Homepage   -   A   -   B   -   C   -   D   -   E-F   -   I   -   J-O   -   P   -   Q-R   -   S    -   T-Z

Purpose: This document provides a list of words and definitions to clarify Information Specific (IT) terminology contained within the State of Wyoming Policies and Standards.

Applicability: This policy applies to all Executive Branch agencies, boards, and commissions staff (collectively referred to as “agencies”). This policy is also applicable to consultants, affiliates, and temporary employees.

J - No entries at this time 

K - No entries at this time

L:

• Laptop Computer: A portable computer, small enough to rest on the user's lap and has a screen that closes over the keyboard like a lid. Unlike a mobile device, a laptop computer has a computer operating system and often more robust data storage and peripheral connection capabilities. (SOURCE: Modern Technology As Instructional Devices)
  
  

• Least Privilege: The security objective of granting users only the access they need to perform their official duties. (SOURCE: NIST SP 800-12) The principle is that a security architecture shall be designed so that each affiliate is granted the minimum system resources and authorizations that the affiliate needs to perform its function. ( SOURCE: CNSSI-4009)
  
  

• Local Access: Access to an organizational information system by a user (or process acting on behalf of a user) communicating through a direct connection without the use of a network. (SOURCE: NIST SP 800-53; CNSSI-4009) Low Sensitivity or Public. Public information poses no risk to the State if made generally available.

M:

• Mainframe: Computers that are designed to handle very large volumes of data input and output and emphasize throughput computing. Mainframes are capable of running multiple operating systems, making it appear like it is operating as multiple computers. Many legacy systems have a mainframe design. (SOURCE: PCI DSS GLOSSARY)
  
  

• Malware: A program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system or of otherwise annoying or disrupting the victim. (SOURCE: NIST SP 800-83) See Malicious Code. See also Malicious Applets and Malicious Logic. (SOURCE: NIST SP 800-53; CNSSI-4009)

• Media: Physical devices or writing surfaces including but not limited to magnetic tapes, optical disks, magnetic disks, Large Scale Integration (LSI) memory chips, and printouts (but not including display media) onto which information is recorded, stored, or printed within an information system. (SOURCE: FIPS 200; NIST SP 800-53; CNSSI-4009)
  
  

• Media Sanitization: A general term referring to the actions taken to render data written on media unrecoverable by both ordinary and extraordinary means. (SOURCE: NIST SP 800-88) The actions taken to render data written on media unrecoverable by both ordinary and extraordinary means. (SOURCE: CNSSI-4009)
  
  

• Memorandum of Understanding/Agreement (MOU/A): A document established between two or more parties to define their respective responsibilities in accomplishing a particular goal or mission. In this guide, an MOU/A defines the responsibilities of two or more organizations in establishing, operating, and securing a system interconnection. (SOURCE: NIST SP 800-47; CNSSI-4009)
  
  

• Mobile Device: For the purposes of the Mobile Device Management Policy included in this Manual, a Mobile Device is any smartphone or tablet device that transmits, stores, and receives data, text, and/or voice with a connection to a wireless LAN and/or cellular network. (SOURCE: State of New Jersey Statewide Information Security Manual) Other definitions of a Mobile Device include portable cartridge/disk-based, removable storage media (e.g., floppy disks, compact disks, USB flash drives, external hard drives, and other flash memory cards/drives that contain nonvolatile memory). Portable computing and communications devices with information storage capability (e.g., notebook/laptop computers, personal digital assistants, cellular telephones, digital cameras, and audio recording devices). (SOURCE: NIST SP 800-53) Moderate Sensitivity or Internal. Internal information is information whose loss, corruption, or unauthorized disclosure is of importance only inside the State and, therefore, would not result in a tangible business, financial, or legal loss.
  
  

• Multi-Factor Authentication: Authentication using two or more factors to achieve authentication. Factors include: a. something you know (e.g., password/PIN); b. something you have (e.g., cryptographic identification device, token); or c. something you are (e.g., biometric). See Authenticator. (SOURCE: NIST SP 800-53)

N:

• National Institute of Standards and Technology: A measurement standards laboratory that is a non-regulatory agency of the United States Department of Commerce. The institute's official mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. The Information Technology Laboratory (ITL), one of several components within NIST, publishes standards concerning information security. (SOURCE: Wikipedia)
  
  

• Need-To-Know: A method of isolating information resources based on a user’s need to have access to that resource in order to perform their job but no more. The terms “need-to-know” and “least privilege” express the same idea. Need-to-know is generally applied to people, while least privilege is generally applied to processes. (SOURCE: CNSSI-4009)
  
  

• Network: Information system(s) implemented with a collection of interconnected components. Such components may include routers, hubs, cabling, telecommunications controllers, key distribution centers, and technical control devices. (SOURCE: NIST SP 800-53; CNSSI-4009)
  
  

• Network Security Scan: Process by which an affiliate’s systems are remotely checked for vulnerabilities through use of manual or automated tools. Security scans include probing internal and external systems and reporting on services exposed to the network. Scans may identify vulnerabilities in operating systems, services, and devices that could be used by malicious individuals. (SOURCE: PCI DSS GLOSSARY)
  
  

• Network Sniffing: A passive technique that monitors network communication, decodes protocols, and examines headers and payloads for information of interest. It is both a review technique and a target identification and analysis technique. (SOURCE: NIST SP 800-115)

O:

• Open Web Application Security Project (OWASP): A non-profit organization focused on improving the security of application software. OWASP maintains a list of critical vulnerabilities for web applications. (SOURCE: PCI DSS GLOSSARY)
  
  

• Outside Threat: An unauthorized affiliate from outside the domain perimeter that has the potential to harm an Information System through destruction, disclosure, modification of data, and/or denial of service. (SOURCE: NIST SP 800-32)