Dictionary · NERC CIP-007-6 (System Security Management) v6

To deal with an issue.

A warning that something has changed, a threshold has been reached, or a failure has occurred.

To examine or evaluate formally with the intent of making changes if necessary.

To have or maintain possession of something.

To assess or form an idea of the nature, quality, ability, amount, number, or value of something.

To restrict or assign boundaries to something.

To bring something or cause to come into existence; originate; make; design.

To modernize or bring up to date.

To break down or cease to work properly.

To make, or become different; alter.

To produce or cause something to come about; create.

To keep in possession.

To establish, indicate, or verify who or what someone or something is.

To put a new system into effect.

The action of employing something or the state of being put into action for some purpose.

To keep something from happening or stop someone from doing something.

To look over again and alter something in the light of further evidence.

To bring or put into action or use.

To shield or defend from danger, harm, injury, loss, destruction, or damage.

To lessen or to try to lessen the severity, pain, seriousness, extent, or gravity of.

To make a comprehensive complete list of things.

To compel obedience to, observance of, or compliance with laws, rules, duties, or commitments.

A weakness in an information system, administrative controls, internal controls, system security practices and procedures, implementation, or physical layout that could be accidentally triggered or intentionally exploited by a threat in order to gain unauthorized access to information or disrupt processing.

A process of interaction with a communications system by one or more users to enable initiation of user information transfer. The process begins with the granting of an access request by an access originator, and ends in either successful access or access failure.

A category for various accounts that are on a computer system.

A set of rules that defines what set of characters and the amount of characters a password must contain.

A setting that defines a condition or requirement that a password must match.

A file containing software or operating system code that is intended to correct a vulnerability, a defect, or to improve the functioning of code.

One of the many process associated with the patching of software applications and the situations when an organization is forced to make emergency configuration changes that may reduce functionality to protect the organization from exploitation of the vulnerability.

In computer networking, a designated range of port numbers. Port numbers are divided into three ranges: well-known ports, registered ports, and dynamic or private ports.

A particular series of actions or steps to bring about a certain outcome; series of procedures.

A formal statement of a necessary condition; something needed.

Any group or even individual with an organization that has been given a particular responsibility for a particular process.

This record contains detailed proposals intended to reduce the risks to a critical asset, typically including actions or countermeasures designed to counter the threats to assets.

The unauthorized access to a facility or to information. A breach of established security systems.

Computer code intended to repair or lessen the impact of vulnerabilities within application software.

An adverse event where a threat or exploit may compromise a computer system and cause: loss of data confidentiality, disruption of system or data integrity, or disruption or denial of availability of the system and/or data.

A single local account created for a group, with one user name and one password.

To demonstrate or prove.

A recognizable, distinguishing pattern associated with an attack, such as a binary string in a virus or a particular set of keystrokes used to gain unauthorized access to a system.

The place, person, or thing where something begins or comes into being.

The level which must be exceeded in order for a certain reaction, phenomenon, result, or condition to occurred or be manifested.

To ascertain the performance, reliability, or quality of something.

A specified period of time for something to be done or take place.

Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability.

Follow the course, trail, or progress of.

A failed attempt to receive authentication to access a system.

The degree to which something is applicable or relevant.

Bring or put into operation or practical use.

A security-relevant chronological record, set of records, and/or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event.

Any of the various triggering actions that cause an application to write a new entry into the log.

An individual entry in an audit log related to an audited event.

The verification of the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.

Access to system components that (a) has been approved by a person designated to do so by management and (b) does not compromise segregation of duties, confidentiality commitments, or otherwise increase risk to the system beyond the levels approved by management (that is, access is appropriate).

A computer port is a connection point or interface between a computer and an external or internal device. Internal ports may connect such devices as hard drives and CD ROM or DVD drives; external ports may connect modems, printers, mice and other devices.

The state of being in accordance with laws, regulations, industry codes, organizational standards, or contractual arrangements.

The North American Electric Reliability Corporation (NERC) or the Regional Entity in their respective roles of monitoring and enforcing compliance with the NERC Reliability Standards.

Programmable electronic devices and communication networks including hardware, software and data.

Computer code intended to fix a cybersecurity vulnerability.

A subset of information in an electronic format that allows it to be retrieved or transmitted. (CNSSI-4009)

Password on system administration, user, or service accounts predefined in a system, application, or device; usually associated with default account. Default accounts and passwords are published and well known, and therefore easily guessed.

Discourage (someone) from doing something by instilling doubt or fear of the consequences.

Discover, investigate, or discern the existence or presence of something.

In Computing: to make a device or system ready for use; activate.

The purpose of this task is to record the actions performed on a system.

Information used to establish facts.

Any observable occurrence in a system and/or network. Events sometimes provide indication that an incident is occurring. (CNSSI-4009).

A basic resource that helps provide information about network traffic, usage and other conditions. An event log stores these data for retrieval by security professionals or automated security systems to help network administrators manage various aspects such as security, performance and transparency.

The condition or action of not functioning.

The process or act of establishing who or what someone or something is.

Make part of a whole or set.

A human being.

Any communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual.

Set up for use.

User access to an operating system by means of a log-in through a Graphical User Interface.

The work of inquiring into something thoroughly and systematically.

To record an event or transaction in an organized record-keeping system, usually sequenced in the order they occurred.

Any failed or aborted activity of logging in.

Software or firmware designed to infiltrate or damage a computer system without the owner's knowledge or consent, with the intent of compromising the confidentiality, integrity, or availability of the owner’s data, applications, or operating system. Such software typically enters a network during many business-approved activities, which results in the exploitation of system vulnerabilities. Examples include viruses, worms, Trojans (or Trojan horses), spyware, adware, and rootkits.

This purpose of policy is to prevent malicious code attacks from happening, and if they should happen, to quarantine the infected systems and eradicate the malicious code before it spreads further.

The smallest possible quantity.

A means or particular procedure for accomplishing or approaching something.

This policy setting determines the least number of characters that make up a password for a user account. There are many different theories about how to determine the best password length for an organization, but perhaps "pass phrase" is a better term than "password." In Microsoft Windows 2000 or later, pass phrases can be quite long and can include spaces. Therefore, a phrase such as "I want to drink a $5 milkshake" is a valid pass phrase; it is a considerably stronger password than an 8 or 10 character string of random numbers and letters, and yet is easier to remember. Users must be educated about the proper selection and maintenance of passwords, especially with regard to password length. In enterprise environments, the ideal value for the Minimum password length setting is 14 characters, however you should adjust this value to meet your organization's business requirements.

Require (something) because it is essential or very important.

A network port is a process-specific or an application-specific software construct serving as a communication endpoint, which is used by the Transport Layer protocols of Internet Protocol suite, such as User Diagram Protocol (UDP) and Transmission Control Protocol (TCP).

The failure to achieve performance criteria of a regulation or authority.

An arithmetical value, expressed by a word, symbol, or figure , representing a particular quantity and used in counting and making calculations and for showing order in a series or for identification.

The changing of a user's password.