Penn State University | Information Privacy and Security

home | general information | glossary and acronyms

Glossary and Acronyms

IPAS - Information Privacy and Security

PCI DSS - Payment Card Industry Data Security Standard

PAN - Primary Account Number

SOS - Penn State Security Operations and Services

FAQ - Frequently Asked Questions

View the entire PCI DSS Glossary

Glossary: Approved Standards | Audit Log | Cardholder data environment | Compromise | IDS/IPS | Monitoring | Network Security Scan | Sanitization | Strong Cryptography

-----------------------------------------------------------------------------------

Approved Standards: Approved standards are standardized algorithms (like in ISO and ANSI) and well-known commercially available standards (like Blowfish) that meet the intent of strong cryptography. Examples of approved standards are AES (128 bits and higher), TDES (two or three independent keys), RSA (1024 bits) and ElGamal (1024 bits) [back to top]

Audit Log: Chronological record of system activities. Provides a trail sufficient to permit reconstruction, review, and examination of sequence of environments and activities surrounding or leading to operation, procedure, or event in a transaction from inception to final results. Sometimes specifically referred to as security audit trail [back to top]

Cardholder data environment: Area of computer system network that possesses cardholder data or sensitive authentication data and those systems and segments that directly attach or support cardholder processing, storage, or transmission. Adequate network segmentation, which isolates systems that store, process, or transmit cardholder data from those that do not, may reduce the scope of the cardholder data environment and thus the scope of the PCI assessment. [back to top]

Compromise: In cryptography, the breaching of secrecy and/or security. A violation of the security of a system such that an unauthorized disclosure of sensitive information may have occurred. This includes the unauthorized disclosure, modification, substitution, or use of sensitive data (including plain text cryptographic keys and other keying material).[back to top]

IDS/IPS: Intrusion Detection System/ Intrusion Prevention System. Used to identify and alert on network or system intrusion attempts. Composed of sensors which generate security events; a console to monitor events and alerts and control the sensors; and a central engine that records events logged by the sensors in a database. Uses system of rules to generate alerts in response to security events detected. An IPS takes the additional step of blocking the attempted intrusion. [back to top]

Monitoring: Use of system that constantly oversees a computer network including for slow or failing systems and that notifies the user in case of outages or other alarms.[back to top]

Network Security Scan: Automated tool that remotely checks merchant or service provider systems for vulnerabilities. Non-intrusive test involves probing external-facing systems based on external-facing IP addresses and reporting on services available to external network (that is, services available to the Internet). Scans identify vulnerabilities in operating systems, services, and devices that could be used by hackers to target the company's private network. [back to top]

Sanitization: Process for deleting sensitive data from a file, device, or system; or for modifying data so that it is useless if accessed in an attack.[back to top]

Strong Cryptography: General term to indicate cryptography that is extremely resilient to cryptanalysis. That is, given the cryptographic method (algorithm or protocol), the cryptographic key or protected data is not exposed. The strength relies on the cryptographic key used. Effective size of the key should meet the minimum key size of comparable strengths recommendations. One reference for minimum comparable strength notion is NIST Special Publication 800-57, August, 2005 (http://csrc.nist.gov/publications/) or others that meet the following minimum comparable key bit security:

80 bits for secret key based systems (for example TDES)

1024 bits modulus for public key algorithms based on the factorization (for example, RSA)

1024 bits for the discrete logarithm (for example, Diffie-Hellman) with a minimum 160 bits size of a large subgroup (for example, DSA)

160 bits for elliptic curve cryptography (for example, ECDSA)

[back to top]


...home GENERAL INFORMATION IPAS Team Phases of IPAS Project Glossary and Acronyms Community Outreach Security Vignettes Tips on Using this Site	home \| general information \| glossary and acronyms Glossary and Acronyms IPAS - Information Privacy and Security PCI DSS - Payment Card Industry Data Security Standard PAN - Primary Account Number SOS - Penn State Security Operations and Services FAQ - Frequently Asked Questions View the entire PCI DSS Glossary Glossary: Approved Standards \| Audit Log \| Cardholder data environment \| Compromise \| IDS/IPS \| Monitoring \| Network Security Scan \| Sanitization \| Strong Cryptography ----------------------------------------------------------------------------------- Approved Standards: Approved standards are standardized algorithms (like in ISO and ANSI) and well-known commercially available standards (like Blowfish) that meet the intent of strong cryptography. Examples of approved standards are AES (128 bits and higher), TDES (two or three independent keys), RSA (1024 bits) and ElGamal (1024 bits) [back to top] Audit Log: Chronological record of system activities. Provides a trail sufficient to permit reconstruction, review, and examination of sequence of environments and activities surrounding or leading to operation, procedure, or event in a transaction from inception to final results. Sometimes specifically referred to as security audit trail [back to top] Cardholder data environment: Area of computer system network that possesses cardholder data or sensitive authentication data and those systems and segments that directly attach or support cardholder processing, storage, or transmission. Adequate network segmentation, which isolates systems that store, process, or transmit cardholder data from those that do not, may reduce the scope of the cardholder data environment and thus the scope of the PCI assessment. [back to top] Compromise: In cryptography, the breaching of secrecy and/or security. A violation of the security of a system such that an unauthorized disclosure of sensitive information may have occurred. This includes the unauthorized disclosure, modification, substitution, or use of sensitive data (including plain text cryptographic keys and other keying material).[back to top] IDS/IPS: Intrusion Detection System/ Intrusion Prevention System. Used to identify and alert on network or system intrusion attempts. Composed of sensors which generate security events; a console to monitor events and alerts and control the sensors; and a central engine that records events logged by the sensors in a database. Uses system of rules to generate alerts in response to security events detected. An IPS takes the additional step of blocking the attempted intrusion. [back to top] Monitoring: Use of system that constantly oversees a computer network including for slow or failing systems and that notifies the user in case of outages or other alarms.[back to top] Network Security Scan: Automated tool that remotely checks merchant or service provider systems for vulnerabilities. Non-intrusive test involves probing external-facing systems based on external-facing IP addresses and reporting on services available to external network (that is, services available to the Internet). Scans identify vulnerabilities in operating systems, services, and devices that could be used by hackers to target the company's private network. [back to top] Sanitization: Process for deleting sensitive data from a file, device, or system; or for modifying data so that it is useless if accessed in an attack.[back to top] Strong Cryptography: General term to indicate cryptography that is extremely resilient to cryptanalysis. That is, given the cryptographic method (algorithm or protocol), the cryptographic key or protected data is not exposed. The strength relies on the cryptographic key used. Effective size of the key should meet the minimum key size of comparable strengths recommendations. One reference for minimum comparable strength notion is NIST Special Publication 800-57, August, 2005 (http://csrc.nist.gov/publications/) or others that meet the following minimum comparable key bit security: 80 bits for secret key based systems (for example TDES) 1024 bits modulus for public key algorithms based on the factorization (for example, RSA) 1024 bits for the discrete logarithm (for example, Diffie-Hellman) with a minimum 160 bits size of a large subgroup (for example, DSA) 160 bits for elliptic curve cryptography (for example, ECDSA) [back to top]
Privacy and Legal Statements \| Copyright 2007 The Pennsylvania State University \| Contact Us