Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
73 Glossary ActorâAn individual or group that can manifest a threat. AttributionâInformation on an actor, primarily to specify their identity, location, motives, and level of sophistication. CountermeasureâAn action, device, procedure, or technique that reduces a threat, vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken. CyberattackâA deliberate attempt to violate the security of a digital system. A successful attack is one that achieves its goal, typically causing harm to information, systems, or infrastructure or disrupting operations that rely on these resources. CybersecurityâMeans and methods that protect data and systems from unauthorized access, inappropriate modification, or unintentional loss. Defense in DepthâThe implementation of multiple layers of countermeasures as a means of providing additional protection should one layer fail. Industrial Control SystemsâInformation systems used to control industrial processes such as manufacturing, product handling, production, and distribution. ICS include SCADA systems used to control geographically dispersed assets as well as distributed control systems and smaller control systems using programmable logic controllers to control localized processes (Joint Task Force Transformation Initiative 2012). Insider Threat (malicious)âA current or former employee, contractor, or other business partner who has or had authorized access to an organizationâs network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integ- rity, or availability of the organizationâs information or information systems (Carnegie Mellon University 2014). MotiveâSomething that causes a person to act (Merriam-Webster 2014). TargetâThe data or system to which an actor wishes to gain access. ThreatâAny circumstance or event with the potential to adversely impact organizational opera- tions (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service (Committee on National Security Systems 2010). VectorâThe channel or conduit by which an attack is carried out, including email, malware, physical access, and other means. Glossary, Abbreviations, Acronyms, and Symbols
74 Guidebook on Best Practices for Airport Cybersecurity VulnerabilityâA weakness that exposes data and/or systems to threat. Vulnerability is intro- duced by the lack of countermeasures to adequately protect an asset (Committee on National Security Systems 2010). WormâA type of infectious software that replicates itself in order to spread to other computers. It is typically propagated by replicating itself using computer networks and exploiting vulner- able systems. Unlike viruses or other types of malware, worms do not need to attach themselves to an existing code base, and they may potentially damage both network devices and computer systems. The most important protection against worms is user awareness which is enhanced by antivirus software deployment. Removing a worm is a tedious process that starts with a com- prehensive outbreak analysis that will lead to isolating infected systems and then applying the latest system recovery process. Abbreviations and Acronyms ACI-NA Airports Council InternationalâNorth America ACRP Airport Cooperative Research Program AES Advanced Encryption Standard AFDX Avionics Full Duplex Switched Ethernet A-ISAC Aviation Information Sharing and Analysis Center AVI Automatic Vehicle Identification BCS Building Control Systems BIDS Baggage Information Display Systems BIT Business Information Technology Committee BYOD Bring Your Own Device CARMA Cybersecurity Assessment and Risk Management Approach CCTV Closed Circuit Television CDE Cardholder Data Environment CIA Central Intelligence Agency CIO Chief Information Officer CIP Critical Infrastructure Protection CISO Chief Information Security Officer COOP Continuity of Operations COTS Commercial off the Shelf CRUD Create, Retrieve, Update, and Delete CSET Cyber Security Evaluation Tool CUPPS Common Use Passenger Processing Systems CUSS Common Use Self-Service CUTE Common Use Terminal Equipment DCS Distributed Control Systems DDoS Distributed Denial of Service DHS Department of Homeland Security DMZ Demilitarized Zone EFB Electronic Flight Bag ERAU Embry-Riddle Aeronautical University FBI Federal Bureau of Investigation FIDS Flight Information Display Systems FISMA Federal Information Security Management Act FTE Full-Time Equivalent GPS Global Positioning System HIPAA Health Insurance Portability and Accountability Act HUMS Engine Health and Usage Monitoring Systems
Glossary, Abbreviations, Acronyms, and Symbols 75 ICS Industrial Control Systems IDS Intrusion Detection Systems IEC International Electrotechnical Commission IPS Intrusion Prevention Systems ISAC Information Sharing and Analysis Center ISO International Organization for Standardization IT Information Technology KSAs Knowledge, Skills, and Abilities LAN Local Area Network MDM Mobile Device Management MS-ISAC Multi-State Information Sharing and Analysis Center NACS Network Access Control System NCIC National Crime Information Center NERC North American Electric Reliability Corporation NICE National Initiative for Cybersecurity Education NIST National Institute of Standards and Technology NSA National Security Agency OMB Office of Management and Budget PAC Programmable Automation Controller PARCS Parking Access and Revenue Control Systems PCI Payment Card Industry PCI DSS Payment Card Industry Data Security Standards PII Personally Identifiable Information PLC Programmable Logic Controller POS Point of Sale PSK Pre-shared Key SCADA Supervisory Control and Data Acquisition SDLC Software Development Life Cycle SIEM Security Information and Event Management SLA Service Level Agreement SMS Short Message Service SQL Structured Query Language SSI Sensitive Security Information SSL Secure Sockets Layer TRB Transportation Research Board URL Uniform Resource Locator USB Universal Serial Bus VPN Virtual Private Network WAN Wide Area Network WEP Wired Equivalent Privacy WIPS Wireless Intrusion Prevention System WPA-2 Wi-Fi Protected Access Symbols The following symbols have been used in this document: Threat Countermeasure Resource Target Multimedia