top of page

Securadin's Glossary of Terms

When an organization is faced with having to work to increase the protection of its information and data, there is a lot of unknown terms and words.  It can be overwhelming, frustrating, confusing...  Any verb you can think of.  That's why Securadin's team decided it was important to create a glossary of terms and definitions. 

 

If you come across a word or term during any part of the process for your organization that you do not recognize and it is not in the glossary - let us know! We will be delighted to explain the term to you and add it to our glossary.

Whether we are assisting you with awareness, gap assessment, ISMS, ISO 27001:2022 - whatever it may be, please do not hesitate to ask if we use a term, phrase, or abbreviation you are unsure of. Securadin believes in empowering each other through education.

 

Remember, for Securadin, your success is our success.

Learn About Our Services

Secuardin offers a wide range of services for all types of organizations.  Review our offerings.

  • Asset
    Anything that has value to internal or external stakeholders.
  • Asset Owner
    Person or entity that is the custodian or responsible for the welfare our Client's asset. The asset owners of an information asset are those individuals who have primary responsibility for the viability and survivability of the asset.
  • Asymmetric Cryptosystem
    A method of encryption in which two different keys are used: one for encrypting and one for decrypting the data (e.g., public-key encryption).
  • Authentication
    Provision of assurance that a claimed characteristic of an entity is correct.
  • Authenticity
    Property that an entity is what it claims to be.
  • Availability
    The property of being accessible and usable upon demand by an authorized entity.
  • Blogging
    Writing a blog. A blog (short for weblog) is a personal online journal that is frequently updated and intended for general public consumption.
  • Business Continuity (BC)
    The process of restoring a client's service delivery to the customer base following an interruption in services, e.g., natural disasters or power outages.
  • Cable Modem
    Cable companies such as AT&T Broadband provide internet access over cable tv coaxial cable. A cable modem accepts this coaxial cable and can receive data from the internet at over 1.5 mbps. Cable is widely, but not universally, available to consumers.
  • Challenge Handshake Authentication Protocol (CHAP)
    Challenge Handshake Authentication Protocol (CHAP) is an authentication method that uses a one-way hashing function. CHAP is primarily used with asymmetric communication channels (e.g., broadband)
  • The CIA Approach
    Confidentiality, Integrity, and Availability.
  • Compliance
    The ability to meet information security requirements described within laws, regulations, or industry-based standards (e.g., rules of external origin).
  • Confidentiality
    The property that information is not made available or disclosed to unauthorized individuals. entities, or processes.
  • Conformance
    The ablilty to meet information security requirements described in the client's policies or standards (e.g., rules of internal origin)
  • Corrective Action (CA)
    The action to eliminate the cause of a nonconformity.
  • Change Request (CR)
    A change request is a formal proposal for an alteration to some product or system.
  • Disaster Recovery (DR)
    Disaster Recovery (DR) is the recovery of corporate information systems and infrastructure following a disruption. This term is often interchanged with system recovery, below, and is a subset of business continuity
  • Digital Subscriber Line (DSL)
    Digital Subscriber Line (DSL) is a form of high-speed internet access competing with cable modems. DSL works over standard phone lines and supports data speeds over 2 mbps downstream (to the user) and slower speeds upstream (to the internet)
  • Dual Homing
    Having concurrent connectivity to more than one network from computer or network device. Examples include: being logged into the corporate network via local ethernet connection, and dialing into AOL or other internet service providers (ISPs). Being on a partner's provided remote access home network, and connecting to another network, such as a spouse's remote access. Configuring an ISDN router to dial into a partner's and an ISP, depending on packet destination.
  • Encryption
    A procedure (mathematical algorithm) used to convert data from its original form to a format that is unreadable and/or unusable to anyone without the tools/information needed to reverse the encryption process.
  • FinTech
    Financial Technology referring to software, mobile applications, and other technologies created to improve and automate traditional forms of finance for businesses and consumers alike.
  • Information Security
    The preservation of confidentiality, integrity, and availability of information in any form.
  • Information Security Domain
    Implementation specific area defined by physical or logical boundaries. Domains serve as the basis for risk assessments, as well as ISO/IEC 27001 certification.
  • Information Security Guideline
    Supports security objectives by offering "good practice" advice.
  • Information Security Plan
    Supports service realization by defining strategic roadmaps.
  • Information Security Policy
    Provides management direction and support for information security in accordance with business and regulatory requirements, as well as management intentions. Policy statements are high-level and generally change infrequently.
  • Information Security Procedure
    Supports process by defining detailed steps to be followed by users, system operations personnel, or others to accomplish a specific task. Procedures are derived from proccesses?
  • Information Security Process
    Supports services by defining measurable, enterprise-wide actions that define a set of interrelated activities designed to provide an information security function. Processes serve as the basis for domain/platform specific procedures. Every process has a trigger, owner, input, output and measurement criteria.
  • Information Security Program
    Supports policy by coordinating multiple services in support of policy goals. The program provides enterprise-wide governance and oversight of all information security domains. The program is not specific to any one department.
  • Information Security Service
    Supports the Information Security Program by providing capabilities to satisfy program objectives.
  • Information Security Specification
    Supports information security policies and standards by defining domain specific details that demonstrate conformance to a standard or support for security requirements.
  • Information Security Standard
    Supports policy by defining enterprise-wide, minimum security requirements. Standards codify risk-based requirements. Standards are implimentation neutral and can be platform/technology specific.
  • Integrity
    The property of safeguarding the accuracy and completeness of assets.
  • IPSEC Concentrator
    A device in which multiple VPN connections can be terminated.
  • ISDN
    There are two flavors of Integrated Services Digital Network or ISDN: BRI and PRI. BRI is used for home office/remote access. BRI has two bearer channels at 64kbit (aggregate 128kb) and 1 D channel for signaling info.
  • ISMS
    Information Security Management System.
  • Malware
    Software of malicious intent/impact such as viruses, worms and spyware.
  • Proprietary Encryption
    An algorithm that has not been made public and/or has not withstood public scrutiny. The developer of the algorithm could be a vendor, an individual or the government.
  • Reliability
    The property of consistent intended behavior and results.
  • Remote Access
    Any access to a guest's corporate network through a non-guest controlled network, device or medium.
  • Removable Media
    Device or media that is readable and/or writeable by the end user and is able to be moved from computer to computer without modification tot eh computer. This includes flash memory devices such as thumb drives, cameras, MP3 players and PDAs; removable hard drives (including hard drive-based MP3 players); optical disks such as CD and DVD disks; floppy disks and any commercial music and software disks not provided by Guests.
  • Residual Risk
    The risk remaining after application of controls as described in the risk assessment after risk treatment.
  • Responsibility Agreement
    An agreement between two or more information security domains or functional departments defining accountabilities and responsibilities for specified information security functions. Responsibility agreements also define the criteria and reporting requirements for measuring the effectiveness of specified information security controls.
  • Risk
    The probability that a threat will exploit a vulnerability, resulting in loss or harm to an asset, or precluding the organization from reaching a goal or objective. Risk is a combination of the probability of an event and its expected consequences.
  • Risk Owner
    The person or entity with the accountability and authority to mitigate risk.
  • Risk Acceptance
    An informed-choice decision to accept risk.
  • Risk Assessment
    The overall process of risk identification, risk analysis and risk evaluation. Risk assessment is used to identify, evaluate, and prioritize risks against criteria for risk acceptance and objectives relevant to the Guest. Risk assessment includes the systematic approach of estimating the magnitude of risks and the process of comparing the estimated risks against risk criteria to determine the significance of risks.
  • Risk Management
    Coordinated activities to direct and control an organization with regard to risk.
  • Risk Owner
    The person or entity with the accountability and authority to mitigate risk. They will be consulted as required during risk assessments and make decisions concerning corrective action plans resulting from the risk assessment process..
  • Risk Treatment
    Process of selection and implementation of measures to modify risk.
  • RPO
    Recovery Point Objective is the time (relative to the disaster) to which you plan to recover your data. For example, if you make overnight backups, the recovery point objective will often e the end of the previous day's activity.
  • RTO
    Recovery Time objective is the time period after a disaster at which computing or business functions need to be restored Different business functions may have different recovery time objectives. For example, the recovery time objective for the payroll function may be two weeks, whereas the recovery time objectives for sales order processing may be two days.
  • Sensitive Information
    Information which, if made available to unauthorized persons, may adversely affect the Guests, its programs, or participants served by its programs. Examples include, but are not limited to, personal identifiers and financial information. Refer to the Information Protection Standard for more details.
  • Shall or Must
    The words "shall" or "must" indicate a mandatory requirement which cannot be avoided. Failure to meet this requirement will result in an increase to risk, which may be subject to risk treatment options. Non-conformance may be allowed as a time-limited, managed exception if risk is justified and accepted.
  • Should
    The word "should" indicates a mandatory requirement which can be avoided. "Should" means the requirement must be met unless there is a valid technical or business reason to allow non-conformance, or compensating controls have been applied. Failure to met this requirement will result in an increase to risk, which may be subject to risk treatment options. Non-conformance can be allowed providing risk is justified and accepted.
  • Site-to-Site VPN
    A secured connection established between headquarters and remote offices or between the company and its clients.
  • SMB
    Small to Medium Sized Business.
  • Spam
    Unauthorized and/or unsolicited electronic mass mailings.
  • Split Tunneling
    Simultaneous direct access to a non-<<Client Name>> network (such as the Internet or a home network) from a remote device (PC, PDA, WAP phone, etc.) while connected into <<Client Name>>'s corporate network via a VPN tunnel.
  • Stakeholder
    Person or organization that can affect, be affected by or perceive themselves to be affected by a decision or activity.
  • Symmetric Cryptosystem
    A method of encryption in which the same key is used for both encryption and decryption of the data.
  • System Recovery
    The restoration of computing and communications infrastructure after an interruption.
  • Threat
    A potential event resulting in an unwanted incident, which may result in harm to a system or organization.
  • Two Factor Authentication
    To authenticate with two different elements: something you know (password or PIN) and something you have (token). <<Client Name>> implements the Cisco VPN Client, using a strong username/password combination and an RSA SecurID token's one-time key code for remote user authentication.
  • VPN
    Virtual Private Network (VPN) is a method for accessing a remote network via an encrypted Internet connection.
  • VPN Client
    The approved VPN client, currently Cisco VPN Client, is a software program used to established an IP Sec (encrypted) connection between remote users and the Guest network.
  • Vulnerability
    A weakness of an asset or group of assets that can be exploited by one or more threats.
  • Business Continuity Plan (BCP)
    Business Continuity Plan (BCP) is a system of prevention and recovery from potential threats to a company. The plan ensures that personnel and assets are protected and are able to function quickly in the event of a disaster.
bottom of page