Dictionary · Information Technology Laboratory Computer Security Resource Center Glossary

Set of cohesive tasks of a process.

A comparison between a device under test and an established standard, such as UTC(NIST). When the calibration is finished, it should be possible to state the estimated time offset and/or frequency offset of the device under test with respect to the standard, as well as the measurement uncertainty.

process that removes the association between the identifying dataset and the data subject

A hardware/software system implemented to satisfy a particular set of requirements.

The loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or any similar occurrence where: a person other than an authorized user accesses or potentially accesses personally identifiable information; or an authorized user accesses personally identifiable information for another than authorized purpose.

A set of processes that ensures that data assets are formally managed throughout the enterprise. A data governance model establishes authority and management and decision making parameters related to the data produced or managed by the enterprise.

An algorithm that, given the same inputs, always produces the same outputs.

Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself.

Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.

A person, organization, or other entity which requests access to and uses the resources of a computer system or network.

Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity.

The principle that a security architecture should be designed so that each entity is granted the minimum system resources and authorizations that the entity needs to perform its function.

Measuring the characteristics of expected activity so that changes to it can be more easily identified.

A group of people authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s security posture. The Red Team’s objective is to improve enterprise cybersecurity by demonstrating the impacts of successful attacks and by demonstrating what works for the defenders (i.e., the Blue Team) in an operational environment. Also known as Cyber Red Team.