CPM Dictionary: A
.dam: Indicates a detection for files that have been corrupted by a threat or that may contain inactive remnants of a threat, causing the files to improperly execute or produce unreliable results
.dr: Refers to a file called a dropper, which drops a virus or worm onto the victim's computer
.enc: Refers to a file that is encrypted or encoded. For example, a worm that creates a copy of itself with MIME encoding may be detected with the .enc suffix.
@m: Signifies that the virus or worm is a "mailer" and only sends itself by email.
@mm: Signifies that the virus or worm is a "mass-mailer" and sends messages to every email address in your mailbox.
ABA Guidelines: American Bar Association (ABA) Digital Signature Guidelines, a framework of legal principles for using digital signatures and digital certificates in electronic commerce
Abatement: Reducing or minimizing public health dangers and nuisances, usually supported by regulation or legislation, e.g., noise abatement, smoke abatement
Abstract Syntax Notation One (ASN.1): Standard for describing data objects, this notation format is important to security because of its significance in networking discussions. OSI standards use ASN.1 to specify data formats for protocols. Syntax is needed to define abstract objects, and encoding rules are needed to transform between abstract objects and bit strings. In ASN.1, formal names are written without spaces, and separate words in a name are indicated by capitalizing the first letter of each word except the first word. For example, the name of a CRL is "certificateRevocationList".
Acceptable Use Policy (AUP): Written policy outlining the usage that may or may not be made of computing or network resources; typically part of a company's security policy.
Acceptance Inspection: Final inspection to determine whether or not a facility or system meets specified technical and performance standards; typically held immediately after facility and software testing and is the basis for commissioning or accepting the information system
Access: Ability and means to communicate with or otherwise interact with a system; a specific type of interaction between a subject and an object that results in the flow of information from one to the other. A subject may access a file object to obtain data, or a subject may access a system resource and give it command information in order to obtain service.
Access Control: Access control ensures that resources are only granted to those users who are entitled to them by limiting access to the resources of a system only to authorized programs, processes, or other systems (in a network); may be an administrative, physical, or technical control, but is most commonly considered a technical control limiting access to information or resources on a system.
Access Control List (ACL): Tool that implements access control for a system resource by listing the identities of the system entities that are permitted to access the resource.
Access Control Mechanism: Hardware or software features, operating procedures, management procedures, and various combinations of these designed to detect and prevent unauthorized access and to permit authorized access in an automated system. Access control lists are a technical access control mechanism.
Access Control Service: Security service that protects system resources against unauthorized access by using ACLs and tickets
Access Denial: See also Denial of Access
Access Level: Hierarchical organization of security levels used to identify data sensitivity and clearance or authorization of users; used to form the sensitivity label of an object. See Category, Security Level, And Sensitivity Label
Access Management Access: Management of the maintenance of access information; consists of account administration, maintenance, monitoring, and revocation
Access Matrix: Uses rows to represent subjects and columns to represent objects with privileges listed in each cell
Access Period: Time period, typically on a daily or weekly basis, during which access rights prevail
Access Type: Nature of an access right to a particular device, program, or file (e.g., read, write, execute, append, modify, delete, or create).
Accident: An unanticipated event, commonly leading to injury, in traffic, the workplace, or a domestic or recreational setting. Epidemiological studies have demonstrated that as the risk of accidents is predictable, accidents are therefore preventable.
Accident Response Group (ARG): A group of technical and scientific experts composed of Department of Energy (DOE) and DOE contractor personnel assigned responsibility for providing DOE response to peacetime accidents and significant incidents involving nuclear weapons anywhere in the world.
Account Harvesting: Process of collecting all legitimate account names on a system
Accountability: System property that traces system activities to individuals (or entities) who may then be held responsible for their actions
Accreditation: A formal declaration of acceptance by the command or management authority that the system is approved to operate in a particular security mode using a prescribed set of safeguards; accreditation is the official management authorization for operation of a system and is based on the certification process as well as other management considerations. The accreditation statement links security responsibility with the management or operating authority and shows that due care has been taken for security.
Accreditation Authority: Management or command level with authority to accept a particular system
ACK Piggybacking: ACK piggybacking is the practice of sending an ACK inside another packet going to the same destination.
ACS: A communications server that manages a pool of modems. It directs outgoing messages to the next available modem and incoming messages to the appropriate workstation.
Action: A predefined response to an event or alert by a system or application.
Action Plan: The plan prepared in the EOC containing the emergency response objectives of that SEMS level reflecting overall priorities and supporting activities for a designated period. The plan is shared with supporting agencies. See also Incident Action Plan.
Activate: At a minimum, a designated official of the emergency response agency that implements SEMS as appropriate to the scope of the emergency and the agency's role in response to the emergency.
Activation: The implementation of business continuity procedures, activities and plans in response to a business continuity emergency, event, incident and/or crisis; the execution of the recovery plan. See also Invocation.
Active: A status that indicates that a program, job, policy, or scan is running. For example, when a scheduled scan executes, it is considered active.
Active Attacks: Unauthorized intrusions that attempt to change or influence a system
Active Content: Program code embedded in web page contents. When the page is accessed by a web browser, the embedded code is automatically downloaded and executed on the user's workstation. Example: Java, ActiveX
Active Immunity: Resistance developed in response to stimulus by an antigen (infecting agent or vaccine); characterized by presence of an antibody produced by the host. See also Host, Passive Immunity
Active Immunization: Administration of vaccines to stimulate the host immune system to develop immunity (protection) against a specific pathogen or toxin. Vaccines are available for the following potential biological warfare agents: anthrax, Argentine hemorrhagic fever, botulinum toxin, plague, Q fever, Rift Valley Fever, smallpox, tularemia, Venezuelan equine encephalitis (VEE), and yellow fever. See also Chemoprophylaxis; Immunization.
ActiveX: ActiveX controls are software modules based on Microsoft's Component Object Model (COM) architecture; are almost identical in structure to MS Windows programs; have full system access; and has a digital signature system called Authenticode
Activity Log: Sequentially organized report of all recorded events
Activity Monitors: 1) Used to prevent virus infection by monitoring potential malicious activity on a system, and blocking that activity when possible; 2) type of antiviral software which checks for signs of suspicious activity, such as attempts to rewrite program files, format disks, etc. See also Operation Restrictor Acute 1) In health, a sudden onset of a problem, often brief; sometimes considered severe; 2) refers to exposure, brief, intense, or short-term; sometimes specifically referring to a brief exposure of high intensity. See also Chronic
Add-On Security: Retrofitting of hardware or software protection mechanisms
Address Resolution Protocol (ARP): Protocol used for mapping an Internet Protocol address to a physical machine address that is recognized in the local network. A table, usually called the ARP cache, maintains a correlation between each MAC address and its corresponding IP address. ARP provides the protocol rules for making this correlation and providing address conversion in both directions.
Administrative Control: See also Controls
Administrative Domain: An environment or context defined by a security policy, security model, or security architecture
Administrative Security: Management constraints and supplemental controls established to provide an acceptable level of protection for data; also called Administrative Controls
Administrator: Someone who provides oversight on the operation of a network, responsible for installing programs on a network and configuring them for distribution to workstations; may also update workstation security settings
Advance Alert: Highest Federal civil readiness level; primary emergency operating centers of the Federal government at headquarters, regions, and other major field offices are staffed at this level Advance Element of Emergency Response Team (ERT-A): First group deployed to the field to respond to a disaster incident, e.g., first responders.
Advanced Encryption Standard (AES): Encryption standard developed by NIST to specify an unclassified, publicly disclosed, symmetric encryption algorithm
Advanced Life Support (ALS): Medical procedures performed by emergency medical technicians-paramedics that include the advanced diagnosis and protocol-driven treatment of a patient in the field. See also Emergency Medical Technician-Paramedic.
Adversary: An entity that attacks, or is a threat to, a system
Adverse Reaction: An undesirable or unwanted consequence of a preventive, diagnostic or therapeutic procedure, e.g., adverse reaction to smallpox vaccination. See also Side Effect.
Advisory Committee: Any committee, board, commission, council, conference, panel, task force, or any subcommittee thereof which is established or utilized by FEMA to obtain advice for the President or agency(ies) or office(s) of the Federal Government and is not composed wholly of full-time officers or employees of the Federal Government
Adware: While not necessarily malware, adware has been known to go beyond reasonable advertising expected from freeware or shareware; usually continues to generate advertising even when the user is not running the originally desired program. See also Cookies, Spyware, and Web Bugs
Aerial Measuring System (AMS): An integrated remote sensing capability, using airborne equipment, for rapidly determining radiological and ecological conditions of large areas of the environment; used for extremely low-level gamma radiation detection, high-altitude photography, airborne gas and particulate sampling, and multi-spectral photography and scanning
Affected Structure: A structure that received damage but is usable for its intended purpose. After Action Report: A report covering response actions, modifications to plans and procedures, training needs, and recovery activities, as required by SEMS; reports are required after emergencies which requires a declaration of an emergency, and are required within 90 days of the event
Age: Rating used to determine vulnerability based on the relative amount of time since the discovery of the vulnerability; potential for exploiting a vulnerability increases as the age of the vulnerability increases
Agency Dispatch: The agency or jurisdictional facility from which resources are allocated to incidents Agency Executive or Administrator: Chief executive officer (or designee) of an agency or jurisdiction that has responsibility for an incident
Agency Representative: Individual assigned to an incident or to an EOC from an assisting or cooperating agency who has been delegated authority to make decisions on matters affecting that agency's participation at the incident or at the EOC; typically report to the Liaison Officer
Agency: Division of government with a specific function, or a non-governmental organization (e.g., private contractor, business, etc.) that offers a particular kind of assistance. See also Assisting Agency, Cooperating Agency and Multi-agency
Agent of Disease: A factor, such as a microorganism, chemical substance, or form of radiation, whose presence, excessive presence, or (in deficiency diseases) relative absence is essential for the occurrence of a disease. See also Bacterial Agent; Disease; Toxin Agent; Viral Agent
Aggregate Surveillance: The surveillance of a disease or health event by collecting summary data on groups of cases over a specified period of time
Aggregation: Situation where which higher-level information (needs higher level security clearance) may be inferred from a large number of lower level data items. A collection of information items may be required to be classified at a higher security level than any of the individual items that comprise it.
AH: See also Authentication Header
Air Operations Branch Director: Person primarily responsible for preparing and implementing the air operations portion of an Incident Action Plan; also responsible for providing logistical support to helicopters operating on the incident Air Sampling: Collection and analysis of air samples to detect and measure presence of radioactive substances, particulate matter, or chemical pollutants Air Tanker: Any fixed wing aircraft certified by the FAA as being capable of transport and delivery of fire retardant solutions
Airborne Infection: Transmission of infectious agents by particles, dust, or droplet nuclei suspended in the air. See also Transmission of Infection
Airborne Precautions: Standard Precautions plus: placing the patient in a private room that has negative air pressure, at least six air changes/hour, and appropriate filtration of air before it is discharged from the room; use of respiratory protection when entering the room; limiting movement and transport of the patient; and using a mask on the patient if he or she needs to be moved. See also Standard Precautions
Alarm: Sound or visual signal triggered by an error condition
Alarm Procedure: Process for alerting concerned parties to a disaster; may use various optical and acoustical means of alarm, including flags, lights, sirens, radio, and telephone
Alert: Formal notification that a potential disaster situation exists or has occurred; direction for recipient to stand by for possible activation of disaster recovery plan; for a nuclear power facility, an accident notification category for commercial nuclear power plants
Alertable Event: Any event or part of an event set configured to trigger an alert
Algorithm: 1) Step-by-step instructions for problem-solving or computation procedures, especially ones that can be implemented by a computer; 2) cryptographic algorithms are used in encryption or decryption of data files and messages and creation of digital signatures. See also Signature
Alias: Name that an entity uses in place of its real name, in computing usually for purposes of convenience or brevity, but in security often for the purpose of either anonymity or deception
All Hazards: Natural or human-caused events, including, without limitation, civil disturbances, that may result in major disasters or emergencies Allocated Resources: Assets dispatched to an incident that have not yet checked-in with the Incident Communications Center Allocation (Specific) - Resource Management: Authorization and action whereby a facility or all or some of the total anticipated supply of a scarce and critical material, commodity, product, service, or item is assigned or reserved for the use by a specified activity or activities during a stated time period It permits the claimant activity to procure a specified quantity of the particular controlled goods or services during a stated time period.
Also Known As: Names that various antivirus vendors use to identify a threat
Alternate Site: 1) An alternate operating location held in readiness for use by business functions when the primary facilities are inaccessible; 2) alternate location, computer center or work area designated for recovery; term applies equally to office or technology requirements; 3) sites may be ‘cold’, ‘warm’ or ‘hot’. See also: Alternate Processing Facility, Alternate Office Facility, Alternate Communication Facility, Backup Location, Cold Site, Hot Site, Recovery Site, and Warm Site
Alternate Work Area: Office recovery environment complete with necessary office infrastructure (desk, telephone, workstation, and associated hardware, communications, etc.). See also: Work Space or Alternate Work Site
Ambulance Service Providers: Organizations, whether public or private, that own and operate a business or service using one or more ambulances or EMS vehicles to transport emergency patients
American National Red Cross (ANRC): The ANRC, operating under charter from Congress, is the official volunteer disaster relief agency of the U.S. American National Red Cross Mass Care Preparedness and Operation Procedures and Regulations, ARC 3031: Details Red Cross mass care preparedness and operating regulations and procedures American National Red Cross National Board of Governors Disaster Services Policy Statement, July 1, 1977: Outlines basic policies of the ARC disaster services program, and disaster relief services to be provided by units of the American Red Cross on a uniform and nationwide basis American Red Cross (ARC): Quasi-government agency for relief of suffering and welfare activities during war and disaster; in the U.S. it operates under a Congressional charter and is supported by the public; internationally, it operates in accordance with the Treaty of Geneva American Red Cross Disaster Services Regulations and Procedures, ARC 3003: Details delegation of disaster services program responsibilities to officials and units of the American Red Cross; also defines Red Cross administrative regulations and procedures for disaster planning, preparedness, and response
Anomaly Detection: Identifying intrusions by looking for activity different from a user's or system's normal behavior; also, a type of intrusion detection system
Anonymous: Having an identity that is unknown or concealed; an alias may be used to hide a real name, anonymous entities may be completely untraceable. See also Anonymous Login
Anonymous Login: Access control feature (or weakness) in many Internet hosts that enables users to gain access to general-purpose or public services and resources on a host (such as allowing any user to transfer data using ftp) without having a pre-established, user-specific account (i.e., user name and secret password). This feature exposes a system to more threats than when all the users are known, pre-registered entities that are individually accountable for their actions.
ANSI Bomb: Use of certain codes (escape sequences, usually embedded in text files or email messages), which remap keys on a keyboard to commands such as "DELETE" or "FORMAT". ANSI (American National Standards Institute) refers to ANSI screen formatting rules; early MS-DOS programs used these rules, and required the use of the ANSI.SYS file for keyboard remapping
Antigen: A substance (protein, polysaccharide, glycolipid, tissue transplant, etc.) that induces a specific immune response
Antiviral: Refers to antivirus software or systems of all types
Antivirus: Subcategory of a security policy that pertains to computer viruses
Antivirus Software: See also Scanner, Change Detection, Activity Monitor
Antivirus Virus: Specialized virus that specifically looks for and removes other viruses. See also Benign
Apathy: Indifference to calls to action – common in disaster preparedness among governmental bodies and the public. See also Governmental Apathy; Public Apathy
Apathy, Governmental: See also Governmental Apathy
Apathy, Public: See also Public Apathy
Applet: A small application transported over networks, especially as an enhancement to a Web page; they often arrive from systems that cannot be verified as trusted; examples: ActiveX and Java
Applicant (Relating to a Major Disaster or Emergency): 1) For public assistance this means the State, local government, or eligible private nonprofit facility submitting a project application or request for direct Federal assistance under the Robert T. Stafford Disaster Relief and Emergency Assistance Act (P.L. 93-288, as amended) or on whose behalf the Governor's authorized representative takes such action, and 2) for individual assistance this means an individual or family who submits an application or request for assistance under the Act
Application Level Gateway: Firewall system in which service is provided by processes that maintain complete TCP connection state and sequencing. Application level firewalls often re-address traffic so that outgoing traffic appears to have originated from the firewall, rather than the internal host. See also Proxy Server
Application Recovery: Disaster recovery component that deals specifically with restoration of business system software and data, after the processing platform has been restored or replaced. See also Business System Recovery
Application server: Lets thin clients use applications and databases that are managed by the server; handles all the application operations and connections for the clients
Applied Epidemiology: Application and evaluation of epidemiologic discoveries and methods in public health and health care settings; includes applications of etiologic research, priority setting and evaluation of health programs, policies, and services. See also Epidemiology; Field Epidemiology
Archive: 1) Site containing a large number of files, possibly acquired over time, and often publicly accessible. See also FTP, particularly Anonymous FTP; 2) file that contains a number of related files, usually in a compressed format to reduce file size and transmission (upload or download) time on electronic bulletin boards or download sites on the Internet; 3) often synonymous with backup. See also Compressed Executable, Self-extracting.
Area Command: An organization established to 1) oversee management of multiple incidents that are each being handled by an Incident Command System organization; 2) oversee management of a very large incident that has multiple Incident Management Teams assigned to it; 3) responsible for setting overall strategy and priorities, allocating critical resources based on priorities, ensuring that incidents are properly managed, and ensuring that objectives are met and strategies followed.
Area of Assistance: The geographical location for which a civil authority has requested some form of military assistance
Area Warning Circuit: That portion of the National Warning System (NAWAS) which lies within a FEMA region and connects Warning Points in that area with the Region
Armored Virus: Virus that tries to prevent analysts from examining its code; may use various methods to make tracing, disassembling and reverse engineering its code more difficult
Army Support for Environmental Assistance Missions: Authorized use of U.S. Army assets to support civil authorities in the preservation and protection of human health and the environment
ARPANET: Advanced Research Projects Agency Network, pioneering packet-switched network built in the early 1970s under contract to the US Government; led to the development of today's Internet; decommissioned in 1990.
ASCII: American Standard Code for Information Interchange, a coding system that assigns numerical values to characters such as letter, numbers, punctuation, and other symbols, and used in most American manufactured computers; allows only seven bits per character (for a total of 128 characters)
ASCII Files: Files consisting of only ASCII characters, and generally only printable characters
ASN.1: See also Abstract Syntax Notation One
Assay: 1) The quantitative or qualitative evaluation of a hazardous substance in water, food, soil, and air; 2) results of such an evaluation. See also Bioassay.
Assembly Area: Designated area at which employees, visitors and contractors assemble if evacuated from their building/site
Assessment (Post-disaster; Damage and Needs Assessment): 1) Process of determining the impact of a disaster or unplanned events on a society, the needs for immediate, emergency measures to save and sustain the lives of survivors, and the possibilities for expediting recovery and development; 2) an interdisciplinary process undertaken in phases and involving on-the-spot surveys and the collation, evaluation and interpretation of information from various sources concerning both direct and indirect losses, short- and long-term effects
Assessment, Damage: See also Damage Assessment
Asset: An item of property and/or component of a business activity/process owned by an organization, e.g., physical assets (e.g. buildings and equipment); financial assets (e.g. currency, bank deposits and shares) and non-tangible assets (e.g. goodwill, reputation)
Asset Measure: Quantitative measurement of an asset, e.g., confidentiality, integrity, and availability of an asset in relation to other assets in an organization
Asset Risk: Risk management category that maximizes investment related activities and manages adverse factors like the collapse of an investment market, currency mismatches and poor investment performance
Assigned Resources: Resources checked in and assigned work tasks on an incident Assignments: Tasks given to resources to perform within a given operational period, based upon tactical objectives in the Incident or EOC Action Plan Assistance Phases: Four phases of planning and response related to a catastrophic earthquake: 1) Prediction Response, which occurs 48 to 96 hours before the earthquake; includes a series of preparatory actions taken by Federal, State, and local governments to protect life and minimize effects of the potential event on response personnel and equipment, and facilitate the deployment of resources necessary for immediate response and initial recovery operations; 2) Immediate Response, which starts at the onset of the earthquake to approximately 30 days afterward, or those periods caused by aftershocks; functions performed are critical to saving lives, protecting property, and meeting basic human needs; 3) Initial Recovery, which involves the provision of Federal supplemental disaster recovery assistance upon Presidential declaration; overlaps immediate response phase, and can last up to two years; used to establish of Federal mechanisms for delivery of disaster assistance; 4) Long-Term Restoration and Recovery, which involves restoration of designated areas to their normal or an improved state; includes Federal coordination of policy development through authorities associated with provision of Federal funds and assistance.
Assistance: Provision on a humanitarian basis of material aid and services necessary to enable people to meet their basic needs for shelter, clothing, water and food; may be available for extended periods, unlike relief supplies and services which are provided, free of charge, in the period immediately following a crisis. Assistant: Title for subordinates of Command Staff positions at the Field SEMS level; assistants may also be used to supervise unit activities at camps Assisting Agency: Organization directly contributing suppression, rescue, tactical, support, or service resources to another agency Associate Director: The head of a directorate of the Federal Emergency Management Agency who has responsibility for a particular activity function
Associate Hospitals: Hospitals that participate in an approved EMS system in accordance with the EMS system program plan, fulfilling the same clinical communications requirements as the resource hospital; they have neither the primary responsibility for conducting training programs nor the responsibility for overall operation of EMS programs. See also Resource Hospitals
Assurance: Activity and process whereby an organization can verify and validate its BCM capability; also, a measure of confidence that the security features and architecture of a system accurately mediate and enforce the security policy. Assurance is often neglected in planning for security
Assurance Level: Specific level on a hierarchical scale representing successively increased confidence that a target of evaluation adequately fulfills the requirements; example. Examples: Trusted Computer Security Evaluation Criteria (TCSEC) and Common Criteria
Asymmetric Cryptography: Public-key cryptography where algorithms use a pair of keys (a public key and a private key) plus a different component of the pair for different steps of the algorithm
Asymmetric Key Encryption: Also known as public key encryption, this technique uses two keys, one publicly known, and one privately held
Asymmetric Warfare: Asymmetric warfare is the fact that a small investment, properly leveraged, can yield significant results.
Attack: Attempting to bypass security controls on a system; may be active, resulting in the alteration of data or passive, resulting in the release of data; success depends on the vulnerability of the system or activity and the effectiveness of existing countermeasures. See also Brute Force, Denial of Service, Distributed Denial of Service, Hijacking, Social Engineering, Sniffing, Spoofing, Trojan Horse, Virus
Attack Rate: Cumulative incidence of infection in a group observed over time during an epidemic; can be determined empirically by identifying clinical cases and/or by means of seroepidemiology. See also Infection Rate; Secondary Attack Rate; Seroepidemiology
Attack Signature: Activities or alterations to a system indicating an attack or attempted attack, and particularly a specific type of attack, often determined by examination of audit or network logs
Attenuation: Weakening (dilution) of the concentration, as of an antigen in a vaccine
Attribute: In MS-DOS and Windows systems, characteristics representing file permissions
Audit: The process by which procedures and/or documentation are measured against pre-agreed standards; collection of records of activities to access their compliance with security policy
Audit Trail: Chronological record of system activities that can be used to reconstruct, review, and examine the sequence of environments and activities surrounding or leading to an operation, a procedure, or an event in a transaction from its inception to final results
Auditing: Information gathering and analysis of assets to ensure such things as policy compliance and security from vulnerabilities
Authenticate: 1) Verify identity of a user, device, or other entity in a computer system, often as a prerequisite to allowing access to resources in a system; 2) verify integrity of data that have been stored, transmitted, or otherwise exposed to possible unauthorized modification
Authenticated, Self-Signed SSL: Type of single sign-on that provides authentication and data encryption through a self-signed certificate
Authentication: 1) Process of verifying identity, origin, or lack of modification of a subject or object; generally based on something the user knows, is, or has; 2) use of some kind of system to ensure that a file or message supposed to come from a given individual or company actually does so
Authentication Header (AH): Internet IPsec protocol (RFC 2402) designed to provide connectionless data integrity service and data origin authentication service for IP datagrams, and (optionally) to provide protection against replay attacks; may be used alone, or in combination with the IPsec Encapsulating Security Payload (ESP) protocol, or in a nested fashion with tunneling. The main difference between authentication services provided by ESP and AH is the extent of the coverage; ESP does not protect IP header fields unless they are encapsulated by AH.
Authentication Token: Portable device used for authenticating users; tokens operate by challenge/response, time-based code sequences, or other techniques
Authenticator: Technique used to confirm identity or to verify eligibility of a station, originator, or individual; standard authenticators are something you have, something you are, or something you know
Authenticity: Validity and conformance of the original information; also, the property of being genuine and able to be verified and be trusted. See also Authenticate, Authentication, Validate, Verify
Authenticode: Microsoft security system for ActiveX controls as active Web content, and other program verification; digital signature system that verifies only that the code has not changed since it was signed, and that the certificate used to sign the code was originally issued by the certificate authority
Authorization: Approval, permission, or empowerment for someone or something to do something
Automated Disaster Reporting System: Automated system which follows the progress of disaster recovery from the initial application through the approval and disbursal of funds for each program; provides FEMA staff and State and local Programs and Support Program Officer with essential information and data needed for executive management of the response and for the preparation of briefing and status reports
Autonomous System: Single network or series of networks that are under unified administrative control; also referred to as a routing domain, and is assigned a globally unique number, sometimes called an Autonomous System Number (ASN)
Autonomy, Respect for: See also Respect for Autonomy
AV: Abbreviation used to distinguish the antiviral research community (AV) from those who call themselves "virus researchers" but who are primarily interested in writing and exchanging viral programs (VX); also an abbreviation for antivirus software. See also VX.
Availability: Availability is the need to ensure that the business purpose of the system can be met and that it is accessible to those who need to use it; also, the state when the system, resources, and data are in the place needed by the user, at the time the user needs them, and in the form needed by the user. Availability is one of the three pillars of security.
Available Resources: Incident-based resources which are available for immediate assignment
Awareness Message: Method of informing people about the nature of hazards around them; motivates them to obtain more information, and offers simple safety tips
CPM Dictionary
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z