Dictionary · NIST SP 800-12

A specific sequence of events indicative of an unauthorized access attempt.

Preprocessors designed to reduce the volume of audit records to facilitate manual review. Before a security review, these tools can remove many audit records known to have little security significance. These tools generally remove records generated by specified classes of events, such as records generated by nightly backups.

Communications encryption in which data is encrypted when being passed through a network, but routing information remains visible.

The process used to view or record both the keystrokes entered by a computer user and the computer’s response during an interactive session. Keystroke monitoring is usually considered a special case of audit trails.

The security objective of granting users only those accesses they need to perform their official duties.

Link encryption encrypts all of the data along a communications path (e.g., a satellite link, telephone circuit, or T1 line). Since link encryption also encrypts routing data, communications nodes need to decrypt the data to continue routing.

Involves 1) the process of requesting, establishing, issuing, and closing user accounts; 2) tracking users and their respective access authorizations; and 3) managing these functions.

Individuals who have access to set “access rights” for users on a given system. Sometimes referred to as system or network administrative accounts.