Homepage   -   A   -   B   -   C   -   D   -   E-F   -   I   -   J-O   -   P   -   Q-R   -   S    -   T-Z

Purpose: This document provides a list of words and definitions to clarify Information Specific (IT) terminology contained within the State of Wyoming Policies and Standards.

Applicability: This policy applies to all Executive Branch agencies, boards, and commissions staff (collectively referred to as “agencies”). This policy is also applicable to consultants, affiliates, and temporary employees.

T:

• Tablet: An open-faced handheld mobile communication and computing device with a mobile operating system, a touchscreen display, and an integrated Wi-Fi network capability. In some cases, tablets include cellular network connection capability. Tablets resemble smartphones, with the major differences being that tablets are not typically used for voice communications and they are larger. (SOURCE: Tech Target)
  
  

• Tampering: An intentional event resulting in the modification of a system, its intended behavior, or data. (SOURCE: CNSSI-4009)
  
  

• Technology: Composed of the tools, applications, and infrastructure that make processes more efficient. Technology implemented by people following processes allows for the State to meet its information security objectives. (SOURCE: ISACA)
  
  

• Threat: Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. (SOURCE: NIST SP 800-53; NIST SP 800-53A; NIST SP 800-27; NIST SP 800-60; NIST SP 800-37; CNSSI-4009; FIPS 200)
  
  

• Threat Event: An event or situation that has the potential to cause undesirable consequences or impact. (SOURCE: NIST SP 800-30)
  
  

• Threat Monitoring: Analysis, assessment, and review of audit trails and other information collected for the purpose of searching out system events that may constitute violations of system security. (SOURCE: CNSSI-4009)
  
  

• Threat Source: The intent and method targeted at the intentional exploitation of a vulnerability or a situation and method that may accidentally trigger a vulnerability. Synonymous with Threat Agent. (SOURCE: FIPS 200; NIST SP 800-53; NIST SP 800-53A; NIST SP 800-37; CNSSI-4009)
  
  

• Tracking Cookie: A cookie placed on a user’s computer to track the user’s activity on different Websites, creating a detailed profile of the user’s behavior. (SOURCE: NIST SP 800-83)
  
  

• Trojan Horse: A computer program that appears to have a useful function but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system affiliate that invokes the program. (SOURCE: CNSSI-4009)
  
  

• Two-Factor Authentication: An approach that provides unambiguous identification of users by means of the combination of two different components. These components may be something that the user knows, something that the user possesses, or something that is inseparable from the user. (SOURCE: Wikipedia)

U:

• Unauthorized Access: Occurs when a user, legitimate or unauthorized, accesses a resource that the user is not permitted to use. (SOURCE: FIPS 191) Any access that violates the stated security policy. (SOURCE: CNSSI-4009)
  
  

• Unauthorized Disclosure: An event involving the exposure of information to affiliates not authorized access to the information. (SOURCE: NIST SP 800-57 Part 1; CNSSI-4009)
  
  

• Untrusted Process: Process that has not been evaluated or examined for correctness and adherence to the security policy. It may include incorrect or malicious code that attempts to circumvent the security mechanisms. (SOURCE: CNSSI-4009)
  
  

• User: The term “user” refers to any Executive Branch agency full-time or part-time employee, temporary worker, volunteer, intern, contractor, and those employed by contracted affiliates who are provided authorized access to State information assets. (Individual or (system) process authorized to access an information system. (SOURCE: FIPS 200) Individual, or (system) process acting on behalf of an individual, authorized to access an information system. (SOURCE: NIST SP 800-53; NIST SP 800-18; CNSSI-4009) An individual or a process (subject) acting on behalf of the individual that accesses a cryptographic module in order to obtain cryptographic services. (SOURCE: FIPS 140-2)
  
  

• User-ID: Unique symbol or character string used by an information system to identify a specific user. (SOURCE: CNSSI-4009)

V:

• Vendor: A vendor, or a supplier, is a supply chain management term that means anyone who provides goods or services to a company or individuals. A vendor often manufactures inventoriable items and then sells those items to a customer. (SOURCE: Wikipedia)
  
  

• Virtual Private Network (VPN): VPNs extend a private network across a public network, such as the Internet. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network while benefiting from the functionality, security, and management policies of the private network. A VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols, or traffic encryptions. (SOURCE: Wikipedia)
  
  

• Virus: A computer program that can copy itself and infect a computer without permission or knowledge of the user. A virus might corrupt or delete data on a computer, use email programs to spread itself to other computers, or even erase everything on a hard disk. (SOURCE: NSSI-4009)
  
  

• Vulnerability: Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. (SOURCE: NIST SP 800-53; NIST SP 800-53A; NIST SP 800-37; NIST SP 800-60; NIST SP 800-115; FIPS 200), a known security risk in an operating system, application, hardware, firmware, or other part of a computing environment, A weakness in a system, application, or network that is subject to exploitation or misuse. (SOURCE: NIST SP 800-61) Weakness in an information system, system security procedures, internal controls, or implementation that a threat source could exploit. (SOURCE: CNSSI-4009)
  
  

• Vulnerability Scan: An automated process to proactively identify security weaknesses in a network or individual system. (SOURCE: ISACA)

W:

• Workaround: Reducing or eliminating the impact of an incident or problem for which a full resolution is not yet available. (SOURCE: ITIL V3)
  
  

• Worm: A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself. See Malicious Code. (SOURCE: CNSSI-4009)