Cyber Insurance & Security Glossary

A complete glossary of essential Cyber Security & Insurance terms.

AJAX progress indicator
Search: (clear)
  • Security Audit
    A security audit is an evaluation of the security of a company's information system by measuring how well it conforms to a set of established criteria.
  • Script
    A set of instructions that are interpreted by a program.
  • Secret Key
    A secret key is a cryptographic key that is used with a secret-key (symmetric) cryptographic algorithm that is uniquely associated with one or more entities and is not made public. The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure.  A secret key is also a cryptographic key that is used with a symmetric cryptographic algorithm that is uniquely associated with one or more entities and is not made public.  The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure.  A secret key  is also a cryptographic key that must be protected from unauthorized disclosure to protect data encrypted with the key.  The use of the term “secret” in this context does not imply a classification level; rather, the term implies the need to protect the key from disclosure or substitution. A secret key is also cryptographic key that is uniquely associated with one or more entities.  The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure or substitution. Secret Key – A cryptographic key, used with a secret key cryptographic algorithm, that is uniquely associated with one or more entities and should not be made public.
  • Secret Key (Symmetric) Cryptographic Algorithm
    Secret Key (symmetric) Cryptographic Algorithm is a cryptographic algorithm that uses a single secret key for both encryption and decryption. A cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption and decryption.
  • Secret Seed
    A secret seed is a secret value used to initialize a pseudorandom number generator
  • Secure Communication Protocol
    Secure Communication Protocol is a communication protocol that provides the appropriate confidentiality, authentication, and content-integrity protection.
  • Secure Communications
    Secure Communications are telecommunications deriving security through use of NSA-approved products and/or Protected Distribution Systems. Configuring and operating DNS servers so that the security goals of data integrity and source authentication are achieved and maintained
  • Secure Electronic Transactions
    A Secure Electronic Transaction (SET) is a communications protocol standard for securing credit card transactions over insecure networks. SET ensures that all parties (customers, merchant, and bank) are authenticated using digital signatures, encryption protects the message and provides integrity, and provides end-to-end security for credit card transactions online.
  • Secure Erase
    Secure erase is an overwrite technology using firmware-based process to overwrite a hard drive.  Is a drive command defined in the ANSI ATA and SCSI disk drive interface specifications, which runs inside drive hardware.  It completes in about 1/8 the time of 5220 block erasure.
  • Secure Hash Algorithm
    Secure Hash Algorithm (SHA)  is a hash algorithm with the property that is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest
  • Secure Hash Standard
    The secure hash standard specifies secure hash algorithms -SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256 -for computing a condensed representation of electronic data (message). When a message of any length less than 2 64 bits (for SHA-1, SHA224 and SHA-256) or less than 2 128 bits (for SHA-384, SHA-512, SHA-512/224 and SHA-512/256) is input to a hash algorithm, the result is an output called a message digest. The message digests range in length from 160 to 512 bits, depending on the algorithm. Secure hash algorithms are typically used with other cryptographic algorithms, such as digital signature algorithms and keyed-hash message authentication codes, or in the generation of random numbers (bits).  The hash algorithms specified in this Standard are called secure because, for a given algorithm, it is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest. Any change to a message will, with a very high probability, result in a different message digest. This will result in a verification failure when the secure hash algorithm is used with a digital signature algorithm or a keyed-hash message authentication algorithm.  In addition, a secure hash standard is a specification for a secure hash algorithm that can generate a condensed message representation called a message digest.
  • Secure Socket Shell
    Software that allows administrators to securely access a remote computer.
  • Secure Sockets Layer
    SSL or Secure Socket Layer is the standard security protocol for establishing an encrypted communication between a web server.
  • Secure Sockets Layer
    A Secure Sockets Layer (SSL) is the standard security technology for establishing an encrypted link between a web server and a browser. SSL was developed by Netscape for transmitting private documents via the Internet.
  • Secure State
    Secure state is a condition in which no subject can access any object in an unauthorized manner.
  • Secure Subsystem
    A secure subsystem is a subsystem containing its own implementation of the reference monitor concept for those resources it controls.  Secure subsystem must depend on other controls and the base operating system for the control of subjects and the more primitive system objects
  • Securitization of Insurance Risk
    A method for insurance companies to access capital and hedge risks by converting policies into securities that can be sold in financial markets.
  • Security Association
    A Security Association is a relationship established between two or more entities to enable them to protect data they exchange
  • Security Attribute
    A Security Attribute is a security-related quality of an object. Security attributes may be represented as hierarchical levels, bits in a bit map, or numbers. Compartments, caveats, and release markings are examples of security attributes. A security attribute is also an abstraction representing the basic properties or characteristics of an entity with respect to safeguarding information; typically associated with internal data structures (e.g., records, buffers, files) within the information system which are used to enable the implementation of access control and flow control policies; reflect special dissemination, handling, or distribution instructions; or support other aspects of the information security policy
  • Security Authorization Boundary
    A security authorization boundary is an information security area that includes a grouping of tools, technologies, and data
  • Security Banner
    A security banner is a banner at the top or bottom of a computer screen that states the overall classification of the system in large, bold type.  A security banner can also refer to the opening screen that informs users of the security implications of accessing a computer resource
  • Security Categorization
    Security categorization is the process of determining the security category for information or an information system.  The process of determining the security category for information or an information system. Security categorization methodologies are described in CNSS Instruction 1253 for national security systems and in FIPS 199 for other than national security systems.
  • Security Category
    Security category is the characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, or individuals.  It is also the characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, individuals, other organizations, and the Nation.
  • Security Concept of Operations
    Security Concept of Operations is a security-focused description of an information system, its operational policies, classes of users, interactions between the system and its users, and the system’s contribution to the operational mission.
  • Security Control Assessment
    Security Control Assessment is the testing and/or evaluation of the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.  Security Control Assessment is the testing and/or evaluation of the management, operational, and technical security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system and/or enterprise.
  • Security Control Assessor
    A Security Control Assessor is the individual, group, or organization responsible for conducting a security control assessment.
  • Security Control Baseline
    A Security Control Baseline is the set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system. One of the sets of minimum security controls defined for federal information systems in NIST Special Publication 800-53 and CNSS Instruction 1253.
  • Security Control Effectiveness
    Security Control Effectiveness  is the measure of correctness of implementation (i.e., how consistently the control implementation complies with the security plan) and how well the security plan meets organizational needs in accordance with current risk tolerance.
  • Security Control Enhancements
    Security Control Enhancements are statements of security capability to 1) build in additional, but related, functionality to a basic control; and/or 2) increase the strength of a basic control. Statements of security capability to: (i) build in additional, but related, functionality to a security control; and/or (ii) increase the strength of the control.
  • Security Control Inheritance
    Security Control Inheritance is a situation in which an information system or application receives protection from security controls (or portions of security controls) that are developed, implemented, assessed, authorized, and monitored by entities other than those responsible for the system or application; entities either internal or external to the organization where the system or application resides.  See Common Control.
  • Security Controls
    Security Controls are the management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information
  • Security Controls Baseline
    Security Controls Baseline is the set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system.
  • Security Domain
    A Security Domain is a set of subjects, their information objects, and a common security policy it is also a collection of entities to which applies a single security policy executed by a single authority.  A domain that implements a security policy and is administered by a single authority.
  • Security Engineering
    Security Engineering is an interdisciplinary approach and means to enable the realization of secure systems.  It focuses on defining customer needs, security protection requirements, and required functionality early in the systems development life cycle, documenting requirements, and then proceeding with design, synthesis, and system validation while considering the complete problem.
  • Security Fault Analysis
    Security Fault Analysis is an assessment, usually performed on information system hardware, to determine the security properties of a device when hardware fault is encountered.
  • Security Features Users Guide
    (SFUG) A Security Features Users Guide is a guide or manual explaining how the security mechanisms in a specific system work.
  • Security Filter
    Security Filter is a secure subsystem of an information system that enforces security policy on the data passing through it.
  • Security Functions
    Security Functions are the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based.
  • Security Goals
    Security Goals are the five security goals are confidentiality, availability, integrity, accountability, and assurance.
  • Security Impact Analysis
    Security Impact Analysis is the analysis conducted by an organizational official to determine the extent to which changes to the information system have affected the security state of the system
  • Security Information and Event Management
    Security information and event management (SIEM) is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system.
  • Security Inspection
    A security inspection is the examination of an information system to determine compliance with security policy, procedures, and practices.
  • Security Kernel
    A security kernel is the Hardware, firmware, and software elements of a trusted computing base implementing the reference monitor concept.  A security kernel must mediate all accesses, be protected from modification, and be verifiable as correct
  • Security Label
    A security label is a marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource. Information that represents or designates the value of one or more security relevant-attributes (e.g., classification) of a system resource
  • Security Level
    A security level is a hierarchical indicator of the degree of sensitivity to a certain threat.  It implies, according to the security policy being enforced, a specific level of protection.
  • Security Management Dashboard
    A security management dashboard is a tool that consolidates and communicates information relevant to the organizational security posture in near real-time to security management stakeholders.  Security Marking – Human-readable information affixed to information system components, removable media, or output indicating the distribution limitations, handling caveats, and applicable security markings
  • Security Markings
    Security markings are human-readable indicators applied to a document, storage media, or hardware component to designate security classification, categorization, and/or handling restrictions applicable to the information contained therein.  For intelligence information, security markings could include compartment and sub-compartment indicators and handling restrictions.
  • Security Mechanism
    A security mechanism is a device designed to provide one or more security services usually rated in terms of strength of service and assurance of the design.
  • Security Net Control Station
    A security net control system is a management system overseeing and controlling implementation of network security policy
  • Security Objective
    A security objective pertains to confidentiality, integrity, or availability
  • SET
    A Secure Electronic Transaction (SET) is a communications protocol standard for securing credit card transactions over insecure networks. SET ensures that all parties (customers, merchant, and bank) are authenticated using digital signatures, encryption protects the message and provides integrity, and provides end-to-end security for credit card transactions online.
  • SFA
    Security Fault Analysis is an assessment, usually performed on information system hardware, to determine the security properties of a device when hardware fault is encountered.
  • SHA
    Secure Hash Algorithm (SHA)  is a hash algorithm with the property that is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest
  • SIEM
    Security information and event management (SIEM) is an approach to security management that combines SIM (security information management) and SEM (security event management) functions into one security management system.
  • SSH
    Software that allows administrators to securely access a remote computer.
  • SSL
    SSL or Secure Socket Layer is the standard security protocol for establishing an encrypted communication between a web server.