Refers to ensuring timely and reliable access to and use of information.
Refers to preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.
Computer Security Incident
A violation (breach) or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices, which may include, but are not limited to:
Refers to the domain name system, which represents a powerful Internet technology for converting domain names to their corresponding IP addresses.
Refers to confusing a DNS server into giving out bad information. The way it works is that an attacker sends a recursive query to the victim’s server, using the victim’s server to resolve the query. The answer to the query is in a zone the attacker controls. The answer given by the attacker’s name server includes an authoritative record for a domain name controlled by a third party. That authoritative record is FALSE. The victim’s server caches the bogus record. Once spoofed, the victim’s resolver will continue to use the false record it has in its cache, potentially misdirecting email, or any other Internet service. This is a potential major security leak for credit card information, trade secrets, and other highly sensitive information.
Note Most modern servers will not cache a fake record because it does not fall in the same parent zone as the record that was requested.
Most often used to refer to a domain zone, it is also used to describe a zone or a domain name.
Can include, but are not limited to, PCs, laptops, smart phones, tablets and specialized equipment such as bar code readers or point of sale (POS) terminals.
An approach to network protection that requires each computing device on a corporate network to comply with certain standards before network access is granted. Simple forms of endpoint security include personal firewalls or anti-virus software that is distributed and then monitored and updated from a server.
Endpoint Security Management
A policy-based approach to network security that requires endpoint devices to comply with specific criteria before they are granted access to network resources.
Endpoint Security Management Systems
A purchased software or a dedicated appliance, discover, manage, and control computing devices that request access to the corporate network. Endpoints that do not comply with policy can be controlled by the system to varying degrees. For example, the system may remove local administrative rights or restrict Internet browsing capabilities.
Event of Interest
A questionable or suspicious activity that could threaten the security objectives for critical or sensitive data or infrastructure. They may or may not have criminal implications.
A guideline is a document that suggests a path or guidance on how to achieve or reach compliance with a policy.
The process of detecting, mitigating, and analyzing threats or violations of security policies and controls and limiting their effect.
Incident Response Management
The process of detecting, mitigating, and analyzing threats or violations of security policies and limiting their effect.
Refers to guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity.
A numeric indicator(s) used to gauge system-wide program performance and monitor progress toward accomplishing system-wide goals and objectives. Monitors and measures accomplishment of goals by quantifying the level of implementation and effectiveness.
Refers to observing and checking for a set standard or configuration.
The desired result(s) of implementing the security objective or technique that are measured by the metric.
The actions required to accomplish the performance goal validated through the completion and analysis of the institution report.
Typically a concise document that outlines specific requirements, business rules, or company stance that must be met. The policy is the organization’s stance on an issue, program, or system. It is a rule that everyone must meet.
Refers to when internal hosts are directed to an internal domain name server for name resolution, while external hosts are directed to an external domain name server for name resolution.
A standard is a requirement that supports a policy.