Term
|
Definition
| A concept in which multiple layers of security controls (defense) are placed throughout an IT system. |
|
|
Term
|
Definition
| Any code that is part of a software system that is intended to cause security breaches or damage to a system. |
|
|
Term
|
Definition
| A computer that has been compromised and used to perform malicious tasks under remote direction. |
|
|
Term
|
Definition
| Used to spread email spam and launch Denial-of-Service attacks. |
|
|
Term
|
Definition
| A threat or attack that exploits a previously unknown vulnerability in a computer application or operation system that developers have not had time to address and patch |
|
|
Term
|
Definition
| Software that aids in gathering information about a person or organization without their knowledge. Used to send information to another entity or assert controls over a computer without knowledge. |
|
|
Term
|
Definition
| A code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. |
|
|
Term
|
Definition
| Surveillance software that has the capability to record every keystroke you make to log a file. |
|
|
Term
|
Definition
| User who gains elevated access to resources that are normally protected from an application or use |
|
|
Term
|
Definition
| An attempt to make a machine or network resource unavailable to its intended users. |
|
|
Term
|
Definition
| A piece of software that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on a computer software, hardware, or something electronic (computerized). |
|
|
Term
|
Definition
| An all-encompassing communication project of the United States DoD. |
|
|
Term
|
Definition
| Reducing vulnerabilities that may lead to an attack on a computer system. |
|
|
Term
|
Definition
| An attack on a computer system with the intention of finding security weaknesses, potentially gaining access to it. |
|
|
Term
|
Definition
| An attempt to gain access to a computer and its files through a known or probable weak point in the computer system. |
|
|
Term
|
Definition
| An electronic signature that can be used by someone to authenticate the document, file, or email |
|
|
Term
|
Definition
| A service that validates the integrity of a digital signature. |
|
|
Term
| Information Assurance Manager (IAM) |
|
Definition
| oversee all IAO’s, ensure security instructions, guidance and SOP’s are maintained ands implemented |
|
|
Term
| Information Assurance Officer (IAO) |
|
Definition
| assist the IAM in meeting the duties and responsibilities of network security. |
|
|
Term
| Information System Security Officer (ISSO) |
|
Definition
| configure and operate IA and IA-enabled technology in accordance with DoD information system IA Policies and establish and manage authorized user accounts for DoD information systems. |
|
|
Term
| Describe electronic spillage |
|
Definition
| When a file of high classification gets placed on a lower classification system it creates an electronic spillage. |
|
|
Term
| Department of the Navy (DoN) Application and Database Management System (DADMS) |
|
Definition
| An authoritative source for data regarding DoN IT systems, including National Security Systems, Registration of mission-critical, mission-essential and mission-support systems. |
|
|
Term
| Identify organizations that conduct vulnerability assessments |
|
Definition
Navy Cyber Defense Operations Command (NCDOC)
Red Team
Blue Team |
|
|
Term
| Intrusion Detection System (IDS) |
|
Definition
| A device or software application that monitors network or system activities for malicious activity or policy violations and produces reports to a management station. |
|
|
Term
|
Definition
| IDS auto-responds to the suspicious activity by resetting the connection or by reprogramming the firewall to block network traffic from the suspected malicious source. |
|
|
Term
|
Definition
| IDS detects a potential security breach, logs the information and signals an alert on the console or owner. |
|
|
Term
| Intrusion Prevention System (IPS) |
|
Definition
| Software that prevents suspicious activity by resetting the connection or blocking network traffic from the malicious source. |
|
|
Term
| Host-Based Security System (HBSS) |
|
Definition
| Software applications used within the Department of Defense (DoD) to monitor, detect and counterattack against the DoD computer networks and systems. |
|
|
