Vocab Week 2 Flashcards
Assurance Level
a rank on a hierarchical scale that judges the confidence someone can have that a TOE [target of evaluation] adequately fulfills stated security reqs
Adversary
an entity that attacks a system
Coordinated Universal Time
UTC is derived from international atomic time [TAI] by adding a number of leap seconds. The international bureau of weights and measures computes TAI once each month by averaging data from many labs
Correctness proof
mathematical proof of consistency between a specification for system security and the implementation of that specification
corruption
A type of threat action that undesirably alters system operation by adversely modifying system functions or data
information system
An organized assembly of computing and communication resources and procedures – i.e. equipment and services together with their supporting infrastructure, facilities and personnel – that create, collect, record, process, store, transport, retrieve, display, disseminate, control or dispose of information to accomplish a specified set of functions
mutual suspicion
the state the exists between two interacting systems entities in which neither entity can trust the other to function correctly with regard to some security requirement
National Security System
Any gov- operated information system for which the function, operation, or use
a) involves intelligence activities
b) involves cryptologic activities related to national security
c) involves command and control of military forces
d) involves equipment that is an integral part of a weapon on weapon system
e) is critical to the direct fulfillment of military or intelligence missions and does not include a system that is to used or routine administrate and business applications
Penetration Test
A system test often part of system certification, in which evaluators attempt to circumvent the security features of a system
policy
Plan or course of action that is stated for a system or organization and is intended to affect and direct the decisions and deeds of that entity’s component or members
a definite goal, course, or method of action to guide and determine present and future decisions that is implemented or executed within a particular context
privacy
The right of an entity acting in its own behalf to determine the degree to which it will interact with its environment including the degree to which the entity is willing to share its personal information with others
Reference monitor
an access control concept that refers to an abstract machine that mediates all accesses to objects by subjects
security by obscurity
Attempting to maintain or increase security of a system by keeping secret the design or construction of a security mechanism
security controls
The management, operational and technical controls [safeguards, or countermeasures] prescribed for an information system which, taken together, satisfy the specified security requirements and adequately protect the confidentiality, integrity and availability of the stem and its information
security event
An occurrence in a system that is relevant to the security of the system
