Wikimedia Security Team/Definitions

Containment – Restrict communication of suspect systems, accounts or networks during an incident, in order to prevent the propagation of a compromise. Decryption - Decryption is the process of transforming ciphertext (information unreadable to anyone without the key) into plaintext (information readable to anyone). This is completed by using the key along with the encryption algorithm in reverse. Encryption - The process of transforming readable data (plaintext) into a form that is unreadable (cipher text) by all except the authorized person(s) possessing the correct key to decrypt the data.

Guideline - A document in support of policies, standards, and procedures containing general advice on the secure and responsible use of resources. Adherence is not required or enforced, but is strongly recommended. ID or User ID - A unique identifier assigned to a user, account or non-person entity. Incident or IT Security Incident - A violation of the confidentiality, integrity, and/or availability of a company information resource. Disclosure, degradation, loss, and denial of data or the computing platform are the typical consequences of an incident. Incident Response – Processes and procedures used to scope, contain and remediate an IT Security Incident and comply with any applicable legal obligations. Log - A record of events that occur on a specific system. Penetration Test - The process of attempting to gain access to resources without knowledge of the software or access to the source code. The penetration test focuses on gaining access to critical assets or information. Policy - A document which includes a concise set of requirements, rules or criteria, which influence and determine decisions and actions intended to manage key risks, usually describing "what" the requirements are, "why" they are required, and by "whom" they are to be implemented. Procedure - A written set of steps to execute a policy through specific, prescribed actions; this is the "how" that a person or asset can be in compliance. Procedures are more detailed than a policy. They identify the method and state in a series of steps exactly how to accomplish an intended objective or requirement. Remediation – Restoration of a compromised asset or service to normal operating capacity following an incident. Risk – The probability of a threat exploiting a vulnerability, and the associated impact. Risk-Based Approach - The process for ensuring that important business decisions and behaviors remain within the overall risk appetite and acceptable risk tolerances. Standard - A mandatory action, explicit rules, requirements and/or configuration settings that are designed to support a policy area while ensuring acceptable levels of compliance. A standard will define accepted specifications for hardware, software, and/or behavior. Vulnerability – A weakness in a system that can be exploited by a threat. Vulnerability Assessment - A test of a software system with an emphasis on identifying areas of that system that are vulnerable to a computer attack.