Information Security Glossary
Agents | Agents include employees, including full- and part-time staff, students, consultants, and other agents. |
---|---|
Appropriate use | Appropriate use refers to the use of computing resources, as outlined in this document, in a manner consistent with Clayton State's mission for education, research and service. |
Authentication | A process of attempting to verify the digital identity of a system user or processes. |
Availability |
Refers to ensuring timely and reliable access to and use of information. |
Confidentiality |
Refers to preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. |
Computing Resources | For the purpose of this document, the phrase “computing resources” includes, but is not limited to, computers, files, networks, electronic mail, and Internet access, that is owned, leased, and/or maintained by Clayton State University |
Computer Security Incident |
A violation (breach) or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices, which may include, but are not limited to:
|
DNS |
Refers to the domain name system, which represents a powerful Internet technology for converting domain names to their corresponding IP addresses. |
DNS Spoofing |
Refers to confusing a DNS server into giving out bad information. The way it works is that an attacker sends a recursive query to the victim’s server, using the victim’s server to resolve the query. The answer to the query is in a zone the attacker controls. The answer given by the attacker’s name server includes an authoritative record for a domain name controlled by a third party. That authoritative record is FALSE. The victim’s server caches the bogus record. Once spoofed, the victim’s resolver will continue to use the false record it has in its cache, potentially misdirecting email, or any other Internet service. This is a potential major security leak for credit card information, trade secrets, and other highly sensitive information. Note Most modern servers will not cache a fake record because it does not fall in the same parent zone as the record that was requested. |
Domain. |
Most often used to refer to a domain zone, it is also used to describe a zone or a domain name. |
Endpoints. |
Can include, but are not limited to, PCs, laptops, smart phones, tablets and specialized equipment such as bar code readers or point of sale (POS) terminals. |
Endpoint Security |
An approach to network protection that requires each computing device on a corporate network to comply with certain standards before network access is granted. Simple forms of endpoint security include personal firewalls or anti-virus software that is distributed and then monitored and updated from a server. |
Endpoint Security Management |
A policy-based approach to network security that requires endpoint devices to comply with specific criteria before they are granted access to network resources. |
Endpoint Security Management Systems |
A purchased software or a dedicated appliance, discover, manage, and control computing devices that request access to the corporate network. Endpoints that do not comply with policy can be controlled by the system to varying degrees. For example, the system may remove local administrative rights or restrict Internet browsing capabilities. |
Event of Interest |
A questionable or suspicious activity that could threaten the security objectives for critical or sensitive data or infrastructure. They may or may not have criminal implications. |
Guideline |
A guideline is a document that suggests a path or guidance on how to achieve or reach compliance with a policy. |
Incident Management |
The process of detecting, mitigating, and analyzing threats or violations of security policies and controls and limiting their effect. |
Incident Response Management |
The process of detecting, mitigating, and analyzing threats or violations of security policies and limiting their effect. |
Integrity |
Refers to guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. |
Metric |
A numeric indicator(s) used to gauge system-wide program performance and monitor progress toward accomplishing system-wide goals and objectives. Monitors and measures accomplishment of goals by quantifying the level of implementation and effectiveness. |
Monitoring |
Refers to observing and checking for a set standard or configuration. |
Performance Goal |
The desired result(s) of implementing the security objective or technique that are measured by the metric. |
Performance Measures |
The actions required to accomplish the performance goal validated through the completion and analysis of the institution report. |
Policy |
Typically a concise document that outlines specific requirements, business rules, or company stance that must be met. The policy is the organization’s stance on an issue, program, or system. It is a rule that everyone must meet. |
Split DNS |
Refers to when internal hosts are directed to an internal domain name server for name resolution, while external hosts are directed to an external domain name server for name resolution. |
Sensitive Data | Data for which users must obtain specific authorization to access, since the data’s unauthorized disclosure, alteration, or destruction will cause perceivable damage to the participant organization. Example: personally identifiable information, Family Educational Rights and Privacy Act (FERPA), Health Insurance Portability and Accountability Act (HIPPA). PCI standards, as well as, data not releasable under the Georgia Open Records Act, the Georgia Open Meetings Act, or some other. |
Standard |
A standard is a requirement that supports a policy. |
User | User is any person who utilizes Clayton State University owned or leased computing resources, including, but not limited to faculty, staff, students, temporary employees, and contract labor. The user is responsible for the conduct of any person that the user allows to use Clayton State University computing resources. |