When you are done, you can return to where you left off in the course Return.
There are no terms starting with 0 through 9.
Terms beginning with A
Accreditation - An official management decision to accept the security environment and authorize the operation of an information system; this decision is based on the results of the certification process.
Terms beginning with B
Background Investigations - A screening process that helps determine whether an individual is suitable employment at a specified level of trust. Background Investigation may involve checking criminal history, fingerprint records, and other federal indices.
Baseline - Documented configuration of a system established at a specific point in time that captures the structure and details of its settings. It serves as a reference for further activities. An application or software baseline provides the ability to change or to rebuild a specific version at a later date.
Terms beginning with C
Configuration Management - Control policies and activities applied to the information technology environment of an organization or Agency that ensures system components are well defined and cannot be changed without proper authorization and justification.
Contingency Planning - A plan to lessen the risk of disruptions affecting IT systems, business processes, and facilities. At a minimum, FHFA requires that each Agency and staff office develop two plans: Business Resumption Plan and Disaster Recovery Plan.
Terms beginning with D
Denial of Service - An attack that involves bombarding a computer system with huge amounts of data from many different machines and locations in an effort to bring down the computer and deny its availability.
Designated Security Officers (DSOs) - The DSO is appointed by an Associate Director, Head of Office or Process Owner to represent them in carrying out the detailed security functions pertaining to their area of responsibility.
Terms beginning with E
There are no terms starting with E.
Terms beginning with F
Freedom of Information Act (FOIA) - A law that was enacted in 1966 to provide public access, through the submissions of requests, to Federal government records in order to shed light on the running of the Federal government and the interworkings of the Federal government agencies. In 1996, the Electronic Freedom of Information Act Amendments (E-FOIA) was signed into law, which allows electronic access to certain information without having to make a formal FOIA request.
Terms beginning with G
General Support System - Interconnected information resources under the same direct management control which share common functionality and normally include hardware, software, information, applications, communications, facilities, and people.
Government Information Systems - A set of processes, communications, storage, and related resources, whose elements are under the same direct management control, have the same function or mission objective, and have essentially the same operating characteristics and security needs.
Terms beginning with H
Hoaxes - Email messages sent to as many people as possible to slow down the Internet and email service by clogging the networks with extra traffic. The emails may appear legitimate, come from known senders, warn about something or promote a great deal, or be in the form of chain letters.
Terms beginning with I
Identity Theft - Copying or assuming another person's identity for the purposes of committing fraud or some other crime. Identity theft occurs by using someone else's name, address, social security number, or other information without the individual's knowledge.
Information Security - The policies, procedures, guidance, and logical, physical and personnel controls that protect the confidentiality, integrity, and availability of information systems. It also includes those measures necessary to detect, document, and counter information security threats.
Information System - A set of processes, communications, storage, and related resources, whose elements are under the same direct management control, have the same function or mission objective, and have essentially the same operating characteristics and security needs.
Information Technology Security Officer (ITSO) - A person who is responsible for the overall security program of an FHFA Agency or office. This person ensures that all federal laws, Agency policies, and security practices are implemented across all information technology programs.
Terms beginning with J -
There are no terms starting with J.
Terms beginning with K -
There are no terms starting with K.
Terms beginning with L -
Terms beginning with M -
Major Application - A system that performs clearly defined functions for which there are readily identifiable security considerations and needs, and may be comprised of many hardware, software, and telecommunications components.
Management Controls - Management includes policies. It also involves incorporating security into the SDLC and developing and maintaining system documentation (e.g., the System Security Plan). Some management controls are Security Planning, System and Services Acquisition, Security Control Review, and Processing Authorization.
Terms beginning with N
Terms beginning with O
Office of the Inspector General (OIG) - Performs audits and investigations of the Agency's programs and operations; works with the Agency's management team in activities that promote economy, efficiency, and effectiveness or that prevent and detect fraud and abuse in programs and operations, both within FHFA and in non-Federal entities that receive FHFA assistance.
Operational Controls - Operational controls are those safeguards and countermeasures employed by an organization to support the management and technical controls in an information system. Some operational controls are Personnel Security and Hardware and Software Maintenance.
Terms beginning with P -
Peer-to-Peer Software - Software that uses the Internet to bypass the traditional client/server network relationship that exists in business and government offices, such as some online music and video sharing programs. A number of peer-to-peer software programs even allow the sharing of computers.
Personnel Security - A process that agencies use to review and identify their public trust and sensitive positions and ensure that personnel in or selected for those positions undergo the appropriate background investigations, suitability determinations, or clearances.
Privacy Act of 1974 - A law passed by the Congress in 1974 for the purpose of protecting, through regulation, personal information that is collected, maintained, and disseminated by any Federal government entity. The Act protects the information of individuals who are either United States citizens or aliens lawfully admitted for permanent residence.
Privacy Act Statement - A statement that informs an individual of the authority, purpose, and routine use of the data being collected from him or her. This statement must be given to the individual BEFORE taking any information.
Privacy Impact Assessment (PIA) - A process for determining how personal information is handled, the security of the information, and the impact of information disclosure on an individual. Privacy Impact Assessments are mandated by the E-Government Act of 2002.
Terms beginning with Q
There are no terms starting with Q.
Terms beginning with R
Terms beginning with S
Social Engineering - Relying on weaknesses in human nature rather than software to trick people into revealing passwords and other information that can be used to compromise the security of information systems. It can also lead to fraud and identity theft.
Spyware - A program that is similar to a non-destructive Trojan horse in that it collects information and sends it to its author. It is generally installed on a computer when shareware or some similar and usually free software is installed.
System of Records - A group of records where an individual's information is retrieved by name or some other type of identifier, such as a social security number, any identifying number, a fingerprint, a voiceprint, or a photograph. It does not matter whether these records are on paper or in a computerized database.
System of Records Notice - A notice published in the Federal Register, which includes a description of the system and the information to be collected, why it is needed, where it is located, Agency practices protecting Privacy information, and how individuals can access and amend their records. This notice allows for public comment or question.
Terms beginning with T
Technical Controls - Technical controls are those safeguards and countermeasures employed within the information system's hardware, software, or firmware to protect the system and its information from unauthorized access, use, disclosure, disruption, modification, or destruction. You can think of technical controls as those that are executed by the system. Technical control categories include Logical Access Controls, Accountability/Audit Trails, and System and Communications Protection.
Threat - A circumstance or event with the potential to cause unauthorized loss, modification, or disclosure of information; or the potential to cause damage to a computer or any part of the IT system.
Terms beginning with U
There are no terms starting with U.
Terms beginning with V
Terms beginning with W
Wireless networking/computing - The ability to connect your computer to a network without using a physical connection. Often, Internet wireless connections can be found in coffee shops, hotel rooms, Internet cafes, or at home.
Terms beginning with X
There are no terms starting with X.
Terms beginning with Y
There are no terms starting with Y.
Terms beginning with Z
There are no terms starting with Z.
When you are done, you can return to where you left off in the course Return.