A

AAA (Authentication, Authorization and Accounting protocol)

Authentication refers to the confirmation that a user who is requesting services is a valid user of the network services requested. Authentication is accomplished via the presentation of an identity and credentials. Examples of types of credentials are passwords, one-time tokens, digital certificates, and phone numbers (calling/called). Authorization refers to the granting of specific types of service (including "no service") to a user, based on their authentication, what services they are requesting, and the current system state. Authorization may be based on restrictions, for example time-of-day restrictions, or physical location restrictions, or restrictions against multiple logins by the same user. Authorization determines the nature of the service which is granted to a user. Examples of types of service include, but are not limited to: IP address filtering, address assignment, route assignment, QoS/differential services, bandwidth control/traffic management, compulsory tunneling to a specific endpoint, and encryption. Accounting refers to the tracking of the consumption of network resources by users. This information may be used for management, planning, billing, or other purposes. Real-time accounting refers to accounting information that is delivered concurrently with the consumption of the resources. Batch accounting refers to accounting information that is saved until it is delivered at a later time. Typical information that is gathered in accounting is the identity of the user, the nature of the service delivered, when the service began, and when it ended. [PCI-DSS, Wikipedia]

AAPC (Accounting and Auditing Policy Committee)

[GAO/PCIE Financial Audit Manual]

ABA (American Bar Association)

[GAO/PCIE Financial Audit Manual]

ACD (Automatic Call Distribution)

Part of the service desk, this is the use of information technology to direct an incoming telephone call to the most appropriate person in the shortest possible time. ACD is sometimes called automated call distribution. [ITIL]

ACF2 (Access Control Facility)

[FISCAM]

ACK (Acknowledgement)

A flag set in a packet to indicate to the sender that the previous packet sent was accepted correctly by the receiver without errors, or that the receiver is now ready to accept a transmission. [de facto]

ACL (Access Control Lists)

A register of 1) users (including groups, machines, processes) who have been given permission to use a particular system resource, and 2) the types of access they have been permitted. [NIST 800 series, Centers for Medicare & Medicaid Services (CMS), Sedona Conference, US National Information Assurance (IA) Glossary]

ADC (Analog to Digital Converter)

Converts analog data to a digital format. [Sedona Conference]

ADF (Automatic Document Feeder)

Automatic Document Feeder. This is the means by which a scanner feeds the paper document. [Sedona Conference]

AES (Advanced Encryption Standard)

Advanced Encryption Standard (AES) is the Rijndael cryptographic algorithm adopted by the National Institute of Standards and Technology (NIST) as the new Federal Information Processing Standard (FIPS). AES replaces DES and 3DES, and is one of the recommended encryption standards meeting HIPAA requirements. See also data encryption standard. [FIPS Pubs]

AFDA (Administrative Functions Disposal Authority)

The Administrative Functions Disposal Authority was released in March 2000 by the National Archives and relates to common administrative functions performed by most Commonwealth agencies. The structure of the Authority is based on the business classification scheme of the Keyword AAA: Thesaurus of General Terms Commonwealth Version. See also disposal authorities. [DIRKS]

AH (Authentication Header)

A security protocol that authenticates packets from servers and ensures messages are not tampered with while en route. [Network Frontiers]

AI (Artificial Intelligence)

The subfield of computer science concerned with the concepts and methods of symbolic inference by computer and symbolic knowledge representation for use in making inferences - an attempt to model aspects of human thought on computers. It is also sometimes defined as trying to solve by computer any problem once believed to be solvable only by humans. AI is the capability of a device to perform functions that are normally associated with human intelligence, such as reasoning and optimization through experience. It attempts to approximate the results of human reasoning by organizing and manipulating factual and heuristic knowledge. Areas of AI activity include expert systems, natural language understanding, speech recognition, vision, and robotics. [ISACA, Sedona Conference]

AICPA (American Institute of Certified Public Accountants)

Committed to member service and the public interest, the American Institute of Certified Public Accountants and its predecessors have been serving the accounting profession since 1887. See also http://www.aicpa.org/index.htm for more information. [GAO/PCIE Financial Audit Manual]

AIIM (AIIM: the ECM Association)

AIIM formerly stood for Association for Information and Image Management. It has since changed its name to the Enterprise Content Management (ECM) Association. For more information, see http://www.aiim.org. [AIIM, Sedona Conference]

AIS (Automated Information System)

An assembly of computer hardware, software, and/or firmware that is configured to collect, create, communicate, compute, disseminate, process, store, and/or control data or information. [Centers for Medicare & Medicaid Services (CMS)]

ALC (Accounting Legend Code)

Numeric code used to indicate the minimum accounting controls required for items of accountable COMSEC material within the COMSEC Material Control System. [US National Information Assurance (IA) Glossary]

ALE (Annualized Loss Expectancy)

The total expected monetary loss of an information asset over one year; calculated as the SLE times the EAF. [Network Frontiers]

ALU (Arithmetic Logic Unit)

The area of the central processing unit that performs mathematical and analytical operations. [ISACA]

AMDB (Availability Management Database)

A database containing all data needed to support availability management. The AMDB may be part of the configuration management database. [ITIL]

ANSI (American National Standards Institute)

The American National Standards Institute (ANSI) coordinates the development and use of voluntary consensus standards in the United States and represents the needs and views of US stakeholders in standardization forums around the globe. The Institute oversees the creation, promulgation and use of thousands of norms and guidelines that directly impact businesses in nearly every sector: from acoustical devices to construction equipment, from dairy and livestock production to energy distribution, and many more. ANSI is also actively engaged in accrediting programs that assess conformance to standards – including globally-recognized cross-sector programs such as the ISO 9000 (quality) and ISO 14000 (environmental) management systems. See also http://www.ansi.org for more information. [de facto, PCI-DSS, Sedona Conference]

APF (Authorized program facility)

An operating system facility that controls which programs are allowed to use restricted system functions. [FISCAM]

API (Application Program [or programming] Interface)

[AIIM]

ARA (Account Risk Analysis)

[GAO/PCIE Financial Audit Manual]

ARMA (ARMA: the Association for Information Management Professionals)

ARMA International is a not-for-profit professional association and the authority on managing records and information – paper and electronic. For more information, see http://www.arma.org/about/index.cfm. [ARMA, Sedona Conference]

ARP (Address Resolution Protocol)

A protocol used to obtain a node’s physical address. A client station broadcasts an ARP request onto the network with the Internet Protocol (IP) address of the target note it wishes to communicate with, and the node with the address response by sending back its physical address so that packets can be transmitted. [Workgroup for Electronic Data Interchange]

AS&W (Attack Sensing and Warning)

Detection, correlation, identification, (AS&W) and characterization of intentional unauthorized activity with notification to decision makers so that an appropriate response can be developed. [US National Information Assurance (IA) Glossary]

ASCII (American Standard Code for Information Interchange)

Pronounced “ask-ee,” ASCII is a nonproprietary text format, standard seven-bit code for representing (or 255 for extended ASCII) alphanumeric and control characters that was adopted by the American Standards Association to achieve compatibility between data devices. Documents in ASCII format consist of only text with no formatting and can be read by most computer systems. [Sedona Conference]

ASP (Application Service Provider)

A third party that delivers and manages applications and computer services, including security services to multiple users via the Internet or a private network. [ISACA, AIIM]

AsSEC (Accounting Standards Executive Committee of the AICPA)

[GAO/PCIE Financial Audit Manual]

AT (Attestation Reference)

Reference to statements on standards for attestation engagements in the sections of the Codification of Statements on Auditing Standards. [GAO/PCIE Financial Audit Manual]

ATM (Asynchronous Transfer Mode)

ATM is a high-bandwidth low-delay switching and multiplexing technology. It is a data link layer protocol. This means that it is a protocol-independent transport mechanism. ATM allows integration of real-time voice and video as well as data. ATM allows very high speed data transfer rates at up to 155 Mbit/s. [ISACA]

ATM (Automated Teller Machine)

A 24-hour, stand-alone mini-bank, located outside branch bank offices or in public places such as shopping malls. Through ATMs, clients can make deposits, withdrawals, account inquiries, and transfers. Typically, the ATM network is comprised of two spheres; a proprietary sphere, in which the bank manages the transactions of its clients, and the public or shared domain, in which a client of one financial institution can use another’s ATMs. [ISACA]

AU (Audit Reference)

Reference to Statements on Auditing Standards in the sections of the Codification of Statements on Auditing Standards. [GAO/PCIE Financial Audit Manual]

AUP (Agreed Upon Procedures)

[GAO/PCIE Financial Audit Manual]

AVI (Audio-Video Interleave)

A Microsoft standard for Windows animation files that interleaves audio and video to provide medium quality multimedia. [Sedona Conference]

AVP (Authorized Vendor Program)

Program in which a vendor, producing an (AVP) INFOSEC product under contract to NSA, is authorized to produce that product in numbers exceeding the contracted requirements for direct marketing and sale to eligible buyers. Eligible buyers are typically U.S. Government organizations or U.S. Government contractors. Products approved for marketing and sale through the AVP are placed on the Endorsed Cryptographic Products List (ECPL). [US National Information Assurance (IA) Glossary]

AVS (Address Verification Service)

AVS allows merchants that accept card-not-present transactions to compare the billing address (the address to which the card issuer sends its monthly statement for that account) given by a customer with the billing address on the card issuer's master file before shipping an order. AVS helps merchants minimize the risk of accepting fraudulent transactions in a card-not-present environment by indicating the result of the address comparison. [VISA Glossary of Terms]

CA (Agency Certification Authority)

A CA that acts on behalf of an Agency, and is under the operational control of an Agency. [NIST 800 series]


Site and content © Copyright 2003-2009 Network Frontiers, LLC. All rights reserved.