If you have any suggestions for additions to the glossary, please submit your suggestions below.
Things, either tangible or not, that an attacker is likely to want to obtain
This is a representation of the amount of exposure that a system has. For example, if a system is on the Internet it has a larger attack surface then a system that is internal. This is because more entities have access to the system on the Internet than do internally.
This represents the combination of the method and access point that an attacker could use to attack the system.
Entity who desires access to system resources or wishes to perform actions on a system that they are not authorized to do
The process of accumulating records of activities on a system. This typically includes the act of monitoring and responding to these activities. Auditing is never performed in real time and is considered a detective control.
The process of asserting an identity
The process of ensuring that an entity that has asserted its identity has the right to access the resource in question
This represents a systems ability to be online and ready to accept requests