Tools

Automation TechnologyAutomation Technology

Glossary

Terms Used in Information Security

AMSG

Allied Military Security General Publication (Nato security regulation)

Authentication

Proof of identity

Authorized Device

1. Tempest device in accordance with SDIP 27 Class A or "Zone 0". Device may be set up as desired with due regard to the applicable installation regulations.
2. Tempest devices in accordance with "Zone 1 to 3". Zone devices must adhere to the pertinent conditions and installation regulations.

Availability

The waiting time for system functions or required system operations is determined by the availability of an IT system or individual system functions.

BSI

"Bundesamt fuer Sicherheit in der Informationstechnik"
(Federal Office of Information Technology Security)

BSI Zone Model

BSI Zone Model

In the BSI zone model, the low-emission tempest product family is divided into Zones 0 to 3, with 0 being replaced by SDIP 27 Class A. The zone model divides building areas into different emission zones according to office / building construction criteria. SDIP 27 Class A (Zone 0) is the highest security level, followed by Zone 1 / SDIP 27 Class B, Zone 2 and 3.

COMPUSEC

Computer security

COMSEC

Communication security

Evaluation

Testing and evaluation of an IT system based on IT security criteria

Identification

Determination of the identity of a subject or object

INFOSEC

Information security

Integrity

Yardstick for unfalsified and correct data

IT System

System of information technology

ITESEC System

Information Technology Security Evaluation Criteria

Management of Rights

Portion of the system which manages the relationship of rights between subjects and objects (e. g., management of an access monitoring list).

NACSIM

National Comsec Information Memorandum
(US regulation for tempest device NACSIM 5100 or NACSIM 5100A)

NRPL

Nato Recommended Product List
(List of tempest devices authorized within NATO)

Quality Classes

Hierarchical division (in reference to the quality of an IT system) into quality classes. The quality of an IT system is determined during evaluation. A system is placed in one of the quality classes (Q0 to Q7) based on this evaluation.

Recording of Evidence

Documentation of exercising or caused exercising of rights - in particular, to be able to subsequently prove violations of security requirements.

Rights Check

Check by the system to determine whether a certain subject has the right to access the desired object in the intended manner. The right check prevents unauthorized use of access right.

SECAN

Military Committee Communications
Security and Evaluation Agency (tempest office of authorization for NATO)

SDIP

SECAN Doctrine and Information Publications (With effect from 2 April 2007 the new NATO AMSG Standard in UK)

SITEMP

Tempest product family from Siemens
Tempest products are tap-proof.

Tempest

Temporary emanation and spurious transmission
Synonym for emission security

Threat

Factor or circumstance which can endanger adherence to security requirements on the IT system.

Trojan Horse

A trojan horse is a program or part of a program. It contains undocumented routines which execute an unexpected (possibly destructive) additional function. The (illegal) collection of passwords, for example, is one of the typical jobs of trojan horses. It does not reproduce itself.

Verification

Proof of correctness of programs with formal means

Viruses

Computer viruses ar routines which can reproduce themselves (i.e., they can multiply). They are not independent programs. Viruses infect other programs in the system by planting a copy of themselves in these programs. This applied both to (executable) programs on floppy disks and hard disks, and to the programs in main memory.

VS-FmR

Telecommunication guidelines for classified data

Worms

Computer worms are independent programs which can reproduce themselves (like viruses). Worms occur primarily in networks. Here they spread by using security loopholes to penetrate other systems. Worms are frequently generated or "set" by users who have normal (legal) access to the affected system. In contrast to viruses, worms do not infect other programs. They multiply primarily in memory.