Access Control: Mechanism(s) used to restrict access to an object. ACL Access Control List. A list of resources and the permissions or authorizations allowed. Active Code/Active Content: Generic term for software delivered via the world Wide Web that executes directly on the user's computer. Alert: A formatted message describing a circumstance relevant to network security. Alerts are often derived from critical audit events. | SANS GIAC Information Security KickStart Glossary of Terms Term Definition Access Control Mechanism s used to restrict access to an object. ACL Access Control List. A list of resources and the permissions or authorizations allowed. Active Code Active Content Generic term for software delivered via the world Wide Web that executes directly on the user s computer. Alert A formatted message describing a circumstance relevant to network security. Alerts are often derived from critical audit events. Analog Communications Method of communications that involves continuous modification of energy waves. ASCII American Standard Code for Information Interchange. The system of representing characters as fixed patterns of data bits. Assurance A measure of confidence that the security features and architecture of a system or service accurately mediate and enforce the security policy. Asymmetric Encryption The process of encoding information by using both a distributed public key and a secret private key. See Public Key Cryptography. Attack An attempt to bypass security controls on a computer. The attack may alter release or deny data. Whether an attack will succeed depends on the vulnerability of the computer system and the effectiveness of existing countermeasures. Audit The independent examination of records and activities to ensure compliance with established controls policy and operational procedures and to recommend any indicated changes in controls policy or procedures. Audit Trail In computer security systems a chronological record of system resource usage. This includes user login file access other various activities and whether any actual or attempted security violations occurred legitimate and unauthorized. Authenticate To establish the validity of a claimed user or object. Authentication To positively verify the identity of a user device or other entity in a computer system often as a prerequisite to allowing access to resources in a system. Authorization Granting a .
