Systems Security Analysis

Systems Security Analysis

Definition(s)


Systems Security Analysis

In the NICE Workforce Framework, cybersecurity work where a person: Conducts the integration/testing, operations, and maintenance of systems security. From: NICE Workforce Framework. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards
Systems Requirements Planning

Systems Requirements Planning

Definition(s)


Systems Requirements Planning

In the NICE Workforce Framework, cybersecurity work where a person: Consults with customers to gather and evaluate functional requirements and translates these requirements into technical solutions; provides guidance to customers about applicability of information systems to meet business needs. From: NICE Workforce Framework. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards
Systems Development

Systems Development

Definition(s)


Systems Development

In the NICE Workforce Framework, cybersecurity work where a person: Works on the development phases of the systems development lifecycle. From: NICE Workforce Framework. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards
System Integrity

System Integrity

Definition(s)


System Integrity

The attribute of an information system when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. From: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards
System Administration

System Administration

Definition(s)


System Administration

In the NICE Workforce Framework, cybersecurity work where a person: Installs, configures, troubleshoots, and maintains server configurations (hardware and software) to ensure their confidentiality, integrity, and availability; also manages accounts, firewalls, and patches; responsible for access control, passwords, and account creation and administration. From: NICE Workforce Framework. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards
Symmetric Key

Symmetric Key

Definition(s)


Symmetric Key

A cryptographic key that is used to perform both the cryptographic operation and its inverse, for example to encrypt plaintext and decrypt ciphertext, or create a message authentication code and to verify the code. Extended Definition: Also, a cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption of plaintext and decryption of ciphertext. From: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards
Symmetric Encryption Algorithm

Symmetric Encryption Algorithm

Definition(s)


Symmetric Encryption Algorithm

A branch of cryptography in which a cryptographic system or algorithms use the same secret key (a shared secret key). Adapted from: CNSSI 4009, SANS. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards
Supply Chain Risk Management

Supply Chain Risk Management

Definition(s)


Supply Chain Risk Management

The process of identifying, analyzing, and assessing supply chain risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken. Adapted from: DHS Risk Lexicon, CNSSD 505 Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards
Subject

Subject

Definition(s)


Subject

An individual, process, or device causing information to flow among objects or a change to the system state. Extended Definition: An active entity. Adapted from: NIST SP 800-53 Rev 4., CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards
Strategic Planning and Policy Development

Strategic Planning and Policy Development

Definition(s)


Strategic Planning and Policy Development

In the NICE Workforce Framework, cybersecurity work where a person: Applies knowledge of priorities to define an entity. From: NICE Workforce Framework. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards
Spyware

Spyware

Definition(s)


Spyware

Deceptive software that collects private or confidential information from a computer user.
  • NOTE Information can include matters such as websites most frequently visited or more sensitive information such as passwords.
Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards

Spyware

Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner. SP 800-53 Rev 4. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards
Spoofing

Spoofing

Definition(s)


Spoofing

Faking the sending address of a transmission to gain illegal [unauthorized] entry into a secure system. Extended Definition: The deliberate inducement of a user or resource to take incorrect action. Note: Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing. From: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards
Spillage

Spillage

Definition(s)


Spillage

The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards
Spam

Spam

Definition(s)


Spam

Abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.
  • NOTE While the most widely recognized form of spam is e-mail spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, web search engine spam, spam in blogs, wiki spam, mobile phone messaging spam, Internet forum spam and junk fax transmissions.
Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards

Spam

The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages. Adapted from: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards
Software Assurance and Security Engineering

Software Assurance and Security Engineering

Definition(s)


Software Assurance and Security Engineering

In the NICE Workforce Framework, cybersecurity work where a person: Develops and writes/codes new (or modifies existing) computer applications, software, or specialized utility programs following software assurance best practices. From: NICE Workforce Framework. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards
Software Assurance

Software Assurance

Definition(s)


Software Assurance

The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner. From: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards
Situational Awareness

Situational Awareness

Definition(s)


Situational Awareness

Comprehending information about the current and developing security posture and risks, based on information gathered, observation and analysis, and knowledge or experience. Extended Definition: In cybersecurity, comprehending the current status and security posture with respect to availability, confidentiality, and integrity of networks, systems, users, and data, as well as projecting future states of these. Adapted from: CNSSI 4009, DHS personnel, National Response Framework. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards
Signature

Signature

Definition(s)


Signature

A recognizable, distinguishing pattern. Extended Definition: Types of signatures: attack signature, digital signature, electronic signature. From: CNSSI 4009; Adapted from: NIST SP 800-94. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards
Security Program Management

Security Program Management

Definition(s)


Security Program Management

In the NICE Workforce Framework, cybersecurity work where a person: Manages information security (e.g., information security) implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and other resources (e.g., the role of a Chief Information Security Officer). From: NICE Workforce Framework. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards
Security Policy

Security Policy

Definition(s)


Security Policy

A rule or set of rules that govern the acceptable use of an organization's information and services to a level of acceptable risk and the means for protecting the organization's information assets. Extended Definition: A rule or set of rules applied to an information system to provide security services. Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4, NIST SP 800-130, OASIS SAML Glossary 2.0. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards  

Security Policy

Set of rules that specify or regulate how a system or organization provides security services to protect its assets [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Incident

Security Incident

Definition(s)


Security Incident

A security event which may compromise an asset and require action. Source: API RP 781 Security Plan Methodology for the Oil and Natural Gas Industries.1st Ed. September 2016. Global Standards

Security Incident

An occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences. Extended Definition: An occurrence that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. Adapted from: CNSSI 4009, FIPS 200, NIST SP 800-53 Rev 4, ISSG. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards  

Security Incident

A security-related occurrence, threat, or action that has led to or could potentially lead to adversely affecting people, the environment, assets, and economic stability.

Source: Canadian Standards Association, Z246.1-09, Security management for petroleum and natural gas industry systems, August 2009, Regional Standards  

Security Incident

Adverse event in a system or network or the threat of the occurrence of such an event [10].
  • NOTE: The term “near miss” is sometimes used to describe an event that could have been an incident under slightly different circumstances.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National Standard
Security Automation

Security Automation

Definition(s)


Security Automation

The use of information technology in place of manual processes for cyber incident response and management. Adapted from: DHS personnel. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards
Securely Provision

Securely Provision

Definition(s)


Securely Provision

A NICE Workforce Framework category consisting of specialty areas concerned with conceptualizing, designing, and building secure IT systems, with responsibility for some aspect of the systems' development. From: NICE Workforce Framework. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards
Secret Key

Secret Key

Definition(s)


Secret Key

A cryptographic key that is used for both encryption and decryption, enabling the operation of a symmetric key cryptography scheme. Extended Definition: Also, a cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption of plaintext and decryption of ciphertext. Adapted from: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global Standards
Services

Services

Definition(s)


Services

Provision of purchased support to a business activity by a contracted individual or organisation. A service is an intangible commodity in that it involves supply of beneficial and consumable resources (often technical support) to a client company, but does not normally involve the supply of physical products or goods. Source: IOGP Report No. 510, Operating Management System Framework for controlling risk and delivering high performance in the oil and gas industry, International Association of Oil & Gas Producers, June 2014. Global Standards
Suspect Areas

Suspect Areas

Definition(s)


Suspect Areas

Areas showing substantial corrosion and/or are considered by the surveyor to be prone to rapid wastage. Source: Rules for Classification – Offshore units, DNVGL-OU-0101, Offshore drilling and support units, DNV GL, July 2015. Global Standards
Survey Staff

Survey Staff

Definition(s)


Survey Staff

Personnel authorized to carry out surveys and to conclude whether or not compliance has been met. Source: Rules for Classification – Offshore units, DNVGL-OU-0101, Offshore drilling and support units, DNV GL, July 2015. Global Standards
Statutory Survey

Statutory Survey

Definition(s)


Statutory Survey

Survey carried out by or on behalf of a flag administration. Source: Rules for Classification – Offshore units, DNVGL-OU-0101, Offshore drilling and support units, DNV GL, July 2015. Global Standards
Statutory Certificates

Statutory Certificates

Definition(s)


Statutory Certificates

IMO convention certificates issued on behalf of, or by, national authorities. Source: Rules for Classification – Offshore units, DNVGL-OU-0101, Offshore drilling and support units, DNV GL, July 2015. Global Standards
Significant Repair

Significant Repair

Definition(s)


Significant Repair

A repair where machinery is completely dismantled and re-assembled. Significant repairs will, furthermore, be cases of repairs after serious damage to machinery. Source: Rules for Classification – Offshore units, DNVGL-OU-0101, Offshore drilling and support units, DNV GL, July 2015. Global Standards