All > Technology > Security > Biometrics
Technology that uses low-powered radio transmitters to read data stored in a transponder (tag). RFID tags can be used to track assets, manage inventory, authorize payments, and serve as electronic keys. RFID is not a biometric.
- Browse Related Terms: Encryption, Infrared, PIXEL, Pixels Per Inch (PPI), Radio Frequency Identification (RFID), resolution
All > Technology > Security
Random Number Generators (RNGs) used for cryptographic applications typically produce a sequence of zero and one bits that may be combined into sub-sequences or blocks of random numbers. There are two basic classes: deterministic and nondeterministic. A deterministic RNG consists of an algorithm that produces a sequence of bits from an initial value called a seed. A nondeterministic RNG produces output that is dependent on some unpredictable physical source that is outside human control.
- Browse Related Terms: Collision, cryptographic algorithm, Hashing, One-Way Hash Algorithm, Pseudorandom number generator (PRNG), Public Seed, Random Number Generator (RNG)
All > Technology > Security
To change the value of a cryptographic key that is being used in a cryptographic system application; this normally entails issuing a new certificate on the new public key.
- Browse Related Terms: CA (Certification Authority), certification, Certification Practice Statement (CPS), CRL (Certificate Revocation List), Duration, On-Line Certificate Status Protocol (OCSP), Online Certification Status Protocol (OCSP), public key infrastructure (PKI), Re-key (a certificate), Renew (a certificate), Update (a Certificate), X.509 Certificate, X.509 Public Key Certificate
All > Technology > Security > Biometrics
A method of showing measured accuracy performance of a biometric system. A verification ROC compares false accept rate vs. verification rate. An open-set identification (watchlist) ROC compares false alarm rates vs. detection and identification rate.
- Browse Related Terms: Accuracy, Crossover Error Rate (CER), D-Prime (D'), Degrees of Freedom, Detection Error Trade-off (DET) Curve, Equal Error Rate (EER), False Match Rate, False Non-Match Rate, Performance, Receiver Operating Characteristics (ROC), Verification Rate
All > Technology > Security
The period of time during the cryptoperiod of a symmetric key when protected information is processed. The recipient usage period of the key is usually identical to the cryptoperiod of that key.
- Browse Related Terms: authenticate, Authentication, Authentication, Electronic, Electronic Authentication (E-authentication), Electronic Credentials, Identification, Identity Management, Identity Proofing, Personal Identity Verification Registration Authority, Pseudonym, Recipient Usage Period, registration, Relying Party, Subject, Verified Name
All > Technology > Security > Biometrics
A generic term used in the description of biometric systems (e.g. face recognition or iris recognition) relating to their fundamental function. The term "recognition" does not inherently imply verification, closed-set identification or open-set identification (watchlist).
- Browse Related Terms: Algorithm, Authentication, Automated Biometric Identification System (ABIS), Feature, Feature Extraction, Hamming Distance, IrisCode©, Modality, model, Multimodal Biometric System, Recognition, reference, Template
All > Technology > Security > Biometrics
The template and other information about the end user (e.g. name, access permissions).
Also listed in:
- All > Law > Common Legal Terms
- All > Law > E-Discovery
- All > Technology > GIS
- All > Technology > Programming > Perl
- All > Technology > Records Management
- All > Technology > Telecommunications
All > Technology > Security
The recordings of evidence of activities performed or results achieved (e.g., forms, reports, test results) which serve as the basis for verifying that the organization and the information system are performing as intended. Also used to refer to units of related data fields (i.e., groups of data fields that can be accessed by a program and that contain the complete set of information on particular items).
- Browse Related Terms: access, application, Baselining, chain of custody, Computer Security Object (CSO), Computer Security Objects Register, Control Information, Denial of Service (DoS), Information Resources, information system, Metrics, records, security label, System, System Interconnection
Also listed in:
All > Technology > Security > Biometrics
The biometric data stored for an individual for use in future recognition. A reference can be one or more templates, models or raw images. See also template.
Also listed in:
All > Technology > Security
The security engineering term for IT functionality that
- 1) controls all access,
- 2) cannot be by-passed,
- 3) is tamper-resistant, and
- 4) provides confidence that the other three items are true.
- Browse Related Terms: Accountability, Certificate Policy (CP), Examination, exculpatory evidence, Inculpatory Evidence, Intellectual Property, IT Security Investment, label, reference monitor, Security Control Enhancements, security service, SSL, system administrator, Technical non-repudiation, Trusted Path
Also listed in:
All > Technology > Security
The process through which a party applies to become a subscriber of a Credentials Service Provider (CSP) and a Registration Authority validates the identity of that party on behalf of the CSP.
- Browse Related Terms: authenticate, Authentication, Authentication, Electronic, Electronic Authentication (E-authentication), Electronic Credentials, Identification, Identity Management, Identity Proofing, Personal Identity Verification Registration Authority, Pseudonym, Recipient Usage Period, registration, Relying Party, Subject, Verified Name
Also listed in:
All > Technology > Security
Organization responsible for assignment of unique identifiers to registered objects.
- Browse Related Terms: Information Security Policy, Information Type, IT Security Policy, Memorandum of Understanding/Agreement (MOU/A), Needs Assessment (IT Security Awareness and Training), Plan of Action and Milestones (POA&M), policy, Registration Authority (RA), Trustworthiness, Validation
All > Technology > Security
An entity that relies upon the subscribers credentials, typically to process a transaction or grant access to information or a system.
- Browse Related Terms: authenticate, Authentication, Authentication, Electronic, Electronic Authentication (E-authentication), Electronic Credentials, Identification, Identity Management, Identity Proofing, Personal Identity Verification Registration Authority, Pseudonym, Recipient Usage Period, registration, Relying Party, Subject, Verified Name
All > Technology > Security
The act of correcting a vulnerability or eliminating a threat. Three possible types of remediation are installing a patch, adjusting configuration settings, or uninstalling a software application.
- Browse Related Terms: Blended Attack, Botnet (also zombies), CATS, false positive, information, Intrusion Detection System (IDS), remediation, Sanitization, SPAM, Spyware, Warez
Also listed in:
All > Technology > Security
A plan to perform the remediation of one or more threats or vulnerabilities facing an organizations systems. The plan typically includes options to remove threats and vulnerabilities and priorities for performing the remediation.
- Browse Related Terms: Common Vulnerabilities and Exposures (CVE), CVE, IT-Related Risk, Remediation Plan, system integrity, Threat, Threat Agent/Source, Threat Analysis, Threat Assessment, Threat Source, Total Risk, Vulnerability, Vulnerability Assessment
All > Technology > Security
Access by users (or information systems) communicating external to an information system security perimeter.
- Browse Related Terms: Access Control Lists (ACLs), Account Management, User, Audit Trail, Authentication Mechanism, availability, Client (Application), Discretionary Access Control, Honeypot, Identity-Based Security Policy, Least Privilege, Mandatory Access Control, Privileged Accounts, remote access, rule-based security policy, Unauthorized Access, user
Also listed in:
- All > Law > E-Discovery
- All > Technology > Telecommunications
All > Technology > Security
Maintenance activities conducted by individuals communicating external to an information system security perimeter.
- Browse Related Terms: environment, Hacktivist, Information System Owner, Information System Owner (or Program Manager), Remote Maintenance, System Development Life Cycle (SDLC)
All > Technology > Security
The act or process of extending the validity of the data binding asserted by a public key certificate by issuing a new certificate.
- Browse Related Terms: CA (Certification Authority), certification, Certification Practice Statement (CPS), CRL (Certificate Revocation List), Duration, On-Line Certificate Status Protocol (OCSP), Online Certification Status Protocol (OCSP), public key infrastructure (PKI), Re-key (a certificate), Renew (a certificate), Update (a Certificate), X.509 Certificate, X.509 Public Key Certificate
All > Technology > Security
A database containing information and data relating to certificates as specified in a CP; may also be referred to as a directory.
- Browse Related Terms: applicant, Binding, Certificate Management Authority (CMA), Certificate Status Authority, Certificate-Related Information, Credentials Service Provider (CSP), cross-certificate, Federal Bridge Certification Authority (FBCA), Federal Bridge Certification Authority Membrane, Intermediate Certification Authority (CA), Policy Mapping, Repository, Responsible Individual, Root Certification Authority, Subordinate Certification Authority (CA), Superior Certification Authority (CA), Trust Anchor, Trust List, Trusted Agent, Trusted Certificate
Also listed in:
- All > Law > E-Discovery
- All > Technology > Records Management
All > Technology > Security
The remaining, potential risk after all IT security measures are applied. There is a residual risk associated with each threat.
- Browse Related Terms: Computer Security Incident, Graduated Security, Inappropriate Usage, Privacy Impact Assessment, Residual Risk, Risk Management, Risk Tolerance, Security Level, Sensitivity Levels
Also listed in: