Glossary of Key Information Security Terms (NIST) part 24 / E

End Cryptographic Unit (ECU) –

Device that (1) performs cryptographic functions, (2) typically is part of a larger system for which the device provides security services, and (3) from the viewpoint of a supporting security infrastructure (e.g., a key management system), is the lowest level of identifiable component with which a management transaction can be conducted.

End-to-End Encryption –

Communications encryption in which data is encrypted when being passed through a network, but routing information remains visible. Encryption of information at its origin and decryption at its intended destination without intermediate decryption.

End-to-End Security –

Safeguarding information in an information system from point of origin to point of destination.

Enrollment Manager –

The management role that is responsible for assigning user identities to management and non-management roles.

Enterprise –

An organization with a defined mission/goal and a defined boundary, using information systems to execute that mission, and with responsibility for managing its own risks and performance. An enterprise may consist of all or some of the following business aspects: acquisition, program management, financial management (e.g., budgets), human resources, security, and information systems, information and mission management.

Enterprise Architecture (EA) –

The description of an enterprise’s entire set of information systems: how they are configured, how they are integrated, how they interface to the external environment at the enterprise’s boundary, how they are operated to support the enterprise mission, and how they contribute to the enterprise’s overall security posture.

Enterprise Risk Management –

The methods and processes used by an enterprise to manage risks to its mission and to establish the trust necessary for the enterprise to support shared missions. It involves the identification of mission dependencies on enterprise capabilities, the identification and prioritization of risks due to defined threats, the implementation of countermeasures to provide both a static risk posture and an effective dynamic response to active threats; and it assesses enterprise performance against threats and adjusts countermeasures as necessary.

Enterprise Service –

A set of one or more computer applications and middleware systems hosted on computer hardware that provides standard information systems capabilities to end users and hosted mission applications and services.

Entity 1 –

Either a subject (an active element that operates on information or the system state) or an object (a passive element that contains or receives information).

Entity 2 –

An active element in an open system.

Entity 3 –

Any participant in an authentication exchange; such a participant may be human or nonhuman, and may take the role of a claimant and/or verifier.

Entrapment –

Deliberate planting of apparent flaws in an IS for the purpose of detecting attempted penetrations.

Entropy –

A measure of the amount of uncertainty that an Attacker faces to determine the value of a secret. Entropy is usually stated in bits.

Environment –

Aggregate of external procedures, conditions, and objects affecting the development, operation, and maintenance of an information system.

Environment of Operation –

The physical surroundings in which an information system processes, stores, and transmits information. The physical, technical, and organizational setting in which an information system operates, including but not limited to: missions/business functions; mission/business processes; threat space; vulnerabilities; enterprise and information security architectures; personnel; facilities; supply chain relationships; information technologies; organizational governance and culture; acquisition and procurement processes; organizational policies and procedures; organizational assumptions, constraints, risk tolerance, and priorities/trade-offs).

Ephemeral Key –

A cryptographic key that is generated for each execution of a key establishment process and that meets other requirements of the key type (e.g., unique to each message or session). In some cases, ephemeral keys are used more than once within a single session (e.g., broadcast applications) where the sender generates only one ephemeral key pair per message, and the private key is combined separately with each recipient’s public key.

Erasure –

Process intended to render magnetically stored information irretrievable by normal means.

Error Detection Code –

A code computed from data and comprised of redundant bits of information designed to detect, but not correct, unintentional changes in the data.

Escrow –

Something (e.g., a document, an encryption key) that is "delivered to a third person to be given to the grantee only upon the fulfillment of a condition."

Evaluation Products List (EPL) –

List of validated products that have been successfully evaluated under the National Information Assurance Partnership (NIAP) Common Criteria Evaluation and Validation Scheme (CCEVS).