Security Terms Glossary
A – Security Terms
An acronym for “authorization, authentication and accounting”. AAA functions as a standard protocol by authorizing users on the basis of user rights applicable to them, authenticating user identity with the help of verifiable identity and accounting the consumption of resources on the network on the user.
A limiting mechanism which grants access only to certain authorized applications or persons to information processing resources and any other available information.
This data consists of data that can identify the card holder and can include other sensitive data used for authentication purposes. (See also Sensitive Authentication and Cardholder Data)
See PAN i.e. Primary Account Number
Also known as an acquiring financial institution or an acquiring bank. Refers to a person who maintains and initiates a professional relationship with various merchants for the purpose of acceptance of payments for all credit cards.
A form of malicious software. Once installed, the Adware forces the afflicted computer to download and automatically display various advertisements.
An abbreviation for “Advanced Encryption Standard” the AES is a block chipper used as part of cryptography for a systematic key which was later utilized by NIST as the U.S FIPS PUB 197 or simply the FIPS 197 in November 2001. View also Strong Cryptography.
An acronym of the Advanced Encryption Standards Institute. A non-profit, private organization, the ANSI is responsible for coordinating the conformity assessment and voluntary standardization system of the U.S.
A software or program which is capable of protecting, removing and detecting against different forms of viruses and malicious software known as malware which included worms, Trojans, Trojan Horses, adware, spyware, rootkits and viruses.
Consists of all custom or purchased groups of software programs or software programs that include external and internal applications.
Also known as an audit trial, the audit log is a record showing activities of the system in chronological order. It provides a verifiably independent trail which is adequate enough to permit examination, review and reconstruction of sequence of activities and environments leading or surrounding to the event, procedure or operation in a transaction commencing from inception till the final result.
See Audit Log.
An acronym for “Approved Scanning Vendor”, the ASV is a company approved to conduct vulnerability scanning external services by the PCI SSC.
The process through which a person’s, process or device’s identity is verified. Typically, authentication occurs through the utilization of one or all the factors of authentication such as:
- Something only known by you such as a pass phrase or password.
- Something only owned by you such as a smart card or service device.
- Something which you are such as being biometric.
Consisting of factors like the account ID and user ID, the authentication credentials are used to verify a process, device or individual.
Granting of rights or access to other programs, processes or users. In networks, authorization indicates what a program or individual are allowed to do once authorization is successful. For a payment card transaction, the authorization happens when the merchant receives approval of transaction after validation has been provided by the acquirer of the transaction with the processor/issuer.