|
A&I |
Assurance and Integration |
|
Acceptable Risk |
The level of Residual
Risk that has been determined to be a reasonable level of potential
loss/disruption (see Total Risk, Residual
Risk, and Minimum
Level of Protection). |
|
Accountability |
1) Principle that responsibilities for
ownership and/or oversight of IS resources are explicitly assigned and
that assignees are answerable to proper authorities for stewardship of
resources under their control. |
|
2) The explicit assignment of
responsibilities for oversight of areas of control to executives,
managers, staff, owners, providers, and users of MEI Resource Elements. |
|
ADES |
Alaska Division of Emergency Services |
|
AEMA |
Alabama Emergency Management Agency |
|
AES |
Advanced Encryption Standard |
|
AFIWC |
Air Force Information Warfare
Center (pronounced AFWIC) |
|
AFWIC |
Air Force Information Warfare
Center |
|
AGA |
American Gas Association |
|
Agency |
Federal department, major organizational unit within a department, or
independent agency. |
|
AIA |
The American Institute of Architects |
|
AIDE |
Automated Intrusion Detection Environment |
|
Alert |
Notice of specific attack directed at an organization’s resources. |
|
Anomaly detection |
Detecting intrusions by looking for
activity that is different from the user’s or system’s normal behavior. |
|
ANSI |
American National Standards
Institute |
|
ANSIR |
Awareness of National
Security Issues and Response System |
|
AOUSC |
American Office of the United States Courts |
|
Areas of control |
Collectively, controls consist of the policies, procedures, practices and
organizational structures designed to provide reasonable assurance that
business objectives will be achieved and that undesired events will be
prevented or detected and corrected. |
|
Areas of potential compromise |
These broad topical areas represent categories where losses can occur that
will impact both a department or agency’s and its ability to conduct core
missions. |
|
ASCE |
American Society of Civil Engineers |
|
ASD C3I |
Assistant Secretary of Defense for Command, Control, Communications and
Intelligence |
|
ASHRAE |
American Society of Heating, Refrigeration, and Air Conditioning Engineers |
|
ASIS |
American Society of Industrial Security |
|
Assurance |
Grounds for confidence that a system design meets its requirements, or
that its implemented satisfies specifications, or that some specific
property is satisfied. |
|
Attack |
1) A discrete malicious action of
debilitating intent inflicted by one entity upon another. A threat
might attack a critical infrastructure to destroy or incapacitate it. |
|
2) Intentional attempt to bypass the
physical or information security measures and controls protecting an IS. |
|
Authentication |
Security measure designed to establish the validity of a transmission,
message or originator; or as a means of verifying a user's authorization
to access specific types of information. |
|
Authorization |
Access privileges granted to a user, program, or process. |
|
AWS |
Analysis and Warning Section |
