Homepage   -   A   -   B   -   C   -   D   -   E-F   -   I   -   J-O   -   P   -   Q-R   -   S    -   T-Z

Purpose: This document provides a list of words and definitions to clarify Information Specific (IT) terminology contained within the State of Wyoming Policies and Standards.

Applicability: This policy applies to all Executive Branch agencies, boards, and commissions staff (collectively referred to as “agencies”). This policy is also applicable to consultants, affiliates, and temporary employees.

DEFINITIONS

• Data: A subset of information in an electronic format that allows it to be retrieved or transmitted. (SOURCE: CNSSI-4009)
  
  

• Data Asset: 1. Any affiliate that is composed of data. For example, a database is a data asset that consists of data records. A data asset may be a system or application output file, database, document, or Web page. A data asset also includes a service that may be provided to access data from an application. For example, a service that returns individual records from a database would be a data asset. Similarly, a website that returns data in response to specific queries (e.g., www.weather.com) would be a data asset. 2. An information-based resource. (SOURCE: CNSSI-4009)
  
  

• Data Governance: The exercise of authority, control, and shared decision-making (planning, monitoring, and enforcement) over the management of data assets. (SOURCE: DAMA DMBOK) A system of decision rights and accountabilities for information-related processes, executed according to agreed-upon models, which describe who can take what actions with what information, when, under what circumstances, and using what methods. (SOURCE: Data Governance Institute)
  
  

• Data Integrity: The property that data has not been changed, destroyed, or lost in an unauthorized or accidental manner. (SOURCE: CNSSI-4009)
  
  

• Data Loss: The exposure of proprietary, sensitive, or classified information through either data theft or data leakage. (SOURCE: NIST SP 800-137)
  
  

• Data Loss Prevention (DLP): A system that restricts the transmission of sensitive data, reducing the risk of suffering a breach. (SOURCE: VERIZON PCI SECURITY)
  
  

• Data Owner: Refers to both the possession of and responsibility for information. Ownership implies power as well as control. The control of information includes not just the ability to access, create, modify, package, derive benefit from, or remove data but also the right to assign these access privileges to others. Implicit in having control over access to data is the ability to share data with other affiliates within the scope of both state federal rules and regulations. Agencies are the owners of the data they collect, create, or are given by other affiliates where ownership is not dictated by governing statutes or rules. Agencies may designate aspects of data ownership to business units, divisions, sections, or individuals within the agency. The agency and agency head, by extension, retain overall responsibility for ownership of the data. Some responsibilities of ownership are the definition of the data elements and sets, collection, quality (veracity, completeness, timeliness), use, governance, protection, compliance with statute, classification, access authorization, data protection.
  
  

• Data Privacy: The assurance that a person’s or organization’s personal and private information is not inappropriately disclosed. Ensuring Data Privacy requires Access Management, eSecurity, and other data protection efforts. (SOURCE: Data Governance Institute)
  
  

• Data Security: Protection of data from unauthorized (accidental or intentional) modification, destruction, or disclosure. (SOURCE: CNSSI-4009)
  
  

• Decipher: Convert enciphered text to plain text by means of a cryptographic system. (SOURCE: CNSSI-4009)
  
  

• Decode: Convert encoded text to plain text by means of a code. (SOURCE: CNSSI-4009)
  
  

• Decrypt: Generic term encompassing decode and decipher. (SOURCE: CNSSI-4009)
  
  

• Decryption: The process of transforming ciphertext into plaintext. (SOURCE: NIST SP 800-67) The process of changing ciphertext into plaintext using a cryptographic algorithm and key. (SOURCE: NIST SP 800-21) Conversion of ciphertext to plaintext through the use of a cryptographic algorithm. (SOURCE: FIPS 185)
  
  

• Defense-in-Depth: Information security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and dimensions of the organization. (SOURCE: CNSSI-4009; NIST SP 800-53)
  
  

• Deleted File: A file that has been logically, but not necessarily physically, erased from the operating system, perhaps to eliminate potentially incriminating evidence. Deleting files does not always eliminate the possibility of recovering all or part of the original data. (SOURCE: NIST SP 800-72)
  
  

• Demilitarized Zone (DMZ): An interface on a routing firewall that is similar to the interfaces found on the firewall’s protected side. Traffic moving between the DMZ and other interfaces on the protected side of the firewall still goes through the firewall and can have firewall protection policies applied. (SOURCE: NIST SP 800-41) A host or network segment is inserted as a "neutral zone" between an organization’s private network and the Internet. (SOURCE: NIST SP 800-45) Perimeter network segment that is logically between internal and external networks. Its purpose is to enforce the internal network’s Information Assurance policy for external information exchange and to provide external, untrusted sources with restricted access to releasable information while shielding the internal networks from outside attacks. (SOURCE: CNSSI-4009)
  
  

• Denial of Service (DoS): The prevention of authorized access to resources or the delaying of time-critical operations. (Time-critical may be milliseconds, or it may be hours, depending upon the service provided.) (SOURCE: CNSSI-4009)
  
  

• Deny by Default / Allow by Exception: A firewall configuration policy that forces the user to register at the site, authenticate, and authorize prior to gaining access. (SOURCE: SECUROSIS WEBSITE)
  
  

• Depth: An attribute associated with an assessment method that addresses the rigor and level of detail associated with the application of the method. The values for the depth attribute, hierarchically from less depth to more depth, are basic, focused, and comprehensive. (SOURCE: NIST SP 800-53A) Developer - State employee or private affiliate who creates source code.
  
  

• Digital Evidence: Electronic information stored or transferred in digital form. (SOURCE: NIST SP 800-72)
  
  

• Digital Forensics: The application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data. (SOURCE: NIST SP 800-86)
  
  

• Digital Signature: An asymmetric key operation where the private key is used to sign data digitally, and the public key is used to verify the signature. Digital signatures provide authenticity protection, integrity protection, and non-repudiation. (SOURCE: NIST SP 800-63) A non-forgeable transformation of data that allows the proof of the (SOURCE (with nonrepudiation) and the verification of the integrity of that data. (SOURCE: FIPS 196) The result of a cryptographic transformation of data which, when properly implemented, provides the services of: 1. origin authentication, 2. data integrity, and 3. signer non-repudiation. (SOURCE: FIPS 140-2) The result of a cryptographic transformation of data that, when properly implemented, provides a mechanism for verifying origin authentication, data integrity, and signatory non-repudiation. (SOURCE: FIPS 186-3) The result of a cryptographic transformation of data that, when properly implemented, provides origin authentication, data integrity, and signatory non-repudiation. (SOURCE: NIST SP 800-89) Cryptographic process is used to ensure data object originator authenticity, data integrity, and time stamping to prevent replay. (SOURCE: CNSSI-4009)
  
  

• Digital Signing: An attempt to mimic the offline act of a person applying their signature to a paper document. Involves applying a mathematical algorithm, usually stored on and as part of the user’s private key, to the contents of a body of text. This results in an encrypted version of the document (this is referred to as the 'digitally signed' document) that can only be decrypted by applying the user’s public key. (Also digitally signing, digital signature).
  
  

• Development Environment (System): Local code development and functionality testing is conducted here. There is zero impact on the production environment. Disaster Recovery Plan (DRP): A written plan for recovering one or more information systems at an alternate facility in response to a major hardware or software failure or destruction of facilities. (SOURCE: NIST SP 800-34) Management policy and procedures are used to guide an enterprise’s response to a major loss of enterprise capability or damage to its facilities. The DRP is the second plan needed by the enterprise risk managers. It is used when the enterprise must recover (at its original facilities) from a loss of capability over hours or days. See Continuity of Operations Plan and Contingency Plan. (SOURCE: CNSSI-4009)
  
  

• Disruption: An unplanned event that causes the general system or major application to be inoperable for an unacceptable length of time (e.g., minor or extended power outage, extended unavailable network, or equipment or facility damage or destruction). (SOURCE: CNSSI-4009) An unplanned event that causes an information system to be inoperable for a length of time (e.g., minor or extended power outage, extended unavailable network, or equipment or facility damage or destruction). (SOURCE: NIST SP 800-34) Distributed Denial of Service – (DDoS): A Denial-of-Service technique that uses numerous hosts to perform the attack. (SOURCE: CNSSI-4009)
  
  

• Domain: A set of subjects, their information objects, and a common security policy. (SOURCE: NIST SP 800-27) An environment or context that includes a set of system resources and a set of system affiliates that have the right to access the resources as defined by a common security policy, security model, or security architecture. See Security Domain. (SOURCE: CNSSI-4009; NIST SP 800-53; NIST SP 800-37)
  
  

• Domain Name System (DNS): A hierarchical decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating affiliates. Most prominently, it translates more readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols. By providing a worldwide, distributed directory service, the Domain Name System is an essential component of the functionality on the Internet that has been in use since 1985. (SOURCE: Wikipedia)
  
  

• Dynamic Host Configuration Protocol (DHCP): A standardized networking protocol used on Internet Protocol (IP) networks for dynamically distributing network configuration parameters, such as IP addresses for interfaces and services. With DHCP, computers request IP addresses and networking parameters automatically from a DHCP server, reducing the need for a network administrator or a user to configure these settings manually. (SOURCE: WIKIPEDIA)