Glossary of Terms

Adware

- also know as advertising-supported software, is any software package which automatically plays, displays, or downloads advertising material to a computer after the software is installed on it or while the application is being used. Adware has been criticized because it often includes code that tracks a user's personal information and passes it on to third parties, without the user's authorization or knowledge. This practice has been dubbed spyware.

Anomaly-based Security

– ensuring security by detecting anomalies or sets of changes within an IT environment and classifying these anomalies as harmful or not based on what is “normal” in the environment.

Asset Monitoring

- continuously monitoring and enforcing security policies on every system (PC, laptop and server) to minimize risk of a breach.

Audit-grade Reports

– proper evidentiary reports that show continued compliance with controls over a specific length of time.

Automated Desktop Monitoring

– security measures such as software that proactively and autonomously monitor for changes within an IT environment without being disruptive or intrusive.

Automated Remediation

- security measures such as software that autonomously fixes problems before they become harmful disruptions.

Compliance Management

- the implementation of processes and tools designed to control any type of risk and meet voluntary or mandated performance standards.

FDCC Compliance

- compliance with the secure Federal Desktop Core Configuration (FDCC) baseline that was mandated by the Office of Management and Budget (OMB) with the goal of strengthening Federal IT security.

FISMA Compliance

- The Federal Information Security Management Act (FISMA) of 2002, effective throughout the federal government, places compliance requirements on government agencies and components, with the goal of improving the security of federal information and information systems.

GLBA Compliance

- Gramm-Leach-Bliley Act, also known as the Financial Modernization Act of 1999, is a federal law enacted to control the ways that financial institutions deal with the private information of individuals. Compliance includes implementing security programs to protect such information.

HIPAA Compliance

- the United States Health Insurance Portability and Accountability Act (HIPAA) of 1996 establishes mandatory regulations that require extensive changes to the way that health providers conduct business. HIPAA seeks to establish security mechanisms to ensure confidentiality and data integrity for any information that identifies an individual.

Incident/Problem Management

– implementing measures to protect systems and resolve incidents before they become major disruptions.

ITIL

- The Information Technology Infrastructure Library (ITIL) is a customizable framework of best practices designed to ensure IT service processes provide effective and efficient services in support of the business. They were developed in response to the fact that organizations were becoming increasingly dependent upon IT to fulfill their corporate objectives.

Malware

- software designed to infiltrate or damage a computer system without the owner's informed consent.

NIST 800-68

- the SP800-68 "Guidance for Securing Microsoft Windows XP Systems for IT Professionals: A NIST Security Configuration Checklist" are the National Institute of Standards and Technology recommendations and checklist for securing Microsoft Windows XP.

PCI DSS Compliance

- the Payment Card Industry Data Security Standard (PCI DSS) was developed as a guideline to help organizations that process card payments prevent credit card fraud and various other security vulnerabilities and threats. A company processing, storing, or transmitting payment card data must be PCI DSS compliant.

Policy Templates

- a template approach to drafting policies around security and compliance that can be used as a starting point for an organization to create its own policies, thus saving time and expense. They typically include a summary of the objective of the policy and associated procedures.

Resolution Management

- the implementation of processes and tools designed to identify and resolve issues in the computing environment, thus reducing service desk costs and end user downtime, and improving quality of service while reducing administrative burden. These issues can include improperly configured options, missing drivers, incorrect file versions, missing updates, resource shortages, etc.

SCAP Certified

- Security Content Automation Protocol (SCAP) is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation. The SCAP Validation/certification Program is designed to test the ability of products to use the features and functionality available through SCAP and its component standards.

SOX Compliance

- the Sarbanes-Oxley (SOX) Act of 2002 is legislation that establishes new or enhanced standards for all U.S. public company boards, management, and public accounting firms. It does not apply to privately held companies. The Act requires the Securities and Exchange Commission (SEC) to implement rulings on requirements to comply with the new laws.

Spyware

- computer software that is installed surreptitiously on a personal computer to intercept or take partial control over the user's interaction with the computer, without the user's informed consent.

Vulnerability Management

- managing vulnerabilities in a system by implementing various security measures and controls.

Vulnerability Assessment

- process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system.

XCCDF

- The Extensible Configuration Checklist Description Format (XCCDF) is an XML format specifying security checklists, benchmarks and configuration documentation.

Zero-day Attack

- a virus or other threat that tries to exploit unknown, undisclosed or unpatched computer application or operating system vulnerabilities before the software developer has made a fix available—or before they're even aware the hole exists. Zero-day viruses slip through anti-virus software that rely on known signatures of existing viruses.