Information Security Glossary

ISO27002

Thu, 3 Jul 2008 00:00:00 EDT

New name for ISO17799.

Knowledge Based Authentication (KBA)

Tue, 4 Sep 2007 00:00:00 EDT

A method to authenticate an individual based on knowledge of personal information, substantiated by a real-time interactive question and answer process.

Intelligent Questioning

Tue, 4 Sep 2007 00:00:00 EDT

During a Knowledge Based Authentication session, the process of logically developing correct and incorrect answers using actual consumer data in order to diminish a person's ability to guess the correct responses. Intelligent Questioning compensates for minor input errors and name variations and accounts for errors in public data in order to identify meaningful facts for question development. The result is robust questions unique to the individual being authenticated

sequential questions

Tue, 4 Sep 2007 00:00:00 EDT

During a Knowledge Based Authentication session, the ability to present and score one question at a time, which can reduce the number of questions presented to the customer, thereby improving the efficiency of the authentication process.

call center

Tue, 4 Sep 2007 00:00:00 EDT

A venue where an agent will access the Knowledge Based Authentication system and the customer will be authenticated via telephone.

call center assist

Tue, 4 Sep 2007 00:00:00 EDT

Real-time scripts which guide the call center agent through the authentication process, prompting the agent to correct missing or inaccurate customer information (address, SSN, name spellings) when appropriate.

verification

Tue, 4 Sep 2007 00:00:00 EDT

During a Knowledge Based Authentication session, the process that ensures that the data provided for an individual exists and matches (name, address, social security number, date of birth, driver’s license).

key management

Thu, 23 Aug 2007 00:00:00 EDT

A collection of procedures involved with the generation, exchange, storage, safeguarding, use, vetting, and replacement of encryption keys. Key management is essential to the secure ongoing operation of any cryptosystem.

CVV

Thu, 23 Aug 2007 00:00:00 EDT

The CVV (Card Verification Value) is a part of the of the magnetic track data in the credit card itself. CVV2/CVC2/CID information is the 3 or 4 digit code on the back of the signature strip of a credit or debit card (or on the front of American Express cards).

Alerting, alerts

Thu, 15 Feb 2007 00:00:00 EDT

A robust network-security monitoring application should include an alerting service. When an event that requires attention occurs, this service will send a notice by e-mail, page, instant messaging or other urgent method to a security expert. The administrator may configure this service for pre-determined events or baselining may be used. When baselining is used, a threshold value is configured. When the value exceeds the threshold for a particular kind of event, an alert is issued. For example, a number of failed attempts to log into an administrative account on a server may indicate that an attacker is trying to gain control of the server. The network team decides that up to ten tries is reasonable for someone who has just temporarily forgotten the password, so they set a threshold of ten failed attempts for this kind of event. At the eleventh attempt, an alert is sent so that an expert can investigate for other symptoms that would indicate an attack.