Access Point Clone (Evil Twin) Traffic Interception An attacker fools legitimate wireless clients into connecting to the

attacker's own network by placing an unauthorized access point with a stronger signal in close proximity to wireless clients. Users attempt to log in to the substitute servers and unknowingly give away passwords and similar sensitive data. Accountability Accounting is performed by logging of session statistics and usage information and is used for authorization control, making the users accountable for their actions. ADM Account Delivery Manager Administrative law Administrative law is body of law which has come into existence as a result of the discretionary powers that have been conferred by government legislation on government ministers, public authorities, local authorities and other bodies such as administrative tribunals with the purpose of giving effect to broadly defined policies. Administrative powers are found in such areas as city planning, public health regulation, environmental matters, welfare services, and the control of certain trades and professions. ADO Account Delivery Operations AST Account Support Team Authentication Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. Authorization Authorization is the process of giving someone permission to do or have something. AV Anti-Virus Availability Protection against disruption of service

BAM Business Account Manager BCP Business Continuity Planning BCRS Business Continuity Recovery Services BIA - Business Impact Analysis Business Impact Analysis includes an exploratory component to reveal any vulnerabilities, and a planning component to develop strategies for minimizing risk. The result of analysis is a business impact analysis report, which describes the potential risks specific to the organization studied. BISM The Business Information Security Manager (BISM) is responsible for protecting the application and information assets of the business unit or function through consistent application and awareness of Information Security policies and processes. Broadcast Monitoring If an access point is connected to a hub rather than a switch, any network traffic across that hub can be potentially broadcasted out over the wireless network. Because the Ethernet hub broadcasts all data packets to all connected devices including the wireless access point, an attacker can monitor sensitive data going over wireless not even intended for any wireless clients. Buffer Overflow A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity Case Manager An incident Case Manager is a member of CITSIRT or a Trade Customer equivalent that has ownership for coordination of the whole incident management process. CBT Computer Based Training

CDA Confidential Disclosure Agreement CEO Chief Executive Officer CIO Chief Information Officer CISO Definition needed CITSIRT CITSIRT (Corporate IT Security Incident Response Team) is a global team with responsibilities pertaining to receiving, responding to, addressing and managing IT security incidents that impact HP. The HP Information Security (learn@hp, course #14370) prerequisite course explains how to identify and report security incidents to the HP CITSIRT. Civil law Law of a state or nation outlining the rights of private citizens. COE Common Operating Environment - allows distribution and monitoring of common applications and patches to enable a secure and consistent computing environment within HP. Company Critical These are processes and applications that have the highest priority for prevention and recovery:

Corruption/Modification Loss of data integrity through accidental or deliberate change Countermeasures Business and access controls used to mitigate threats and vulnerabilities Criminal law Criminal law is an area of law which governs the criminal conduct of persons and the administration of penal justice upon those persons. Customer audit Customer Audits are initiated by the customer in accordance with contract or SLA provisions. Customer audit scope is based on the IT control requirements defined within the specific services HP provides to them. Customer audits must be facilitated by trained audit liaisons. Speak to your Security Officer for more details. Cyber Terrorism Terrorism that is directed at automated systems directly or that uses automated systems to disrupt other critical infrastructure systems that they support or control. Data Encryption Putting data into a secret code so it is unreadable except by authorized users. Data Owner The individual, department or customer that can authorize access to information, data, or software and that is responsible for the integrity and accuracy of that information, data, or software. Specifically, the data owner can be the author of the information, data, or software or can be the individual or department that has negotiated a license for the use of the information, data, or software. DCSS Data Center Support Services DECADE Dynamic Event Correlation And Delivery Engine Destruction An event that destroys data Disclosure The act or process of revealing data to unauthorized people

Require recovery or alternate processes within a few hours (typically <48) Interruption of these processes has a serious impact on HP's business reputation or financial Health

Confidentiality Protection against unauthorized disclosure or use of data Corporate governance Refers to methods, laws and policies that direct, control and administer important functions of a corporation. Typically, corporate governance is managed by the principal stakeholders in a corporation - mainly the shareholders, management and board of directors.

DMZ Demilitarized Zone DOS Attack A denial of service (DOS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect to have. These attacks can cost the target person or company a great deal of time and money. DRP Disaster Recovery Planning Due Diligence The fair, proper, and due degree of care and activity. It is a term that is expressed or implied in contracts, usually stating that good faith efforts are to be made to perform obligations. Prudent buyers conduct due diligence investigations to be sure contract obligations requiring good faith efforts have truly been acted upon. EAC Extranet Access Client Eavesdropping (Tapping) In its most basic form, it amounts to one person keeping within earshot of a conversation between two other persons. However, in the security and IT worlds, it extends to remote listening and recording devices, including the interception of telephone calls, fax transmissions, e-mails, data transmissions, data-scoping, and even radio scanning for mobile communications. EMEA Europe, Middle East and Africa Encryption Encryption is the conversion of data into a form, called a ciphertext, that cannot be easily understood by unauthorized people. Decryption is the process of converting encrypted data back into its original form, so it can be understood. Engarde MPE Security Monitoring Tool Entity Essential These are processes that are not critical to company survival and do not have global impact on customer confidence:

Recovery from interruptions to these processes or applications that support them is expected to occur within a range of 24 hours to 14 days Variance in recovery times is explained by how quickly customer confidence is impacted or the expected financial impact

EOC Emergency Operations Center ERT Emergency Response Team ESG Enterprise Systems Group ESL European System List ESM Enterprise Security Manager Espionage The act or practice of spying or of using spies to obtain secret information, as about another government or a business competitor. EtP Exception to Policy Firewall An electronic boundary that prevents unauthorized users from accessing resources on a network. A firewall filters all network packets to determine whether to forward them toward their destination. FTP File Transfer Protocol Footprinting The process of accumulating data regarding a specific network environment, usually for the purpose of finding ways to intrude into the environment. Footprinting can reveal system vulnerabilities and improve the ease with which they can be exploited.

GD Baseline SIM The Global Delivery Baseline Security Incident Management (GD Baseline SIM) defines a single methodology to identify, assess, manage and report on significant security incidents affecting Outsourcing Services Services or any Outsourcing Services customer. Hacker Individuals who gain unauthorized access to computer systems for the purpose of stealing and corrupting data. HID Software running on the host that detects and notifies as well as if configured to do so will prevent an intrusion on detection of such attempt. HP Confidential Generally speaking, HP Confidential is the label for any information that is to be restricted to some type of group, e.g., to everyone within a department, or a handful of departments. Information that is labeled HP Confidential must not be posted in plain sight, and this admonition applies to both the Intranet and the Internet; posted HP Confidential information must be password protected or otherwise kept in a way that cannot be readily accessed by people falling outside of the defined group. HP Private Generally speaking, HP Private is the label for any information meeting the definition of HP Private. HP General Managers or other functional owners of HP Private information have certain responsibilities for complying with information security for HP Private, and they may not delegate these responsibilities. That is, they are responsible for loss or mishandling by their personnel. HP Private information must be handled so as to ensure access only by a list of individuals maintained by the General Manager or other functional owner of the information, e.g., through secure communications and authentication in the case of electronically posted information. HP Restricted Generally speaking, HP Restricted is the label for any information intended for widespread distribution within HP, e.g., to everyone within the HP firewall or on any of HP sites. A good example of information receiving this label would be phone information for HP employees and most organization charts. HP-UX HP UNIX HP_Passfilt Password Quality Checker for NT

HPMS Hewlett Packard Managed Services HPMS Security policy Every worker must complete an information security awareness program within three months of the date when he or she began position with the Outsourcing Services delivery center or partners. HPS HP Services HTTP HyperText Transfer Protocol.The protocol most often used to transfer information from World Wide Web servers to browsers. HTTPS A variant of HTTP, HTTPS is a unique protocol that is simply SSL underneath HTTP. It is used for handling secure transactions. ICA Citrix ICA client. Citrix client is used to access Citrix servers. Identification The process of asserting a user's identity IDS Intrusion Detection System Information Security Countermeasures Program The Information Security Countermeasures Program conducts regular and targeted scanning for specified, critical information security vulnerabilities and/or compromised systems (currently focused on CodeRed and Nimda). It also delivers a customized payload to the impacted system, which results in the mitigation of the vulnerability and/or the remote shutdown or disabling of the impacted system. Information Security Escalation and Crisis Management Team The Information Security Escalation and Crisis Management Team prepares for and addresses those unique, information security-related incidents that are anticipated to cause significant impact or have caused enterprise-wide severe impact or interruption. Information Security Network Intrusion Detection and Response Team The Information Security Network Intrusion Detection and Response Team proactively monitors the HP-internet-facing infrastructure for signs of

network intrusions and other anomalous activities, traffic, etc. This involves ensuring that network intrusion detection sensor (IDS) alerts are properly addressed and assisting the Corporate IT Security Incident Response Team (CITSIRT) in addressing detected attacks in real time. This team also works in close cooperation with the Information Security Network Security Team. Information Security Vulnerability Detection Program The Information Security Vulnerability Detection Program is responsible for conducting regular, ongoing vulnerability scans/probes of the Internetfacing HP infrastructure to identify high-risk vulnerabilities. The vulnerability data is then provided to the Incident Response Team so that the vulnerabilities are addressed. The Vulnerability Detection Team also conducts "special request" scans of the internal HP infrastructure, rescans of vulnerable systems to assess remediation status, and assists in the management of exception requests related to vulnerability remediation. Information Security Threat Analysis and Response Team The HP Information Security Threat Analysis and Response Team proactively researches and monitors security-related information to identify information security threats that may impact HP. Threats are analyzed for their impact to HP and assigned a risk classification. Informational alerts and remediation requirements are developed and distributed to the appropriate parties throughout the company. The Trade Security Alert Team provide a similar service regarding impact to our Trade customers. Both provide subscription services to receive the alerts (details on resources page). Information Warfare The use of information or information technology during a time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries; "not everyone agrees that information warfare is limited to the realm of traditional warfare". Integrity Integrity, in terms of data and network security, is the assurance that information can only be accessed or modified by those authorized to do so. Internal Audit HP Corporate Internal Audit provides the Audit Committee, and Executive and Operational Managers with an independent evaluation of organizational risk. Their reviews help management to better manage business risk and promote ethical, effective and efficient business practices.

Interruption Loss of Data availability Investigations and Forensics Team The Investigations and Forensics Team addresses serious information security-related incidents which involve civil, criminal, administrative, disciplinary, brand and/or financial implications. The Investigations and Forensics Team has the ability to recover, decrypt, and analyze IT- related data and report, present, and represent such data in civil, criminal, and administrative proceedings. IPG Image and Printing Group ISM Information Security Manager IP Spoofing A technique used by hackers to access computer systems by modifying packet headers to make them appear to have originated from a trusted port. In addition, the practice of falsifying an e-mail header to make it appear as though it originated from a different address. ISO17799 International Standard for Information Security ISS Internet Security Systems Keylogger Keyloggers are hardware or software that record keystrokes. They represent a serious threat to the security of computer systems. HP Support functions could easily become a target for keylogging activities allowing hackers to get password information to key customer systems. KMS Knowledge Management System L0phtcrack TM Password Cracker for NT LAN Local Area Network

Logic Bomb In a computer program, a logic bomb, also called slag code, is programming code, inserted surreptitiously or intentionally, that is designed to execute (or "explode") under circumstances such as the lapse of a certain amount of time or the failure of a a program user to respond to a program command. It is in effect a delayed-action computer virus or Trojan horse. MAP The HPS Maturity Assessment Program is both a risk and quality management methodology that includes on-site inspections of customer accounts and delivery centres, with a view to supporting organization strategies for risk reduction, policy compliance and service delivery. Results of MAP reviews can help the business prioritise risk reduction initiatives, and drive process improvements. MAP results contribute to Balanced Scorecard measures, which in turn complements the Outsourcing Services commitment to ISO27001 compliance. Masquerading In terms of communications security issues, a masquerade is a type of attack where the attacker pretends to be an authorized user of a system in order to gain access to it or to gain greater privileges than they are authorized for. A masquerade may be attempted through the use of stolen logon IDs and passwords, through finding security gaps in programs, or through bypassing the authentication mechanism. Medusa Master Environment for Detection of UNIX System Anomalies - HP-UX Security Monitoring Tool MPE HP e3000 Operating System MSL Master System List NAI Net Access Internet NAT Network Address Translation NFS The abbreviation for Network File System, NFS is a protocol suite that allows different makes of computers running different operating systems to share files and disk storage. Use of NFS to export file systems may

expose your data to unwanted access and must be used with extreme caution. Non-privileged account An normal account that does not have elevated privileges (see privileged account) OMC Operations Management Center Password Cracker A password cracker is an application program that is used to identify an unknown or forgotten password to a computer or network resources. It can also be used to help a human cracker obtain unauthorized access to resources. PCCOE Personal Computer Common Operating Environment PCS Partner Connectivity Solutions Phishing The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. Port scanning Security Analysis used to discover what computer network services a remote system provides. Port scanning gives an assailant an idea where to probe for weaknesses. Privileged account An account with more powers than the ordinary user has on a system. Such an account may give elevated privileges to the operating system (e.g. root, administrator), or to an application or database (e.g. system for Oracle, sapsys for SAP). Privileged tool A privileged tool (e.g. Sudo, Powerbroker) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as a privileged user (e.g. root, administrator) or another user while logging the commands and arguments.

Privileged user A User who, by virtue of function, and/or seniority, has been allocated powers within the computer system, which are significantly greater than those available to the majority of users. Such persons will include, for example, the system administrator and network administrator who are responsible for keeping the system available and may need powers to create new user profiles as well as add to or amend the powers and access rights of existing users. PQC Password Quality Checker PSG Personal Systems Group PWPlus Password Quality Checker for UX QAP Quality Assessment Program RAP Risk Assessment Process RDP Remote Desktop Connection. The protocol is designed to provide remote display and input capabilities over network connections for Windows-based applications running on a server. RFP Request for Proposal RISM Regional Information Security Manager Router A device that finds the best path for a data packet to be sent from one network to another. Routers can filter data packets; restricting data types, sources and destinations. Routing The process of determining and prescribing the path or method to be used for establishing connections or forwarding data. RPC A protocol which allows a program running on one host to cause code to

be executed on another host without the programmer needing to explicitly code for this. RPO - Recovery Point Objective Describes the age of the data you want the ability to restore in the event of a disaster. For example, if your RPO is 6 hours, you want to be able to restore systems back to the state they were in, as of no longer than 6 hours ago. RTO - Recovery Time Objective The timeframe in which a company's systems are expected to be up and running following a disaster or outage. SAV Symantec Anti-Virus. SBC Standards of Business Conduct. Script Kiddie A person, normally someone who is not technologically sophisticated, who randomly seeks out a specific weakness over the Internet in order to gain privileged access to a system without really understanding what it is s/he is exploiting because the weakness was discovered by someone else. A script kiddie is not looking to target specific information or a specific company but rather uses knowledge of a vulnerability to scan the entire Internet for a victim that possesses that vulnerability. SDO Service Delivery Operations Security incidents A security incident is any occurrence in an information system that has an actual or potential adverse impact on the company's information or information systems, or the potential occurrence of such an event. Self Assessment Self-assessment enables Outsourcing Services to close the gap between security policy and security practice by thoroughly evaluating the actual state of IT controls across the organization. Assessments are performed using standard tools and checklists that focus on network, platform and application security, as well as delivery processes. The intent of the selfassessments is twofold: to better understand where risks exist and to proactively manage them, and to support superior customer satisfaction. Speak to your Security Officer for more details.

SFTP A secure version of the File Transfer Protocol (FTP) SLA Service Level Agreement SMB Server Message Block; a protocol for sharing files, printers, serial ports, and communications abstractions such as named pipes and mail slots between computers. SMTP Simple Mail Transfer Protocol; a server-to-server protocol for delivering electronic mail. Sniffer In common industry usage, a sniffer (with lower case "s") is a program that monitors and analyzes network traffic, detecting bottlenecks and problems. Using this information, a network manager can keep traffic flowing efficiently. A sniffer can also be used legitimately or illegitimately to capture data being transmitted on a network. SO Security Officer Social Engineering In computer security, social engineering is a term that describes a nontechnical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures. SPAM Electronic junk mail or junk newsgroup postings. Some people define spam even more generally as any unsolicited e-mail. However, if a long-lost brother finds your e-mail address and sends you a message, this could hardly be called spam, even though it's unsolicited. Real spam is generally e-mail advertising for some product sent to a mailing list or newsgroup. Spoofing 1) To deceive for the purpose of gaining access to someone else's resources (for example, to fake an Internet address so that one looks like a certain kind of Internet user). 2) To simulate a communications protocol by a program that is interjected into a normal sequence of processes for the purpose of adding some useful function.

Spyware The term Spyware has been used in two ways. In its narrow sense, Spyware is a term for Tracking Software deployed without adequate notice, consent, or control for the user. In its broader sense, Spyware is used as a synonym for what the ASC calls "Spyware and Other Potentially Unwanted Technologies." In technical settings, we use the term Spyware only in its narrower sense. However, we understand that it is impossible to avoid the broader connotations of the term in colloquial or popular usage, and we do not attempt to do so. For example, we refer to the group as the Anti-Spyware Coalition and vendors as makers of anti-spyware software, even recognizing that their scope of concern extends beyond tracking software. SSH Secure Shell SSH-Relay A controlled jump point from the HP network to the OMC LAN, that allows only authorized encrypted network traffic to pass from one to the other. SSL Secure Sockets Layer SVC Software Version Checker Supply/value chain Supply Chain focuses on product movement throughout each segment of the business chain and does not address product sales, revenues or profits. The supply chain itself represents a network of autonomous or semi-autonomous business entities collectively responsible for procurement, manufacturing, and distribution activities associated with one or more families of related products. On the other hand, Value Chain is the value along each segment of the supply chain. The Value Chain enhances the Supply Chain by providing businesses with a clear path to profitability. TACACS+ Protocol which allows a network access server (NAS) to offload the user administration to a central server. Theft/Removal Loss of data confidentiality or availability due to theft or removal. Third Party Assurance A WW program team manages the performance of HP-funded, generic (not client-specific) 3rd party assurance. The most common type is a SAS 70 --

audit based on a US standard which was developed to provide an independent opinion on the existence and effectiveness of controls at a service organization. Equivalent standards: Section 5970s (Canada) and AGS 1042 (Australia). All 3rd party assurance can help reduce volume of client audits and can be leveraged by our clients in their Sarbanes-Oxley activities. Threat Any circumstance or event with a potential to cause harm in the form of destruction, disclosure, modification of an information asset or denial of service. TNS Termination Notification Service Trojan Horse In computers, a Trojan horse is a program in which malicious or harmful code is contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage. Two-Factor Authentication Two-factor authentication consists of something you know, such as a password, PLUS something you have such as a smart card, digital certificate or a fingerprint. See Authentication User A user is anyone who accesses systems managed by Outsourcing Services. USO User Support Organization UXCOE Definition needed Value The actual or perceived dollar value of the information asset. Vandalism The willful or malicious destruction, injury, disfigurement, or defacement of any public or private property, real or personal, without consent of the owner or person having control. Virus A virus is a piece of programming code usually disguised as something else that causes some unexpected and usually undesirable event. A virus

is often designed so that it is automatically spread to other computer users. VPN Virtual Private Network Vulnerability A weakness in procedures, controls, etc., that could be exploited intentionally or inadvertently to gain unauthorized access to information assets. War Dialing The act of using a war dialer: A war dialer is a computer program used to identify the phone numbers that can successfully make a connection with a computer modem. The program automatically dials a defined range of phone numbers and logs and enters in a database those numbers that successfully connect to the modem. Some programs can also identify the particular operating system running in the computer and may also conduct automated penetration testing. In such cases, the war dialer runs through a predetermined list of common user names and passwords in an attempt to gain access to the system. WEP Wired Equivalent Privacy. A security protocol for wireless local area networks (WLANs) defined in the 802.11b standard. WEP aims to provide security by encrypting data over radio waves so that it is protected as it is transmitted from one end point to another. WLAN Wireless Local Area Network Worm A worm is a self-replicating virus that does not alter files but resides in active memory and duplicates itself. Worms use parts of an operating system that are automatic and usually invisible to the user. It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks. Wireless Packet Analysis A skilled attacker captures wireless traffic using techniques similar to those employed on wired networks. Many of these tools capture the first part of the connection session, where the data would typically include the username and password. An intruder can then masquerade as a legitimate user by using this captured information to hijack the user session and issue unauthorized commands.