[ To find a specific security, legal, forensic, or computer-related term quickly, use
our search page | Last
Updated: 09/18/07 ]
[ We are not responsible
for any incorrect definitions or spellings in this glossary, but encourage and
welcome suggestions. ]
[ If you are looking for a comprehensive list of acryoyms and their meanings,
we encourage you to download Acronym
Genie. ]
[ Glossary Menu -
#
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
] |
| Word/Term |
Definition |
| [ A ] |
| AAA |
In
the field of IT, there is a term referred
to as "Triple A" which stands for Access Control,
Authentication, and Auditing. These three terms are key components
of any security or user management systems in the field of
IT. |
| AAA |
In
the field of computer forensics, there is a term referred
to as the "Three A's" which stands for Acquire,
Authenticate, and Analyze. A forensics examiner must first
acquire the evidence, then he must authenticate the evidence,
and finally he must analyze the evidence. |
| Acceptable
Use Policy |
An
Acceptable Use Policy (i.e., AUP) can make clear what will
and will not be allowed/expected from employees while on
the job. Because of the "reasonable expectation of privacy"
granted by the 4th Amendment of the United States Constitution,
employers must make sure that their employees agree to an
AUP because without agreeing to one, employers are expected
to treat instant messaging, e-mail and other forms of digital
communication as private and not open investigation by the
company. Without an AUP, an employer is powerless to authorize
security checks that may involve the scanning of e-mails for
viruses as well as the inspection of instant message logs
for the transfer of possibly dangerous files. |
| Access Control |
Access Control to resources in a given environment requires the combination of both authentication and authorization schemes. Access Control provides for authenticating that a user is who they claim they are as well as then authorizing that user access to only what they are allowed to access. |
| Address
Resolution Protocol |
The
Address Resolution Protocol (i.e., ARP) is used to map MAC
addresses to IP addresses. |
| Advanced Encryption Standard |
Advanced Encryption Standard (i.e., AES) is a symmetrical algorithm that uses a shared secret key. |
| Affidavit |
An Affidavit is a legal document that a law
enforcement agent may fill out with details pertaining to an investigation. Once the Affidavit is
filled out, it can be used to secure and justify the need for a search warrant. |
| Allegation |
An Allegation is a charge of wrongdoing brought
against another person before proof has been discovered and presented. |
| Alphonse Bertillon |
Alphonse Bertillon lived from 1853 to 1914 and was responsible
for divising a system of bodily measurements that allowed for the accurate identification of a specific individual.
He is regarded as the father of criminal identification and his devised science of anthropometry was used for
nearly two decades before being replaced by fingerprinting in the early part of the 1900s. |
| Application
Level Firewall |
An
Application Level Firewall works by allowing or denying access
based on the application being used to establish a connection. |
| Archive Image |
An Archive Image is forensically-sound duplicate (i.e.,
hashes of original and copy match) that can be used for examination, case research, etc. without worry of corrupting
the original. |
| Asymmetric Encryption |
Asymmetric
Encryption requires a public and a private key and is often
referred to as public/private key encryption. One would use
the public key to encrypt a resource and then the only way
to decrypt the resource would be with the private key. |
| Authentication |
Authentication
is the process of verifying the owner of a given request (i.e.,
message, etc.). While authentication is usually based on a
username/password check, there are other forms of authentication
such as tokens and biometrics. A general rule concerning Authentication
is that it can be accomplished with something a user knows,
something a user is, and something a user has. |
| Authentication Server |
An Authentication Server is a server that another computer connects to in order to obtain a type of credential referred to as a "Ticket." The Ticket contains two session keys that both expire upon the termination or ending of the session. |
| Authorization |
Authorization is a very specific term in the IT/Security field. It refers to the rights or permissions that are granted to a user after that user has been authenticated, not before. |
| Authorized Requester |
In a corporate environment, an Authorized Requester
is the individual (i.e., Chief Intelligence Officer or Chief Security Officer) charged with the responsibility
for requesting or initiating an internal investigation. |
