UnderGround Information










UnderGround Information




                          NCSL BULLETIN
                         SEPTEMBER, 1990


          BIBLIOGRAPHY OF COMPUTER SECURITY GLOSSARIES

Many computer security glossaries and dictionaries have been
published since 1976, when NIST issued Federal Information
Processing Standards Publication (FIPS PUB) 39, "Glossary for
Computer Systems Security."  Recognizing the need to update FIPS
PUB 39 and taking advantage of the variety of good glossaries
that are now available from federal government agencies,
industry, standards-making bodies, and other organizations within
the computer security community, NIST has compiled a bibliography
of selected material instead of developing another glossary.  

This compilation includes work developed by the Department of
Defense (DoD), the American National Standards Institute (ANSI)
Accredited Standards Committee X3K5, and private sector
organizations.  The bibliography includes glossaries that cover a
broad spectrum of computer security terminology and concepts. 
The terms defined reflect those commonly used, as well as current
specialized terminology and acronyms.  Some are amplified by
illustrations. 

The bibliography will assist the security practitioner in
becoming familiar with a variety of glossaries, many of which
point to other reference sources.  The bibliography is arranged
in alphabetical order by title, indicating the author or work of
an organization and a brief narrative by which the reader may
select the most appropriate glossary.  



"Computer Security Terms, Abbreviations, and Acronyms" 

     AFSSM 5000, Department of the Air Force, Air Force Systems
     Security Memoranda, July 31, 1989 (Draft).  This glossary
     will be released in 1991.

     This 84-page glossary was developed for the U.S. Air Force.
     Many of its terms and definitions are consistent with those
     in use in other defense and civilian federal government
     agencies.



"Data & Computer Security - Dictionary of Standards Concepts and
Terms" 

     Dennis Longley and Michael Shain, Macmillan Publishers Ltd.,
     1987.  Order copies from CRC Press, Inc., 2000 Corporate
     Blvd., N.W., Boca Raton, FL  33431.

     This document contains 376 pages and approximately 4,000
     terms.  The dictionary provides in-depth definitions and
     descriptions of computer security terms and concepts. 
     Extensive cross-referencing of terms allows users to compare
     or contrast terms and definitions.  The many illustrations,
     models, and diagrams further assist users in understanding
     more complex computer security concepts.  The dictionary
     provides multiple definitions for most of its terms.



"Datapro Reports on Information Security"

     McGraw-Hill, Datapro Research, October 1989.  Send
     subscription requests to McGraw-Hill, Datapro Research,
     Delran, NJ  08075.

     This glossary contains over 1,000 terms and definitions.
     Although developed by a private sector organization, the
     publication contains many terms and definitions that are
     consistent with those used throughout federal government
     agencies.



"Glossary of Computer Security Terminology" 

     National Telecommunications and Information Systems Security
     Committee (NTISSC), September 11, 1987.  When the draft is
     finalized, the document will be available through the
     Superintendent of Documents, U.S. Government Printing
     Office, Washington, DC  20402.

     This 125-page draft glossary is composed largely of terms
     and definitions taken from official documents of U.S.
     government departments and agencies, although some
     definitions have been provided by private sector
     organizations.  The glossary contains multiple definitions
     for most of its terms.



"Glossary of Computer Security Terminology" 

     Douglass L. Mansur (work performed under the auspices of the
     U.S. Department of Energy by the Lawrence Livermore National
     Laboratory under Contract No. W-7405-Eng-48) and Maj. Mary
     C. Curtis, U.S. Air Force, HQ/SCTT.  Requests for copies
     should be sent to Douglass L. Mansur, Lawrence Livermore
     National Laboratory, L-303, P.O. Box 808, Livermore, CA 
     94550.

     This glossary contains approximately 750 computer security
     terms.  Its definitions are taken from official documents of
     departments and agencies of the U.S. government as well as
     private sector organizations.  The glossary contains
     multiple definitions for most of its terms.

 

"Glossary of Computer Security Terms" 

     NCSC-TG-004, Version-1, October 21, 1988, National Computer
     Security Center (NCSC).  Copies may be ordered from the
     Superintendent of Documents, Congressional Sales Office,
     U.S. Government Printing Office, Washington, DC  20402.

     This glossary contains approximately 300 terms and
     definitions and is issued by the National Computer Security
     Center.  It is intended for use by U.S. government agencies
     or contractors that apply the criteria of DoD Directive
     5200.28-STD, "DoD Trusted Computer System Evaluation
     Criteria" in the use of their computer systems.



"Supplement A:  Computer Security - Results of 179th Meeting,
March 16, 1990" 

     ANSI Accredited Standards Committee X3K5, Computer Security
     Supplement (Draft) to the American National Standard
     Dictionary for Information Systems.

     This document, currently in draft, contains brief
     definitions of approximately 250 computer security terms. 
     The ANSI Accredited Standards Committee X3K5 has yet to
     decide if the document will be published separately or will
     be included in the "American National Dictionary for
     Information Processing Systems."



"Tutorial - Computer and Network Security"

     Marshall D. Abrams and Harold J. Podell, IEEE Computer
     Society Order Number 756, Library of Congress Number 86-
     46217, IEEE Catalog Number EH0255-0, ISBN 0-8186-0756-4,
     published by IEEE Computer Society Press.  Copies can be
     ordered from the IEEE Computer Society, P.O. Box 80452,
     Worldway Postal Center, Los Angeles, CA  90080.

     This brief glossary is in the form of an index to a tutorial
     and provides definitions for approximately 250 network and
     computer security terms.  The glossary addresses civil
     government, military (unclassified but sensitive), and
     private sector use of computer security terminology.  The
     glossary contains multiple definitions for some of its
     terms.