The National Technical Authority
for Information Assurance

A to Z - A



References:

No Items Listed


Glossary:

Accreditation
A validation of the security measures a system claims to employ.  Accreditation is usually conducted by an individual not involved in devising or implementing the controls.  Accreditation is cyclic, and will be conducted repeatedly (e.g. annually) on systems.  In most cases, Accreditation must take place before a system can be fully deployed.

See: Pan-Government Accreditation (PGA) service
Advanced Persistent Threat (APT)
An adversary with sophisticated technical expertise, considerable financial resource and a large and specialist workforce.  An APT will gather and combine information on its targets using a variety of intelligence methods, both human and technical.  The advanced persistent threat pursues its targets with determination, adapting to defenders’ efforts to resist it.  Once accesses are obtained, they are retained for considerable lengths of time.  All activities are concealed from even the most sophisticated of targets.

Advisor
A private sector consultant approved by CESG to provide Information Assurance (IA) advice to government departments and other organisations who provide vital services to the United Kingdom.

See: CESG Listed Advisor Scheme (CLAS)
Aggregation
If large volumes of information (e.g. thousands of records in a database, or access to many databases) are compromised, the negative impact may be far greater than that of a compromise to a single record or handful of records.

Anomalous Traffic
Attacks, malware activity and other anomalies in network traffic

See: CESG Intrusion Detection Survey - Network
Asset
Something of value to a business, whether it be knowledge, information, people or physical objects like servers and computers.

Assurance
The confidence that controls perform the functions expected of them.  This confidence can be achieved either through trust in the manufacturer (Intrinsic Assurance) or by external testing (Extrinsic Assurance) (CESG).

See: CESG Assured Products Scheme (CAPS) or Commercial Products Assurance (CPA)
Assurance Maintenance
The processes and standards which keep CPA product certificates relevant as products are updated.

See: Commercial Product Assurance (CPA)

Attempt
The submission of a biometric sample to a biometric system for identification or verification. A biometric system may allow more than one attempt to identify or verify.

See: Biometrics
Audit
Audit against the HMG IA Maturity Model.

See: IA Maturity Model

Authentication
The process of verifying a claimed identity.
Authorisation
A process that grants or denies authority to use a system or service.

Availability
Ensuring timely and reliable access to information.