attack |
Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself. |
attack sensing and warning |
Detection, correlation, identification, and characterization of intentional unauthorized activity with notification to decision makers so that an appropriate response can be developed. |
attack signature |
A specific sequence of events indicative of an unauthorized access attempt. |
attack tree |
A branching, hierarchical data structure that represents a set of potential approaches to achieving an event in which system security is penetrated or compromised in a specified way. |
attended |
Under continuous positive control of personnel authorized for access or use. |
attribute |
An attribute is any distinctive feature, characteristic, or property of an object that can be identified or isolated quantitatively or qualitatively by either human or automated means. |
attribute-based access control (ABAC) |
Access control based on attributes associated with and about subjects, objects, targets, initiators, resources, or the environment. An access control rule set defines the combination of attributes under which an access may take place. |
attribute-based authorization |
A structured process that determines when a user is authorized to access information, systems, or services based on attributes of the user and of the information, system, or service. |
audit |
Independent review and examination of records and activities to assess the adequacy of system controls and ensure compliance with established policies and operational procedures. |
audit log |
A chronological record of system activities. Includes records of system accesses and operations performed in a given period. |
audit record |
An individual entry in an audit log related to an audited event. |
audit reduction tools |
Preprocessors designed to reduce the volume of audit records to facilitate manual review. Before a security review, these tools can remove many audit records known to have little security significance. |