Glossary of Key Information Security Terms (NIST) part 25 / E - F

studied byStudied by 4 people
5.0(1)
Get a hint
Hint

Evaluation Assurance Level (EAL) –

1 / 19

flashcard set

Earn XP

20 Terms

1

Evaluation Assurance Level (EAL) –

Set of assurance requirements that represent a point on the Common Criteria predefined assurance scale.

New cards
2

Event –

Any observable occurrence in a network or system. Any observable occurrence in a system and/or network. Events sometimes provide indication that an incident is occurring.

New cards
3

Examination –

A technical review that makes the evidence visible and suitable for analysis; tests performed on the evidence to determine the presence or absence of specific data.

New cards
4

Examine –

A type of assessment method that is characterized by the process of checking, inspecting, reviewing, observing, studying, or analyzing one or more assessment objects to facilitate understanding, achieve clarification, or obtain evidence, the results of which are used to support the determination of security control effectiveness over time.

New cards
5

Exculpatory Evidence –

Evidence that tends to decrease the likelihood of fault or guilt.

New cards
6

Executive Agency –

An executive department specified in 5 United States Code (U.S.C.), Sec. 101; a military department specified in 5 U.S.C., Sec. 102; an independent establishment as defined in 5 U.S.C., Sec. 104(1); and a wholly owned government corporation fully subject to the provisions of 31 U.S.C., Chapter 91.

New cards
7

Exercise Key –

Cryptographic key material used exclusively to safeguard communications transmitted over-the-air during military or organized civil training exercises.

New cards
8

Expected Output –

Any data collected from monitoring and assessments as part of the Information Security Continuous Monitoring (ISCM) strategy.

New cards
9

Exploit Code –

A program that allows attackers to automatically break into a system.

New cards
10

Exploitable Channel –

Channel that allows the violation of the security policy governing an information system and is usable or detectable by subjects external to the trusted computing base. See Covert Channel.

New cards
11

Extensible Configuration Checklist Description Format (XCCDF) –

SCAP language for specifying checklists and reporting checklist results.

New cards
12

External Information System (or Component) –

An information system or component of an information system that is outside of the authorization boundary established by the organization and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness.

New cards
13

External Information System Service –

An information system service that is implemented outside of the authorization boundary of the organizational information system (i.e., a service that is used by, but not a part of, the organizational information system) and for which the organization typically has no direct control over the application of required security controls or the assessment of security control effectiveness.

New cards
14

External Information System Service Provider –

A provider of external information system services to an organization through a variety of consumer-producer relationships, including but not limited to: joint ventures; business partnerships; outsourcing arrangements (i.e., through contracts, interagency agreements, lines of business arrangements); licensing agreements; and/or supply chain exchanges.

New cards
15

External Network –

A network not controlled by the organization.

New cards
16

External Security Testing –

Security testing conducted from outside the organization’s security perimeter.

New cards
17

Extraction Resistance –

Capability of crypto-equipment or secure telecommunications equipment to resist efforts to extract key.

New cards
18

Extranet –

A private network that uses Web technology, permitting the sharing of portions of an enterprise’s information or operations with suppliers, vendors, partners, customers, or other enterprises.

New cards
19

Fail Safe –

Automatic protection of programs and/or processing systems when hardware or software failure is detected.

New cards
20

Fail Soft –

Selective termination of affected nonessential processing when hardware or software failure is determined to be imminent.

New cards

Explore top notes

note Note
studied byStudied by 11 people
... ago
5.0(2)
note Note
studied byStudied by 3906 people
... ago
4.7(25)
note Note
studied byStudied by 13 people
... ago
5.0(1)
note Note
studied byStudied by 17 people
... ago
5.0(1)
note Note
studied byStudied by 58 people
... ago
4.5(2)
note Note
studied byStudied by 60 people
... ago
5.0(1)
note Note
studied byStudied by 3 people
... ago
5.0(1)
note Note
studied byStudied by 108 people
... ago
5.0(4)

Explore top flashcards

flashcards Flashcard (20)
studied byStudied by 1 person
... ago
5.0(1)
flashcards Flashcard (31)
studied byStudied by 3 people
... ago
5.0(1)
flashcards Flashcard (20)
studied byStudied by 1 person
... ago
5.0(1)
flashcards Flashcard (86)
studied byStudied by 2 people
... ago
5.0(1)
flashcards Flashcard (56)
studied byStudied by 2 people
... ago
5.0(1)
flashcards Flashcard (77)
studied byStudied by 254 people
... ago
5.0(3)
flashcards Flashcard (38)
studied byStudied by 9 people
... ago
5.0(1)
flashcards Flashcard (101)
studied byStudied by 28 people
... ago
5.0(2)
robot