Glossary of Key Information Security Terms (NIST) part 37 / K

Key Logger –

A program designed to record which keys are pressed on a computer keyboard used to obtain passwords or encryption keys and thus bypass other security measures.

Key Management –

The activities involving the handling of cryptographic keys and other related security parameters (e.g., IVs and passwords) during the entire life cycle of the keys, including their generation, storage, establishment, entry and output, and zeroization.

Key Management Device –

A unit that provides for secure electronic distribution of encryption keys to authorized users.

Key Management Infrastructure –

All parts – computer hardware, firmware, software, and other equipment and its documentation; facilities that house the equipment and related functions; and companion standards, policies, procedures, and doctrine that form the system that manages and supports the ordering and delivery of cryptographic material and related information products and services to users.

Logic Bomb –

A piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.

Logical Completeness Measure –

Means for assessing the effectiveness and degree to which a set of security and access control mechanisms meets security specifications.

Logical Perimeter –

A conceptual perimeter that extends to all intended users of the system, both directly and indirectly connected, who receive output from the system without a reliable human review by an appropriate authority. The location of such a review is commonly referred to as an “air gap.”

Long Title –

Descriptive title of a COMSEC item.

Low Impact –

The loss of confidentiality, integrity, or availability that could be expected to have a limited adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the United States; (i.e., 1) causes a degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is noticeably reduced; 2) results in minor damage to organizational assets; 3) results in minor financial loss; or 4) results in minor harm to individuals).

Low-Impact System –

An information system in which all three security objectives (i.e., confidentiality, integrity, and availability) are assigned a FIPS 199 potential impact value of low. An information system in which all three security properties (i.e., confidentiality, integrity, and availability) are assigned a potential impact value of low.

Low Probability of Detection –

Result of measures used to hide or disguise intentional electromagnetic transmissions.

Low Probability of Intercept –

Result of measures to prevent the intercept of intentional electromagnetic transmissions. The objective is to minimize an adversary’s capability of receiving, processing, or replaying an electronic signal.

Macro Virus –

A virus that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute and propagate.

Magnetic Remanence –

Magnetic representation of residual information remaining on a magnetic medium after the medium has been cleared. See Clearing.

Maintenance Hook –

Special instructions (trapdoors) in software allowing easy maintenance and additional feature development. Since maintenance hooks frequently allow entry into the code without the usual checks, they are a serious security risk if they are not removed prior to live implementation.

Maintenance Key –

Key intended only for in-shop use.

Major Application –

An application that requires special attention to security due to the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of the information in the application. Note: All federal applications require some level of protection. Certain applications, because of the information in them, however, require special management oversight and should be treated as major. Adequate security for other applications should be provided by security of the systems in which they operate.

Major Information System –

An information system that requires special management attention because of its importance to an agency mission; its high development, operating, or maintenance costs; or its significant role in the administration of agency programs, finances, property, or other resources.

Malicious Applets –

Small application programs that are automatically downloaded and executed and that perform an unauthorized function on an information system.

Malicious Code –

Software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system. A virus, worm, Trojan horse, or other code-based entity that infects a host. Spyware and some forms of adware are also examples of malicious code.