35+ YEARS OF FREEDOM OF INFORMATION ACTION
Cyber Glossary - V
VA – See Vulnerability Assessment
Valid Data Element – A payload, an associated data string, or a nonce that satisfies the restrictions of the formatting function. (SP 800-38C) (NISTIR)
Validation – The process of demonstrating that the system under consideration meets in all respects the specification of that system. SOURCE: FIPS 201 Confirmation (through the provision of strong, sound, objective evidence) that requirements for a specific intended use or application have been fulfilled (e.g., a trustworthy credential has been presented, or data or information has been formatted in accordance with a defined set of rules, or a specific process has demonstrated that an entity under consideration meets, in all respects, its defined attributes or requirements). (CNSSI-4009) (NISTIR)
Variant – One of two or more code symbols having the same plain text equivalent. (CNSSI-4009) (NISTIR)
Verification – Confirmation, through the provision of objective evidence, that specified requirements have been fulfilled (e.g., an entity’s requirements have been correctly defined, or an entity’s attributes have been correctly presented; or a procedure or function performs as intended and leads to the expected outcome). (CNSSI-4009 See Also Identity Verification.) (NISTIR)
Verified Name – A Subscriber name that has been verified by identity proofing. (NISTIR)
Verifier – An entity that verifies the Claimant’s identity by verifying the Claimant’s possession and control of a token using an authentication protocol. To do this, the Verifier may also need to validate credentials that link the token and identity and check their status. (SP 800-63) (NISTIR)
An entity which is or represents the entity requiring an authenticated identity. A verifier includes the functions necessary for engaging in authentication exchanges. (FIPS 196) (NISTIR)
Verifier Impersonation Attack – A scenario where the Attacker impersonates the Verifier in an authentication protocol, usually to capture information that can be used to masquerade as a Claimant to the real Verifier. (SP 800-63) (NISTIR)
Virtual Machine (VM) – Software that allows a single host to run one or more guest operating systems. (SP 800-115) (NISTIR)
Virtual Private Network (VPN) – A virtual network, built on top of existing physical networks, that provides a secure communications tunnel for data and other information transmitted between networks. (SP 800-46)
Protected information system link utilizing tunneling, security controls (see Information Assurance), and endpoint address translation giving the impression of a dedicated line (CNSSI-4009) (NISTIR)
Virus - A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer. (Adapted from: CNSSI 4009) (NICCS)
Related Term(s): macro virus
Virus – A computer program that can copy itself and infect a computer without permission or knowledge of the user. A virus might corrupt or delete data on a computer, use email programs to spread itself to other computers, or even erase everything on a hard disk. (CNSSI-4009) (NISTIR)
Virus – viruses are malicious computer programs that can spread to other les. (UK 2016)
Vishing – vishing or ‘voice phishing’ is the use of voice technology (landline phones, mobile phones, voice email, etc) to trick individuals into revealing sensitive financial or personal information to unauthorised entities, usually to facilitate fraud. (UK 2016)
Voter-verifiable Paper Audit Trail (VVPAT) - Hardware, added to an existing DRE voting machine, that provides a physical record of a voter’s electronic selection. See also - direct recording electronic voting machine. SOURCE: Cyberspace Solarium Commission Final Report, 2020
VPN – See Virtual Private Network
Vulnerability – A weakness in a system, application, or network that is subject to exploitation or misuse. SOURCE: SP 800-61
Extended Definition: Characteristic of location or security posture or of design, security procedures, internal controls, or the implementation of any of these that permit a threat or hazard to occur. Vulnerability (expressing degree of vulnerability): qualitative or quantitative expression of the level of susceptibility to harm when a threat or hazard is realized. (Adapted from: DHS Risk Lexicon, CNSSI 4009, NIST SP 800-53 Rev 4) NICCS)
Bugs in software programs that have the potential to be exploited by attackers. (UK 2016)
Vulnerability Analysis – See Vulnerability Assessment. (NISTIR)
Vulnerability Assessment – Formal description and evaluation of the vulnerabilities in an information system. (SP 800-53; SP 800-37)
Systematic examination of an information system or product to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures, and confirm the adequacy of such measures after implementation. (SP 800-53A; CNSSI-4009) (NISTIR)
Vulnerability Assessment and Management - In the NICE Workforce Framework, cybersecurity work where a person: Conducts assessments of threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations. (From: NICE Workforce Framework) (NICCS)