- Adequate Security - Security commensurate with the risk and the magnitude of harm resulting from the loss, misuse or unauthorized access to or modification of information. Source: OMB Circular A-130
- Administrative Controls - Controls implemented through policy and procedures. Examples include access control processes and requiring multiple personnel to conduct a specific operation. Administrative controls in modern environments are often enforced in conjunction with physical and/or technical controls, such as an access-granting policy for new users that requires login and approval by the hiring manager.
- Adverse Events - Events with a negative consequence, such as system crashes, network packet floods, unauthorized use of system privileges, defacement of a web page or execution of malicious code that destroys data.
- Application Programming Interface (API) - A set of routines, standards, protocols, and tools for building software applications to access a web-based software application or web tool.
- Application Server - A computer responsible for hosting applications to user workstations. NIST SP 800-82 Rev.2
- Artificial Intelligence - The ability of computers and robots to simulate human intelligence and behavior.
- Asset Anything of value that is owned by an organization. Assets include both tangible items such as information systems and physical property and intangible assets such as intellectual property.
- Asymmetric Encryption - An algorithm that uses one key to encrypt and a different key to decrypt the input plaintext.
- Audit Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures. NIST SP 1800-15B
- Authentication The act of identifying or verifying the eligibility of a station, originator, or individual to access specific categories of information. Typically, a measure designed to protect against fraudulent transmissions by establishing the validity of a transmission, message, station or originator.
- Authorization - The right or a permission that is granted to a system entity to access a system resource. NIST 800-82 Rev.2
- Availability Ensuring timely and reliable access to and use of information by authorized users.
- Baseline - A documented, lowest level of security configuration allowed by a standard or organization.
- Biometric Biological characteristics of an individual, such as a fingerprint, hand geometry, voice, or iris patterns.
- Bit The most essential representation of data (zero or one) at Layer 1 of the Open Systems Interconnection (OSI) model.
- Bot Malicious code that acts like a remotely controlled “robot” for an attacker, with other Trojan and worm capabilities.
- Breach - The loss of control, compromise, unauthorized disclosure, unauthorized acquisition or any similar occurrence where: a person other than an authorized user accesses or potentially accesses personally identifiable information; or an authorized user accesses personally identifiable information for other than an authorized purpose. Source: NIST SP 800-53 Rev. 5
- Broadcast - Broadcast transmission is a one-to-many (one-to-everyone) form of sending internet traffic.
- Business Continuity (BC) Actions, processes and tools for ensuring an organization can continue critical operations during a contingency.
- Business Continuity Plan (BCP) - The documentation of a predetermined set of instructions or procedures that describe how an organization’s mission/business processes will be sustained during and after a significant disruption.