The process of granting or denying specific requests to obtain and use information and related information processing services

The ability to make use of any information system resource

Security safeguards designed to detect and deny unauthorized access and permit authorized access to an information system

An attempt to gain unauthorized access to system services, resources, or information

An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors

An interface between two systems at which they are not connected physically and any logical connection is not automated

A program that monitors a computer or network to identify all major types of malware and prevent or contain malware incidents

A specific sequence of events indicative of an unauthorized access attempt

An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities

The aggregate of people, procedures, documentation, hardware, and/or software necessary to authorize and enable security-relevant functions

Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system

A party who acts with malicious intent to compromise an information system

A chronological record of information system activities, including records of system accesses and operations performed in a given period

Independent review and examination of records and activities to assess the adequacy of system controls

Timely, reliable access to data and information services for authorized users

A backup of files and programs made to facilitate recovery if necessary

A test methodology that assumes no knowledge of the internal structure and implementation detail of the assessment object

The process of granting or denying specific requests to obtain and use information and related information processing services

An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors

Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system

A list of entities that are blocked or denied privileges or access

A violation of the security policy of a system

The exposure of proprietary, sensitive, or classified information

The prevention of authorized access to resources

A list of entities that are blocked or denied privileges or access

Compromise of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to protected information

A violation of the security policy of a system

Preserving authorized restrictions on information access and disclosure