Term
| Annualized Loss Expectancy (ALE) |
|
Definition
| The expected monetary loss that can he expected for an asset due to a risk over a one year period. |
|
|
Term
| Annualized Rate of Occurrence (ARO) |
|
Definition
| The probability that a risk will occur in a particular year. |
|
|
Term
|
Definition
| The process of inventorying and maintaining items of value. |
|
|
Term
|
Definition
| A visual image of the attacks that may occur against an asset. |
|
|
Term
|
Definition
| A TCP/IP port in which the host system does not reply to any inquiries. |
|
|
Term
|
Definition
| A TCP/IP port in which no process is listening at the port. |
|
|
Term
|
Definition
| The pproportion of an assest's valuethat is likelyto be destroyed by a particular risk (expressed as a percentage). |
|
|
Term
| Internet Control Message Protocol (IcMP) |
|
Definition
| A TCP/IP protocol that provides support to IP to the form of ICMP messages that allow different types of communication to occur between IP devices. |
|
|
Term
|
Definition
| Software tools that can identify all the systems connected to a network. |
|
|
Term
|
Definition
| A TCP/IP port in which an application or service assigned to that port is listening. |
|
|
Term
| Open Vulnerability and Assessment Language (OVAL) |
|
Definition
| An international information security standard to promote open and publicily available securiy content and to standardize the transfer of this information across the spectrum of security tools and services. |
|
|
Term
|
Definition
| Contracting with an outside company to provide a service or a product instead of providing it from within the organization. |
|
|
Term
|
Definition
| A program that uses the file of hashed passwords and then attempts to break the bashed passwords offline. |
|
|
Term
|
Definition
| A method of evaluating the security of a computer system or network by simulating an attack by a malicious hacker instead of just scanning for vulnerabiliries. |
|
|
Term
|
Definition
| An Internet Control Message Protocol (ICMP) echo request packet. |
|
|
Term
|
Definition
| A numeric value used as an identifier to applications and services on TCP/IP systems. |
|
|
Term
|
Definition
| Software used to search a system for port vulnerabilities that could be used in an attack. |
|
|
Term
|
Definition
| A program running on a device. |
|
|
Term
|
Definition
| A mode on an interface card (NIC) adapter that does not ignore packets intended for other systems but shows all network traffic. |
|
|
Term
|
Definition
| The potential loss that exceeds the amount covered by insurance. |
|
|
Term
|
Definition
| Determining the damage that would result from in attack and the likelihood that the vulnerability is a risk to the organization. |
|
|
Term
|
Definition
| A sysatematic and structured approach to managing the potential for loss that is related to a threat. |
|
|
Term
|
Definition
| A means of spreading risk over a group. No premium is paid by members of the group but losses are assessed across all members of the group. |
|
|
Term
|
Definition
| A defense against password cracker programs for UNIX and Linux systems by creating a second file without password hashes. |
|
|
Term
|
Definition
| a process for constructing scenarios of the types of threats that assets can face. |
|
|
Term
|
Definition
| A current snapshot of the security of an organization. |
|
|
Term
|
Definition
| A generic term that refers to products that look for vulnerabilities in networks or systems. |
|
|
