| A | B |
|---|
| Trusted Computing Base | total of protective mechanisms on a computer |
| Internal Threats | issues within a trusting computer base |
| TCSEC | set of standards that assigns levels of security for operating systems and software |
| C2 | highest level assigned by tcsec to OS |
| CCITSE | globally accepted standards that replaced TCSEC |
| ITSEC | Equivalent to TCSEC |
| Principle of Least Privilege | giving users only those permissions necessary to do their job |
| NetBios | protocol used by older systems not used when connecting outside local network |
| integrity | information is only mondified or deleted by those authorized to do so |
| Availability | ensures information and equipment can only be used by authorized users |
| Confidentiality | information accessed only by those authorized |
| Certification | formalized evaluation iof security leads to this |
| Services | provide functions for authorized users |
| software dependencies | force installation of additional software to support service or application |
| attack surface | reduced by removing unneeded protocols and services |
| Security Configuration and Analysis snap-in | used to configure security on systems by building a security template |
| checksum | used to verify that file is valid |
| analysis tool | discovers changes from the inteded security configuration |
| methods of maintaing TCB | monitoring, enforcing procedures, secure design, regular updates |
| security baseline | security policy, procedural document, security template-standard foundational level of security across all systems |
| Acceptable Use Policy | outlines how users should use IT resources |
| Product Certification | needed for purchasing by U.S government |
