A central point for collection of information that relates to computer security. Including, but not limited to, security advisories from the major vendors, major data breaches, “phishing” alerts, commentary regarding staffing levels. etc. etc.
December 16, 2012 at 12:17 pm #174811
Title:Glossary of Key Information Security Terms (Draft):
NISTIR 7298 Revision 2 (Draft)
Date Dec 6, 2012
The National Institute of Standards and Technology (NIST) has received numerous requests to provide a summary glossary for our publications and other relevant sources, and to make the glossary available to practitioners. As a result of these requests, this glossary of common security terms has been extracted from NIST Federal Information Processing Standards (FIPS), the Special Publication (SP) 800 series, NIST Interagency Reports (NISTIRs), and from the Committee for National Security Systems Instruction 4009 (CNSSI-4009). This glossary includes most of the terms in the NIST publications. It also contains nearly all of the terms and definitions from CNSSI-4009. This glossary provides a central resource of terms and definitions most commonly used in NIST information security publications and in CNSS information assurance publications. For a given term, we do not include all definitions in NIST documents – especially not from the older NIST publications. Since draft documents are not stable, we do not refer to terms/definitions in them.
Each entry in the glossary points to one or more source NIST publications, and/or CNSSI-4009, and/or supplemental sources where appropriate. The NIST publications referenced are the most recent versions of those publications (as of the date of this document).
Cyber Security; Definitions; Glossary; Information Assurance; Information Security; Terms
December 16, 2012 at 12:22 pm #174819
More information and some COMMENTARY from Govinfosecurity.com
NIST Revising Glossary of Infosec Terms
Defined Terms Found in NIST, Defense Dept. Publications
NIST Revising Glossary of Infosec Terms
Looking for a holiday gift for your boss who doesn’t quite understand information security lingo? The National Institute of Standards and Technology has one you can give, and it’s free.
NIST has issued a draft of Interagency Report 7298 Revision 2: NIST Glossary of Key Information Security Terms.
The glossary includes most of the terms found in NIST publications. It also contains nearly all of the terms and definitions from CNSSI-4009, an information assurance glossary issued by the Defense Department’s Committee on National Security Systems, a forum that helps set the federal government’s information assurance policy.
The publication contains 215 pages of definitions, from “Access” – the ability to make use of any information system resource – to “Zone of Control” – a three-dimensional space surrounding equipment that processes classified and/or sensitive information within which TEMPEST exploitation is not considered practical or where legal authority to identify and remove a potential TEMPEST exploitation exists. (TEMPEST is defined as a name referring to the investigation, study and control of compromising emanations from telecommunications and automated information systems equipment.)
December 16, 2012 at 12:23 pm #174817
Some information about providing public comment for the DRAFT version:
This update to NIST Interagency Report (IR) 7298 Revision 1 is open for public comment and deadline to submit comments is January 15, 2013. If you have questions regarding this document, please send email to: [email protected] .
December 16, 2012 at 12:30 pm #174814
As Mentioned in the govinfosecuyrity article
Title: National Information Assurance (IA) Glossary
1. The Committee on National Security Systems (CNSS) Glossary Working Group convened to review and update the National Information Assurance Glossary, CNSSI 4009, dated June 2006. This revision of CNSSI 4009 incorporates many new terms submitted by the CNSS Membership. Most of the terms from the 2006 version of the Glossary remain, but a number of them have updated definitions in order to remove inconsistencies among the communities.
2. The Glossary Working Group set several overall objectives for itself in producing this version:
- Resolve differences between the definitions of terms used by the DOD, IC, and Civil Agencies (NIST Glossary) to enable all three to use the same glossary (and move towards shared documentation and processes).
- Accommodate the transition from Certification and Accreditation (C&A) terms in current use to the terms now appearing in documents produced by the C&A Transformation initiative. Both sets of terms have been included in this update of the glossary.
- Ensure consistency among related and dependent terms.
- Include terms that are important to the risk management goal of C&A transformation and to the concept of information sharing.
- Review existing definitions to reflect, as appropriate a broader enterprise perspective vice a system perspective.
- Strike an appropriate balance between macro terms and micro terms (i.e., include terms that are useful in writing and understanding documents dealing with IA policies, directives, instructions, and guidance, and strike terms that are useful only to specific IA subspecialties).
3. Many cyber terms are coming into vogue and the Glossary Working Group has tried to include significant examples that have a useful distinction when compared to existing Information Assurance terms. A number of terms recommended for inclusion in this version of the glossary were not added – often because they appeared to have a narrow application or they were submitted after the deadline. But the net affect has been to add quite a few new terms to the glossary.
4. When glossary terms have common acronyms, we have noted the acronym with the term and added the acronym to the acronym list. In some instances, there may be several meanings for the same acronym, and in that case we have tried to list all the common IA meanings. Note that some acronyms are self-explanatory, and so there is no definition of these acronyms in the glossary itself.
5. Some terms from the previous version were deleted because they had been previously marked as candidates for deletion (C.F.D.) and no one asked to keep them, many other terms have been updated or added, and some terms are newly identified as C.F.D. If a term that has been deleted or marked as C.F.D. is still of value and needed in your environment, please resubmit the term with a definition based on the following criteria: 1) specific relevance to Information Assurance; 2) economy of words; 3)accuracy; 4) broad applicability; and 5) clarity. Use these same criteria to recommend any changes to existing definitions or to suggest new terms (definitions must be included with any new terms). When recommending a change to an existing definition, please note how that change might affect other terms. In all cases, send your suggestions to the CNSS Secretariat via e-mail or fax at the number found below.
6. We recognize that, to remain useful, a glossary must be in a continuous state of coordination, and we encourage your review and welcome your comments as new terms become significant and old terms fall into disuse or change meaning. The goal of the Glossary Working Group is to keep the Glossary relevant and a tool for commonality among the IA community.
You must be logged in to reply to this topic.