Glossary
Term Description
Computer security
Measures and controls that ensure confidentiality, integrity, and availability of information system assets including hardware, software, firmware, and information being processed, stored, and communicated. The practice of protecting a computer system against internal failures, human error, attacks, and natural catastrophes that might cause improper disclosure, modification, destruction, or denialofservice.
Computer Security Incident
A violation, or imminent threat of a violation, of a security policy or practice within the organization. Computer security incidents are the result of an attack, malware infection, or inappropriate usage by employees. See incident.
COMSEC account
Administrative entity, identified by an account number, used to maintain accountability, custody, and control of COMSEC material. Administrative entity, identified by an account number, used to maintain accountability, custody, and control of COMSec material.
COMSEC custodian
Individual designated by proper authority to be responsible for the receipt, transfer, accounting, safeguarding, and destruction of COMSEC material assigned to a COMSEC account. Person designated by proper authority to be responsible for the receipt, transfer, accounting, safeguarding, and destruction of COMSec material assigned to a COMSec account.
Concentrator
A computer that consolidates the signals from any slower speed transmission lines into a single, faster line or performs the reverse function. See repeater.
Confidentiality
“Preserving authorized restriction on information access and disclosure, including means for protecting personal privacy and proprietary information. ” (44 USC Sec. 3542)A concept that applies to data that must be held in confidence and describes that status or degree of protection that must be provided for such data about individuals as well as organizations. Assurance that information is not disclosed to unauthorized individuals, processes, or devices. The assurance that information is protected from unauthorized disclosure and the defined level of secrecy is maintained throughout all subject-object interactions.
Configuration control
Process of controlling modifications to hardware, firmware, software, and documentation to ensure the information system is protected against improper modifications prior to, during, and after system implementation. The process of controlling modifications to the system’s hardware, firmware, software, and documentation that provides sufficient assurance that the system is protected against the introduction
Configuration Management
Management of security features and assurances through control of changes made to hardware, software, firmware, documentation, test, test fixtures, and test documentation throughout the life cycle of an information system. The process of logging, auditing, and monitoring activities related to security controls and security mechanisms over time. This data is then used to identify agents of change, whether objects, subjects, programs, communication pathways, or even the network itself. The use of procedures appropriate for controlling changes to a system’s hardware, software, or firmware structure to ensure that such changes will not lead to a weakness or fault in the system.
Consistency
Logical coherency among all integrated parts; also, adherence to a given set of instructions or rules. One of the four required characteristics of all database transactions (the other three are atomicity, isolation, and durability). All transactions must begin operating in an environment that is consistent with all of the database’s rules.
Contamination
The result of mixing of data with a different classification level and/or need-to-know requirement. Type of incident involving the introduction of data of one security classification or security category into data of a lower security classification or different security category.