A comprehensive list of security terms you should know
- By William Jackson
- Jun 17, 2013
A comprehensive glossary of information security terms used in government documents has been updated by the National Institute of Standards and Technology, with more than 200 pages of definitions for words most commonly used in NIST publications.
First published in 2006 in response to requests for a comprehensive source of definitions, the latest version of Interagency Report 7298, Glossary of Key Information Security Terms, provides the most current definitions, culled from Federal Information Processing Standards; the NIST 800 series of Special Publications, which provide guidance for meeting federal cybersecurity requirements; NIST interagency reports; and the Committee for National Security Systems (CNSS) information assurance publications.
Each definition, from “Access” (the ability to make use of any information system resource) to “Zone of Control” (the three-dimensional space surrounding equipment that processes classified and/or sensitive information) cites the NIST and/or CNSS source.
Authoritative definitions are necessary for agencies to meet requirements for information assurance laid out in the Federal Information Security Management Act and in the standards, specifications and guidelines for implementing them. For example, “continuous monitoring,” which has emerged as key component for federal information security, is defined as “maintaining ongoing awareness to support organizational risk decisions.”
Because the field of information security evolves quickly, the glossary is intended to be a living document, the authors wrote. “It is our intention to keep the glossary current by providing updates online. New definitions will be added to the glossary as required, and updated versions will be posted on the Computer Security Resource Center Web site.”
Comments and suggestions for changes or additions for the publication should be sent to email@example.com.
William Jackson is freelance writer and the author of the CyberEye blog.