryptographic process that irreversibly modifies the state of a COMSEC key, equipment, device, or system. |
| |
© 2014
PuzzleFast.com, Noncommercial Use Only