Permission to write to an object in an information system.

World Wide Web; also shortened to Web. Although WWW is used by many as being synonymous with the Internet, the WWW is actually one of numerous services on the Internet. This service allows email, images, sound, and newsgroups.

The CITT and ISO standard for electronic directory services.

A standard that is part of the X. 500 specifications and defines the format of a public key certificate.

An attack on a system that exploits vulnerabilities that are unknown to others. Typically, it indicates that a vulnerability known to one or more attackers isn’t known to the vendor. In some cases the vendor may know about the vulnerability but hasn’t written or released a patch for the vulnerability yet.

To fill unused storage locations in an information system with the representation of the character denoting “0. ”

A concept of communication whereby a specific type of information is exchanged but no real data is exchanged. Good examples of this idea are digital signatures and digital certificates.

These possess only primary information about an organization during a security assessment or penetration test.

A software testing tool that automates the process of mutation fuzzing by manipulating input according to user specifications.

1. Initiation and planning
At this stage, the administration initiates and plans the implementation of the program. A C&A implementation expert lays out the documentation (including the business case and requirement documents) and presents it to the administration in the form of a comprehensive C&A package.
 

2. Certification
At this stage, an external auditing team analyzes the C&A package and the information security systems of the organization. The audits will include running vulnerability scans, conducting interviews, and checking if everything complies with the accepted standards and norms.
 

3. Accreditation
In the accreditation stage, the certifying authority will review the compiled C&A package and will also go through the recommendations put forward by the auditing team. Before granting the accreditation, the authority will make its examination and see if there is a possibility of accepting non-remedied risks in the system.
 

4. Periodic monitoring
The system, the personnel, and the whole organization in general will be monitored periodically by a team whose sole responsibility is to ensure that the program stays operational as it should. Any risks, vulnerabilities, or threats that might arise during the monitoring stage will also have to be dealt with by the security enforcers of the organization.