Term Flashcards
(22 cards)
access control
訪問控制
Mechanisms, controls, and methods of limiting access to resources to authorized subjects only.
限制只有被 < 授權主體 >,
才能訪問資源的 < 機制 >、< 控制 >和 < 方法 > 。
access
訪問
A subject’s ability to view, modify, or communicate with an object.
Access enables the flow of information between the subject and the object.
< 主體 > 對 < 客體> 的 [ 查看 ]、[ 更改 ]、[ 通信 ] 的能力。
訪問支持信息 在主體和客體之間的流動。
access control list (ACL)
訪問控制列表
A list of subjects that are authorized to access a particular object. Typically, the types of access are read, write, execute, append,modify, delete, and create.
被授權訪問特定客體的主體列表。
通常,通過 ACL 可以 < 讀、寫、執行、添加、更改、刪除、創建 > 訪問的類型。
access control mechanism
訪問控制機制
Administrative, physical, or technical control that is designed to detect and prevent unauthorized access to a resource or environment.
< 管理 > < 物理 > < 技術性控制 >,
用於 < 檢測 > 和 < 阻止> 對資源或環境的未授權訪問。
accountability
可問責性
A security principle indicating that individuals must be identifiable and must be held responsible for their actions.
一種 < 安全原則 > ,
表明個體必須可被標識,並且必須對自己的行動負責。
accredited
認可
A computer system or network that has received official authorization and approval to process sensitive data in a specific operational environment.
There must be a security evaluation of the system’s hardware,software, configurations, and controls by technical personnel.
具有公認的 < 正式授權 > 和 < 許可 >的計算機系統或網絡,
能在特定操作環境中處理敏感數據。
這樣的計算機系統或網絡必須具有
對系統 < 硬體 >、< 軟體 >、< 配置 >和 < 控制 > 進行安全評估。
add-on security
追加安全性
Security protection mechanisms that are hardware or software retrofitted to a system to increase that system’s protection level.
為系統加裝 < 硬體 >或< 軟體 >的安全保護機制,從而提高系統的保護級別。
administrative controls
行政管理性控制
Security mechanisms that are management’s responsibility and referred to as “soft” controls.
These controls include the development and publication of policies, standards, procedures, and guidelines;
the screening of personnel; security-awareness training; the monitoring of system activity; and change control procedures.
屬於管理職責的安全機制,這種機制被視為 < 軟 >控制。 行政管理性控制包括 : 1.< 策略、標准、措施、指導原則 >的開發與發佈、 2.< 人員的篩查 >、3.< 安全意識培訓 >、 4.< 對系統活動的監控> 、 5.< 變更控制措施 >。
aggregation
聚合
The act of combining information from separate sources of
a lower classification level that results in the creation of information of a higher
classification level, which the subject does not have the necessary rights to access.
來自較低分類級別的單獨源的信息的動作,
此動作導致< 創建 >較高分類級別的信息,
但主體對這些信息不具有訪問權限。
AIC triad
AIC 三元組
The three security principles: availability, integrity, and confidentiality.
Sometimes also presented as CIA: confidentiality, integrity, and availability.
三個安全原則:可用性、完整性、機密性。 CIA
annualized loss expectancy (ALE)
年度損失預期 (ALE)
A dollar amount that estimates the loss potential from a risk in a span of a year.
single loss expectancy (SLE) × annualized rate of occurrence (ARO) =ALE
某種風險在一個年度中預計可能造成的損失成本。
單一損失預期(SLE)x 年發生比率(ARO)=ALE 。
antimalware
反惡意軟件
Software whose principal functions include the identification and mitigation of malware;
also known as antivirus, although this term could be specific to only one type of malware.
主要功能包括 < 識別 > 和 < 減少惡意軟件 >:也稱為防病毒軟件。
雖然此術語可能只特定於一種類型的惡意軟件。
annualized rate of occurrence (ARO)
年發生比率, AR
The value that represents the estimated possibility of a specific threat taking place within a one-year timeframe.
此值表示一年時間內發生特定威脅的預計可能性。
assurance
保證
A measurement of confidence in the level of protection that a specific security control delivers and the degree to which it enforces the security policy.
這個置信度反映了特定 < 安全控制 > 提供的
< 實施安全策略的程度> 與 < 保護級別 > 。
attack
攻擊
An attempt to bypass security controls in a system with the mission of using that system or compromising it.
An attack is usually accomplished by exploiting a current vulnerability.
避開系統中的 < 安全控制 > 以達到 系統目的所進行的嘗試。
攻擊往往通過利用 < 當前的脆弱性 > 而實現。
attribute-based access control (ABAC)
An access control model in which access decisions are based on attributes of any component of or action on the system.
一種訪問控制模型,
其中訪問決策基於系統的任何組件或操作的屬性。
audit
審計
A systematic assessment of significant importance to the organization that determines whether the system or process being audited satisfies some external standards.
對組織非常重要的系統評估,
它確定 1.< 要審核的系統 > 或 2.< 過程 > ,是否滿足某些外部標準。
audit trail
審計跟蹤
A chronological set of logs and records used to provide evidence of a system’s performance or activity that took place on the system.
These logs and records can be used to attempt to reconstruct past events and track the activities that took place,
and possibly detect and identify intruders.
一組按時間順序排列的 < 日誌和記錄 >, 用於提供系統在系統上< 發生的性能 > 或 < 活動 > 的證據。 這些 < 日誌和記錄 >, 能用於嘗試重新 < 構建過去的事件 >、< 跟蹤發生的活動 >, 並可能 < 檢測 > 和 < 標識 > 入侵者。
authenticate
身份驗證
To verify the identity of a subject requesting the use of a system and/or access to network resources.
The steps to giving a subject access to an object should be identification, authentication, and authorization.
對請求使用 < 系統 > 或 < 訪問網絡資源 > 的主體 的身份進行驗證。
使主體訪問客體的步驟應當是:
1.< 身份標識 >、2.< 身份驗證 > 和 3.< 授權 >。
authorization
授權
Granting access to an object after the subject has been properly identified and authenticated.
在主體通過有效的
{身份標識}和{身份驗證}之後,
准許其對客體的訪問。
availability
可用性
The reliability and accessibility of data and resources to authorized individuals in a timely manner.
個體 < 及時 > 獲得
< 數據 > 和 < 資源 > 的
< 可靠性 > 與 < 可訪問性 >。
back door
後門
An undocumented way of gaining access to a computer system.
Aftera system is compromised, an attacker may load a program that listens on a port(back door) so that the attacker can enter the system at any time.
A back door is also referred to as a trapdoor.
一種未記錄的訪問計算機系統的方式。
在系統受到威脅之後,
攻擊者可能會加載在端口(後門)上偵聽的程序,以便攻擊者可以隨時進入系統。
後門也稱為活板門。
