Menu

You are here

Home » Enterprise Technology Dictionary » Find Terms by Related Policy or Standard » Find Terms by Related Policy or Standard - Securing Information Technology Assets Standards

Find Terms by Related Policy or Standard - Securing Information Technology Assets Standards

Malicious Code

Definition:

Software (such as a Trojan horse) that appears to perform a useful or desirable function, but actually gains unauthorized access to system resources or tricks a user into executing other malicious logic.

Theme(s):
Information Security, Enterprise Architecture

Malware

Definition:

A general term coined for all forms malicious software including but limited to computer viruses, worms, Trojan horses, most rootkits, spyware, dishonest adware, crimeware and other malicious and unwanted software.

Theme(s):
Information Security, Enterprise Architecture

Mobile Device

Definition:

Any hand-portable device capable of text, voice, email, instant messaging (“IM”), photo messaging or other types of data communication. This policy is not meant to apply to: cars, boats, airplanes, laptop computers, desktop computers, unpiloted aerial vehicles (drones), gps receivers, radios

Theme(s):
General IT, Information Security, Infrastructure Management, Enterprise Architecture

Multi-factor Authentication

Definition:

A security system or mechanism in which more than one form of authentication is implemented to verify the legitimacy of a transaction. In contrast, single factor authentication involves only a UserID/password. 

In 2-factor authentication, the user provides dual means of identification, one of which is typically a physical token, such as a card, and the other of which is typically something memorized, such as a security code. 

Additional authentication methods that can be used in MFA include biometric verification such as keyboard cadence, finger scanning, iris recognition, facial recognition and voice ID. In addition to these methods, device identification software, smart cards, and other electronic devices can be used along with the traditional UserID and password.

Theme(s):
Information Security, Enterprise Architecture

Network Device

Definition:

A device available to other computers on a network. Examples include servers, firewalls, routers, switches, workstations, networked Supervisory Control and Data Acquisition (SCADA) systems, and networked printers (multifunction devices).

Theme(s):
Infrastructure Management, Information Security, Enterprise Architecture

Penetration Test

Definition:

A deliberate probe of a network or system to discover security weaknesses. The test attempts to leverage identified weaknesses to penetrate into the organization. The test exploits the vulnerabilities uncovered during a vulnerability assessment to avoid false positives often reported by automated assessment tools.

Theme(s):
Enterprise Architecture, Information Security

Physical Security

Definition:

Physical security describes measures that prevent or deter attackers from accessing a facility, resource, or information stored on physical media in an IT facility.

Theme(s):
Information Security, Enterprise Architecture

Secure Segmentation

Definition:

Secure segmentation is defined as implementing methods that allow for secure communication between various levels of segmented environments. These environments typically involve 4 basic segment groups:

  1. Outside (Trust no one)
  2. Services (Trust limited to defined segmentation lines)
  3. Internal (Trust limited to defined group)
  4. External users (Trust limited to defined group)

The methods for securing these segments may include but are not limited to firewall and switch/router configurations and router/switch ACLs.

Theme(s):
Information Security, Enterprise Architecture

Security Controls

Definition:

The security requirements and methods applied by agencies to manage IT security risk including but not limited those defined in the OCIO IT security standards.

Theme(s):
Information Security, Enterprise Architecture

Security Domain

Definition:

An environment or context that is defined by security policy, a security model, or security architecture to include a set of system resources and the set of system entities that have the right to access the resources.

Theme(s):
Information Security, Enterprise Architecture

Trusted Agency, System or Network

Definition:

An IT system or network that is recognized automatically as reliable, truthful, and accurate without continual validation or testing.

Theme(s):
Information Security, Enterprise Architecture

Untrusted

Definition:

Characterized by absence of trusted status. Assumed to be unreliable, untruthful, and inaccurate unless proven otherwise.

Theme(s):
Information Security, Enterprise Architecture

Vulnerability

Definition:

Relates to risk of attack. In IT terms, vulnerability describes points of risk to penetration of security barriers. Awareness of potential vulnerability is very important to designing ever more effective defenses against attack by unauthorized parties.

Theme(s):
Information Security, Enterprise Architecture

Vulnerability Assessment

Definition:

A comprehensive analysis that attempts to define, identify, and classify the security holes (vulnerabilities) in a system, network, or communications infrastructure within the assessment scope.

Theme(s):
Information Security, Enterprise Architecture