Glossary

Compilation of individual data systems and data that could result in the totality of the information being classified, or classified at a higher level, or of beneficial use to an adversary.

SOURCE: CNSSI-4009

1. Any entity that is comprised of data. For example, a database is a data asset that is comprised of data records. A data asset may be a system or application output file, database, document, or Web page. A data asset also includes a service that may be provided to access data from an application. For example, a service that returns individual records from a database would be a data asset. Similarly, a Web site that returns data in response to specific queries (e.g., www.weather.com) would be a data asset.

2. An information-based resource.

SOURCE: CNSSI-4009

All State of Arizona data is classified as Confidential Data or Public data.

A database about data and database structures. A catalog of all data elements, containing their names, structures, and information about their usage, for the benefit of programmers and others interested in the data elements and their usage.

SOURCE: Data Governance Institute

A basic unit of information that has a unique meaning and subcategories (data items) of distinct value. Examples of data elements include gender, race, and geographic location.

SOURCE: SP 800-47; CNSSI-4009

The transfer of data between two points: a Producer, who creates or produces the data and transmits it, and a Consumer, who receives that data and imports it or consumes it. The Producer and Consumer can be an application, program, information system, agency, division, department, government or non-government entity.

A graphical depiction of the relationships among and between the various components and processes in a program or system. They depict how input data is transformed to output results through a sequence of functional transformations and consist of four major components - entities, processes, data stores, and data flows.

A DFD can be either logical or physical. A logical DFD focuses on the business processes surrounding the data flow. A physical DFD focuses on the implementation of the data flow and includes manual process details and data structures.

A logical structure for organizing how we think about and communicate Data Governance concepts.

SOURCE: Data Governance Institute

A centralized organizational entity responsible for facilitating and coordinating Data Governance and/or Stewardship efforts for an organization. It supports a decision-making group, such as a Data Stewardship Council.

SOURCE: Data Governance Institute

The property that data has not been altered in an unauthorized manner. Data integrity covers data in storage, during processing, and while in transit

SOURCE: SP 800-27

The property that data has not been changed, destroyed, or lost in an unauthorized or accidental manner.

SOURCE: CNSSI-4009

The exposure of proprietary, sensitive, or classified information through either data theft or data leakage.

SOURCE: SP 800-137

Stakeholder committee composed of management responsible for managing data assets in an organization and responsible for the development, documentation and implementation of data governance policies, standards and procedures.

SOURCE: Data Management Maturity Model V 1.0

Data Mining is a technique used to analyze existing information, usually with the intention of pursuing new avenues to pursue business

The analysis of data objects that are used in a business or other context and the identification of the relationships among these data objects.

SOURCE: ADOA-ASET

The discipline, process, and organizational group that conducts analysis of data objects used in a business or other context, entifies the relationships among these data objects, and creates models that depict those relationships. See also Data Model.

SOURCE: Data Governance Institute

Stakeholder committee that includes business and technology representatives from each functional area responsible for ensuring that data management objectives, priorities and scope are defined and approved and that they reflect agency business objectives.

Source: Data Management Maturity Model V 1.0

The systematic analysis of the content of a data source, from counting the bytes and checking cardinalities to the most thoughtful diagnosis of whether the data can meet the high level goals of a data warehouse.

SOURCE: The Kimball Group website

Those who use, affect, or are affected by data. Data Stakeholders may be upstream producers, gatherers, or acquirers of information; downstream consumers of information, those who manage, transform, or store data, or those who set policies, standards, architectures, or other requirements or constraints.

SOURCE: Data Governance Institute

Fill device designed to securely store, transport, and transfer electronically both COMSEC and TRANSEC key, designed to be backward compatible with the previous generation of COMSEC common fill devices, and programmable to support modern mission systems.

SOURCE: CNSSI-4009

A specially designed software application that interact with the user, other applications, and the database itself to capture and analyze data. A general-purpose DBMS is a software system designed to allow the definition, creation, querying, update, and administration of databases.

SOURCE: WIKIPEDIA

Commonly referred to as the systems used to organize and manage data storage, facilitate access to, provide security for, and assure the integrity of data stored in a database.

A relational database management system (RDBMS) available for a variety of platforms and operating systems. DB2® supports native XML functionality and integrates with other major RDBMS products. DB2® supports parallel architectures, integrated object models, industry standard SQL, Open Database Connectivity (ODBC) interface, the Java Database Connectivity™ (JDBC) interface, or a CORBA interface broker.

Convert enciphered text to plain text by means of a cryptographic system.

SOURCE: CNSSI-4009

Disruption caused by a major hardware or software failure or destruction of facilities that is identified by the CIO or his/her designate and communicated to the BU staff

Generic term encompassing decode and decipher.

SOURCE: CNSSI-4009

Information systems security mode of operation wherein each user, with direct or indirect access to the system, its peripherals, remote terminals, or remote hosts, has all of the following: 1. valid security clearance for all information within the system, 2. formal access approval and signed nondisclosure agreements for all the information stored and/or processed (including all compartments, subcompartments, and/or special access programs), and 3. valid need- to-know for all information contained within the information system. When in the dedicated security mode, a system is specifically and exclusively dedicated to and controlled for the processing of one particular type or classification of information, either for full-time operation or for a specified period of time.

SOURCE: CNSSI-4009

A planned, systematic set of multidisciplinary activities that seek to identify, manage, and reduce risk of exploitable vulnerabilities at every stage of the system, network, or sub-component life cycle (system, network, or product design and development; manufacturing; packaging; assembly; system integration; distribution; operations; maintenance; and retirement).

SOURCE: CNSSI-4009

Procedure that reduces the magnetic flux to virtual zero by applying a reverse magnetizing field. Also called demagnetizing.

SOURCE: CNSSI-4009

An interface on a routing firewall that is similar to the interfaces found on the firewall’s protected side. Traffic moving between the DMZ and other interfaces on the protected side of the firewall still goes through the firewall and can have firewall protection policies applied.

SOURCE: SP 800-41

A host or network segment inserted as a "neutral zone" between an organization’s private network and the Internet.

SOURCE: SP 800-45

Perimeter network segment that is logically between internal and external networks. Its purpose is to enforce the internal network’s Information Assurance policy for external information exchange and to provide external, untrusted sources with restricted access to releasable information while shielding the internal networks from outside attacks.

SOURCE: CNSSI-4009

A firewall configuration policy that forces the user to register at the site, authenticate and authorize prior to gaining access.

SOURCE: SECUROSIS WEBSITE

Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.

SOURCE: NIST CYBERSECURITY FRAMEWORK

The portion of an RBG that includes the functions necessary to instantiate and uninstantiate the RBG, generate pseudorandom bits, (optionally) reseed the RBG and test the health of the DRBG mechanism.

SOURCE: SP 800-90A

The management role that is responsible for performing activities related to registering users that are devices.

SOURCE: CNSSI-4009

An analysis of the variations of the electrical power consumption of a cryptographic module, using advanced statistical methods and/or other techniques, for the purpose of extracting information correlated to cryptographic keys used in a cryptographic algorithm.

SOURCE: FIPS 140-2

Electronic information stored or transferred in digital form.

SOURCE: SP 800-72

An asymmetric key operation where the private key is used to digitally sign data and the public key is used to verify the signature. Digital signatures provide authenticity protection, integrity protection, and non-repudiation.

SOURCE: SP 800-63

A nonforgeable transformation of data that allows the proof of the source (with non-repudiation) and the verification of the integrity of that data.

SOURCE: FIPS 196

The result of a cryptographic transformation of data which, when properly implemented, provides the services of:

1. origin authentication,

2. data integrity, and

3. signer non-repudiation.

SOURCE: FIPS 140-2

The result of a cryptographic transformation of data that, when properly implemented, provides a mechanism for verifying origin authentication, data integrity, and signatory non-repudiation.

SOURCE: FIPS 186-3

The result of a cryptographic transformation of data that, when properly implemented, provides origin authentication, data integrity, and signatory non-repudiation.

SOURCE: SP 800-89

Cryptographic process used to assure data object originator authenticity, data integrity, and time stamping for prevention of replay.

SOURCE: CNSSI-4009

An attempt to mimic the offline act of a person applying their signature to a paper document. Involves applying a mathematical algorithm, usually stored on and as part of the users’ private key, to the contents of a body of text. This results in an encrypted version of the document (this is referred to as the 'digitally signed' document) that can only be decrypted by applying the user’s public key. (Also digitally signing, digital signature)

A digital storage system directly attached to a server or workstation, without a storage network in between.

SOURCE: WIKIPEDIA

1. A sudden, unplanned calamitous event causing great damage or loss. Any event that creates an inability on an organization's part to provide critical business functions for some predetermined period of time. Similar terms are business interruption, outage and catastrophe. 2. The period when organization management decides to divert from normal production responses and exercises its disaster recovery plan. Typically signifies the beginning of a move from a primary to an alternate location.

The basis of this kind of security is that an individual user, or program operating on the user’s behalf, is allowed to specify explicitly the types of access other users (or programs executing on their behalf) may have to information under the user’s control.

SOURCE: FIPS 191

A means of restricting access to objects (e.g., files, data entities) based on the identity and need-to-know of subjects (e.g., users, processes) and/or groups to which the object belongs. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control).

SOURCE: CNSSI-4009

The actions taken regarding information that is no longer needed to support on-going administrative and operational activities in accordance with an approved Records Management Schedule. Directions may include destroy, transfer to the government archives, transfer to inactive records storage space, or retain permanently in unit.

A Denial of Service technique that uses numerous hosts to perform the attack.

SOURCE: CNSSI-4009

An information technology category for systems capable of replicating documents commonly used in business. Document Imaging Systems can take many forms including microfilm, on demand printers, facsimile machines, copiers, document scanners, Computer Output Microfilm (COM) and archive writers.

An interface-oriented application programming interface that allows for navigation of the entire document as if it were a tree of node objects representing the document's contents.

SOURCE: WIKIPEDIA

A domain name locates an organization or other entity on the Internet. For example, the domain name "www . sans . org" locates an Internet address for "sans.org" at Internet point 199.0.0.2 and a particular host server named "www". The "org" part of the domain name reflects the purpose of the organization or entity (in this example, "organization") and is called the top-level domain name. The "sans" part of the domain name defines the organization or entity and together with the top-level is called the second-level domain name

The way that Internet domain names are located and translated into Internet Protocol addresses. A domain name is a meaningful and easy-to-remember "handle" for an Internet address

Disaster Recovery Plan – An Annually updated plan that is produced by AZNet in cooperation with the Telecommunications Program Office (TPO) and state agencies. The DRP identifies the critical components and functions of each agency’s operations and the actions needed to restart operations, in a timely manner, in the event of a disaster.

Digital Subscriber Line – A high speed digital data transmission over the internet using wires of a local telephone carrier network.

The requirement that organizations must develop and deploy a protection plan to prevent fraud, abuse, and additional deploy a means to detect them if they occur.

A standardized networking protocol used on Internet Protocol (IP) networks for dynamically distributing network configuration parameters, such as IP addresses for interfaces and services. With DHCP, computers request IP addresses and networking parameters automatically from a DHCP server, reducing the need for a network administrator or a user to configure these settings manually.

SOURCE: WIKIPEDIA

A collection of small programs, any of which can be called when needed by a larger program that is running in the computer. The small program that lets the larger program communicate with a specific device such as a printer or scanner is often packaged as a DLL program (usually referred to as a DLL file)