NIST Updates Glossary of Security Terms

Some 1,500 Terms Found in IT Security Guidance

If you want to be in the know about cybersecurity, consider getting the latest publication from the National Institute of Standards and Technology, the second revision of Interagency Report 7298: Glossary of Key Information Security Terms.

See Also: Move Beyond Passwords

Besides providing some 1,500 definitions, the glossary offers a source for each term from either a NIST or Committee for National Security Systems publication. The committee is a forum of government agencies that issues guidance aimed at protecting national security systems.

The definitions include common ones such as data, "a subset of information in an electronic format that allows it to be received or transmitted," as well as more obscure ones such as inspectable space, "three-dimensional space surrounding equipment that processes classified and/or sensitive information within which TEMPEST exploitation is not considered practical or where legal authority to identify and remove a potential tempest exploitation exists. Synonymous with zone of control."

TEMPEST is defined in the glossary as "a name referring to the investigation, study and control of unintentional compromising emanations from telecommunications and automated information systems equipment."

In the News

The glossary includes terms commonly seen in the news, such as denial of service, "the prevention of authorized access to resources or the delaying of time-critical operations," and hacker, "unauthorized user who attempts to or gains access to an information system."

Also among the definitions is IT security jargon such as the term Easter egg, "a hidden functionality within an application program, which becomes activated when an undocumented, and often convoluted, set of commands and keystrokes are entered. Easter eggs are typically used to display the credits for the development team and are intended to be nonthreatening."

As Editor Richard Kissel explains in the publication's introduction, NIST created the glossary after receiving numerous requests from practitioners to explain the terms used in NIST's information security guidance. "As we are continuously refreshing our publication suite; terms included in the glossary come from our more recent publications," Kissel writes. "It is our intention to keep the glossary current by providing updates online."

Updated versions will be posted at NIST's Computer Security Resource Center website.