Information Security

A comprehensive analysis that attempts to define, identify, and classify the security holes (vulnerabilities) in a system, network, or communications infrastructure within the assessment scope.

Relates to risk of attack. In IT terms, vulnerability describes points of risk to penetration of security barriers. Awareness of potential vulnerability is very important to designing ever more effective defenses against attack by unauthorized parties.

Characterized by absence of trusted status. Assumed to be unreliable, untruthful, and inaccurate unless proven otherwise.

An IT system or network that is recognized automatically as reliable, truthful, and accurate without continual validation or testing.

An environment or context that is defined by security policy, a security model, or security architecture to include a set of system resources and the set of system entities that have the right to access the resources.

The security requirements and methods applied by agencies to manage IT security risk including but not limited those defined in the OCIO IT security standards.

Secure segmentation is defined as implementing methods that allow for secure communication between various levels of segmented environments. These environments typically involve 4 basic segment groups:

Outside (Trust no one)
Services (Trust limited to defined segmentation lines)
Internal (Trust limited to defined group)
External users (Trust limited to defined group)

The methods for securing these segments may include but are not limited to firewall and switch/router configurations and router/switch ACLs.

A secure version of File Transfer Protocol (FTP), which facilitates data access and data transfer over a Secure Shell (SSH) data stream. It is part of the SSH Protocol. This term is also known as SSH File Transfer Protocol.

Physical security describes measures that prevent or deter attackers from accessing a facility, resource, or information stored on physical media in an IT facility.

A security system or mechanism in which more than one form of authentication is implemented to verify the legitimacy of a transaction. In contrast, single factor authentication involves only a UserID/password. 

In 2-factor authentication, the user provides dual means of identification, one of which is typically a physical token, such as a card, and the other of which is typically something memorized, such as a security code.