The Information Security Dictionary



Provides a relatively complete and easy-to-read explanation of common security, malware, vulnerability and infrastructure protection terms, without causing much damage to the usually slim student pocketbook.

This dictionary can help non-specialist readers better understand the information security issues encountered in their work or studying for their certification examination or whilst doing a practical assignment as part of a workshop. This book is also essential to a reference collection for an organization’s system personnel. Special attention is paid to terms which most often prevent
educated readers from understanding journal articles and books in cryptology, computing science, and information systems, in addition to applied fields that build on those disciplines, such as system design, security auditing, vulnerability testing, and role-based access management. The dictionary provides definitions that enable readers to get through a difficult article or passage. We do not, for the most part, directly explain how to conduct research or how to implement the terms briefly described.

List of Tables

  • Value of information – asset approach
  • Value of information – hard costs
  • Value of information – soft costs
  • Asset value of data/information or object
  • Assurance: Security – costs and benefits
  • Taxonomy of attacks
  • Attributes of attacks
  • Elements of attacks
  • Biometrics and authentication – access controls
  • Authentication – access controls
  • Biometrics and authentication – less effective
  • access controls
  • Critical Information Infrastructure Protection (CIIP) –
  • information sharing approaches
  • Critical Information Infrastructure Protection (CIIP) –
  • trusted information sharing network
  • Confidentiality, Integrity, Availability of Data, User
  • Accountability, Authentication and Audit (CIA-UAA)
  • A baseline for security – taxonomy of policies for
  • enhancing and supporting critical infrastructure
  • protection (CIP) efforts
  • Damages – using the asset and policy document
  • approach to quantify losses
  • Defense – what it might entail
  • Defense – possible escalations
  • Distributed denial-of-service (DDoS) attack – tools
  • to reduce the risk for a successful DDoS
  • E-government
  • Criteria for an electronic (e-voting) system – voter and votes
  • Criteria for an electronic (e-voting) system – election
  • system and process
  • Encryption-decryption algorithms
  • Encryption-decryption algorithms
  • Firewalls
  • System safety and security - system complexity
  • System safety and security – failure of safety
  • System safety and security – human behavior
  • and techno babble
  • Information theory
  • Information as a concept
  • Intrusion detection
  • Intrusion Detection System (IDS) – evolving
  • terminology
  • Intrusion Detection System (IDS) – calculating
  • Return on Investment (ROI)
  • Jurisdiction
  • Justice, ethics, morality and rights – Or how do
  • these concepts relate to code of conduct
  • Key management
  • Key recovery (KR) – trusted third party
  • encryption (TTPE)
  • Learning and type of training
  • Information security skills (ISS)
  • Defining malware – a simplified structure
  • Vulnerabilities and malware
  • Types of malware – categorization
  • Digital divide and broadband connection
  • Reducing digital divide – different technologies
  • with different suppliers
  • Password issues
  • Password use, policy and best practice
  • Vulnerabilities and malware - managing patches
  • and upgrades – corporate users
  • Vulnerabilities and malware - managing patches
  • and upgrades as a Small and Medium-Sized
  • Enterprises (SMEs) or a home user
  • Policies and IT-resources – appropriate user behaviors
  • Privacy and asymmetric information spaces – definition and principles
  • Privacy and asymmetric information spaces – properties and boundaries
  • Cognitive and emotional components of risk – perception and worry
  • Risk – experts versus lay-people
  • The business perspective of internet and IT security risks
  • The user’s perspective of internet and IT security risks
  • Network security risks – visibility and vulnerability
  • Schemata with the scientific roots of information
  • security – the birth of schematics
  • Defining security and safety for information
  • systems-related products and services
  • Security engineering versus safety engineering
  • Security engineering for a small and medium-sized
  • enterprise (SME)
  • Differentiating threat, vulnerability and risk at one glance
  • Typology of threats: Two main types
  • Taxonomy for structured and unstructured threats
  • Further classification of typology of threats
  • and their taxonomy
  • Definition of criteria to be used for evaluating threat
  • level for malware and vulnerabilities
  • Threat level definition – malware
  • Threat level definition – software/operating
  • system vulnerabilities
  • Types of viruses – categorization
  • Taxonomy of vulnerabilities
  • Constituencies for a WARP
  • Focus and functions for a WARP
  • Leaks and security lapses in Wi-Fi 802.11
  • Worms

Download PDF

Happy learning!

Friendly Websites