TRENDING:

NIST Updates Glossary of Security Terms

Some 1,500 Terms Found in IT Security Guidance Eric Chabrow (GovInfoSecurity) • June 13, 2013    
NIST Updates Glossary of Security Terms

If you want to be in the know about cybersecurity, consider getting the latest publication from the National Institute of Standards and Technology, the second revision of Interagency Report 7298: Glossary of Key Information Security Terms.

See Also: JavaScript and Blockchain: Technologies You Can't Ignore

Besides providing some 1,500 definitions, the glossary offers a source for each term from either a NIST or Committee for National Security Systems publication. The committee is a forum of government agencies that issues guidance aimed at protecting national security systems.

The definitions include common ones such as data, "a subset of information in an electronic format that allows it to be received or transmitted," as well as more obscure ones such as inspectable space, "three-dimensional space surrounding equipment that processes classified and/or sensitive information within which TEMPEST exploitation is not considered practical or where legal authority to identify and remove a potential tempest exploitation exists. Synonymous with zone of control."

TEMPEST is defined in the glossary as "a name referring to the investigation, study and control of unintentional compromising emanations from telecommunications and automated information systems equipment."

In the News

The glossary includes terms commonly seen in the news, such as denial of service, "the prevention of authorized access to resources or the delaying of time-critical operations," and hacker, "unauthorized user who attempts to or gains access to an information system."

Also among the definitions is IT security jargon such as the term Easter egg, "a hidden functionality within an application program, which becomes activated when an undocumented, and often convoluted, set of commands and keystrokes are entered. Easter eggs are typically used to display the credits for the development team and are intended to be nonthreatening."

As Editor Richard Kissel explains in the publication's introduction, NIST created the glossary after receiving numerous requests from practitioners to explain the terms used in NIST's information security guidance. "As we are continuously refreshing our publication suite; terms included in the glossary come from our more recent publications," Kissel writes. "It is our intention to keep the glossary current by providing updates online."

Updated versions will be posted at NIST's Computer Security Resource Center website.

Previous
NSA Won't Jettison Contractors, Yet
Next
FDA Drafts Medical Device Security Guide

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.



Around the Network

Whistleblowing Brings Visibility to the Role of CISOs
Whistleblowing Brings Visibility to the Role of CISOs
Craig Box of ARMO on Kubernetes and Complexity
Craig Box of ARMO on Kubernetes and Complexity
Are We Doomed? Not If We Focus on Cyber Resilience
Are We Doomed? Not If We Focus on Cyber Resilience
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
How 2U Inc. Is Fortifying Its Systems and Solutions Designs
Showing Evidence of 'Recognized Security Practices'
Showing Evidence of 'Recognized Security Practices'
David Derigiotis on the Complex World of Cyber Insurance
David Derigiotis on the Complex World of Cyber Insurance
Organization-Wide Passwordless Orchestration
Organization-Wide Passwordless Orchestration
Protecting the Hidden Layer in Neural Networks
Protecting the Hidden Layer in Neural Networks
Securing the SaaS Layer
Securing the SaaS Layer
The Persisting Risks Posed by Legacy Medical Devices
The Persisting Risks Posed by Legacy Medical Devices

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.