Cyber Glossary - L
Label – See Security Label. Labeled Security Protections – Access control protection features of a system that use security labels to make access control decisions.
Laboratory Attack – Use of sophisticated signal recovery equipment in a laboratory environment to recover information from data storage media. (SP 800-88; CNSSI-4009) (NISTIR)
Least Privilege – The security objective of granting users only those accesses they need to perform their official duties. (SP 800-12) (NISTIR)
Least Trust – The principal that a security architecture should be designed in a way that minimizes: 1) the number of components that require trust, and 2) the extent to which each component is trusted. (CNSSI-4009) (NISTIR)
Legal Advice and Advocacy - In the NICE Workforce Framework, cybersecurity work where a person: Provides legally sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain; advocates legal and policy changes and makes a case on behalf of client via a wide range of written and oral work products, including legal briefs and proceedings. (From: NICE Workforce Framework) (NICCS)
Level of Concern – Rating assigned to an information system indicating the extent to which protection measures, techniques, and procedures must be applied. High, Medium, and Basic are identified levels of concern. A separate Level-of-Concern is assigned to each information system for confidentiality, integrity, and availability. (CNSSI-4009) (NISTIR)
Level of Protection – Extent to which protective measures, techniques, and procedures must be applied to information systems and networks based on risk, threat, vulnerability, system interconnectivity considerations, and information assurance needs. Levels of protection are:
- Basic: information systems and networks requiring implementation of standard minimum security countermeasures.
- Medium: information systems and networks requiring layering of additional safeguards above the standard minimum security countermeasures.
- High: information systems and networks requiring the most stringent protection and rigorous security countermeasures. (CNSSI-4009) (NISTIR)
Likelihood of Occurrence – In Information Assurance risk analysis, a weighted factor based on a subjective analysis of the probability that a given threat is capable of exploiting a given vulnerability. (CNSSI-4009) v
Limited Maintenance – COMSEC maintenance restricted to fault isolation, removal, and replacement of plug-in assemblies. Soldering or unsoldering usually is prohibited in limited maintenance. See Full Maintenance. (CNSSI-4009) (NISTIR)
Line Conditioning – Elimination of unintentional signals or noise induced or conducted on a telecommunications or information system signal, power, control, indicator, or other external interface line. (CNSSI-4009) (NISTIR)
Line Conduction – Unintentional signals or noise induced or conducted on a telecommunications or information system signal, power, control, indicator, or other external interface line. SOURCE: CNSSI-4009
Line of Business – The following OMB-defined process areas common to virtually all federal agencies: Case Management, Financial Management, Grants Management, Human Resources Management, Federal Health Architecture, Information Systems Security, Budget Formulation and Execution, Geospatial, and IT Infrastructure. (SP 800-53) (NISTIR)
“Lines of business” or “areas of operation” describe the purpose of government in functional terms or describe the support functions that the government must conduct in order to effectively deliver services to citizens. Lines of business relating to the purpose of government and the mechanisms the government uses to achieve its purposes tend to be mission-based.
Lines of business relating to support functions and resource management functions that are necessary to conduct government operations tend to be common to most agencies. The recommended information types provided in NIST SP 800-60 are established from the “business areas” and “lines of business” from OMB’s Business Reference Model (BRM) section of Federal Enterprise Architecture (FEA) Consolidated Reference Model Document Version 2.3 (SP 800-60) (NISTIR)
Link Encryption – Link encryption encrypts all of the data along a communications path (e.g., a satellite link, telephone circuit, or T1 line). Since link encryption also encrypts routing data, communications nodes need to decrypt the data to continue routing. SOURCE: SP 800-12 Encryption of information between nodes of a communications system. (CNSSI-4009) (NISTIR)
List-Oriented – Information system protection in which each protected object has a list of all subjects authorized to access it. (CNSSI-4009) (NISTIR)
Local Access – Access to an organizational information system by a user (or process acting on behalf of a user) communicating through a direct connection without the use of a network. (SP 800-53; CNSSI-4009) (NISTIR)
Local Authority – Organization responsible for generating and signing user certificates in a PKI-enabled environment. (CNSSI-4009) (NISTIR)
Local Management Device/Key Processor (LMD/KP) – EKMS platform providing automated management of COMSEC material and generating key for designated users. (CNSSI-4009) (NISTIR)
Local Registration Authority – (LRA) A Registration Authority with responsibility for a local community. (SP 800-32) (NISTIR)
A Registration Authority with responsibility for a local community in a PKI-enabled environment. (CNSSI-4009) (NISTIR)
Logic Bomb – A piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. (CNSSI-4009) (NISTIR)
Logical Completeness Measure – Means for assessing the effectiveness and degree to which a set of security and access control mechanisms meets security specifications. SOURCE: CNSSI-4009
Logical Perimeter – A conceptual perimeter that extends to all intended users of the system, both directly and indirectly connected, who receive output from the system without a reliable human review by an appropriate authority. The location of such a review is commonly referred to as an “air gap.” (CNSSI-4009) (NISTIR)
London Process – measures resulting from the 2011 London Conference on Cyberspace. (UK 2016)
Long Title – Descriptive title of a COMSEC item. (CNSSI-4009) (NISTIR)
Low Impact – The loss of confidentiality, integrity, or availability that could be expected to have a limited adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the United States; (i.e.,
- causes a degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is noticeably reduced;
- results in minor damage to organizational assets;
- results in minor financial loss; or
- results in minor harm to individuals). (CNSSI-4009) (NISTIR)
Low-Impact System – An information system in which all three security objectives (i.e., confidentiality, integrity, and availability) are assigned a FIPS 199 potential impact value of low. SOURCE: SP 800-37; SP 800-53; SP 800-60; FIPS 200 An information system in which all three security properties (i.e., confidentiality, integrity, and availability) are assigned a potential impact value of low. (CNSSI-4009) (NISTIR)
Low Probability of Detection – Result of measures used to hide or disguise intentional electromagnetic transmissions. (CNSSI-4009) (NISTIR)
Low Probability of Intercept – Result of measures to prevent the intercept of intentional electromagnetic transmissions. The objective is to minimize an adversary’s capability of receiving, processing, or replaying an electronic signal. (CNSSI-4009) (NISTIR)