35+ YEARS OF FREEDOM OF INFORMATION ACTION
Cyber Glossary - W
Warm Site – An environmentally conditioned workspace that is partially equipped with information systems and telecommunications equipment to support relocated operations in the event of a significant disruption. SOURCE: SP 800-34) (NISTIR)
Backup site which typically contains the data links and preconfigured equipment necessary to rapidly start operations, but does not contain live data. Thus commencing operations at a warm site will (at a minimum) require the restoration of current data. (CNSSI-4009) (NISTIR)
Weakness - A shortcoming or imperfection in software code, design, architecture, or deployment that, under proper conditions, could become a vulnerability or contribute to the introduction of vulnerabilities. (Adapted from: ITU-T X.1520 CWE, FY 2013 CIO FISMA Reporting Metrics) (NICCS)
Related Term(s): vulnerability
Web Bug – A tiny image, invisible to a user, placed on Web pages in such a way to enable third parties to track use of Web servers and collect information about the user, including IP address, host name, browser type and version, operating system name and version, and cookies. (SP 800-28) (NISTIR)
Malicious code, invisible to a user, placed on Web sites in such a way that it allows third parties to track use of Web servers and collect information about the user, including IP address, host name, browser type and version, operating system name and version, and Web browser cookie. (CNSSI-4009) (NISTIR)
Web Content Filtering Software – A program that prevents access to undesirable Web sites, typically by comparing a requested Web site address to a list of known bad Web sites. (SP 800-69) (NISTIR)
Web Risk Assessment – Processes for ensuring Web sites are in compliance with applicable policies. (CNSSI-4009) (NISTIR)
White Team –
- The group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of their enterprise’s use of information systems. In an exercise, the White Team acts as the judges, enforces the rules of the exercise, observes the exercise, scores teams, resolves any problems that may arise, handles all requests for information or questions, and ensures that the competition runs fairly and does not cause operational problems for the defender's mission. The White Team helps to establish the rules of engagement, the metrics for assessing results and the procedures for providing operational security for the engagement. The White Team normally has responsibility for deriving lessons-learned, conducting the post engagement assessment, and promulgating results.
- Can also refer to a small group of people who have prior knowledge of unannounced Red Team activities. The White Team acts as observers during the Red Team activity and ensures the scope of testing does not exceed a predefined threshold. (CNSSI-4009) (NISTIR)
A group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of information systems. (Adapted from: CNSSI 4009) (NICCS)
Related Term(s): Blue Team, Red Team
Whitelist – A list of discrete entities, such as hosts or applications that are known to be benign and are approved for use within an organization and/or information system. (SP 800-128) (NISTIR)
A list of entities that are considered trustworthy and are granted access or privileges. (Adapted from: DHS personnel) NICCS)
Related Term(s): blacklist
Whole-of- Government - U.S. government agencies working across boundaries and through interagency cooperation to achieve shared goals and/or an integrated government response. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Whole-of-Nation - Concerted and cooperative efforts among partners across agencies and the private sector to facilitate ease of operation and/or reach common goals. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Wi-Fi Protected Access-2 (WPA2) – The approved Wi-Fi Alliance interoperable implementation of the IEEE 802.11i security standard. For federal government use, the implementation must use FIPS-approved encryption, such as AES. (CNSSI-4009) (NISTIR)
Wiki – Web applications or similar tools that allow identifiable users to add content (as in an Internet forum) and allow anyone to edit that content collectively. (CNSSI-4009) (NISTIR)
Wired Equivalent Privacy (WEP) – A security protocol, specified in the IEEE 802.11 standard, that is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. WEP is no longer considered a viable encryption mechanism due to known weaknesses. (SP 800-48) (NISTIR)
Wireless Access Point (WAP) – A device that acts as a conduit to connect wireless communication devices together to allow them to communicate and create a wireless network. (CNSSI-4009) (NISTIR)
Wireless Application Protocol – (WAP) A standard that defines the way in which Internet communications and other advanced services are provided on wireless mobile devices. (CNSSI-4009) (NISTIR)
Wireless Local Area Network – (WLAN) A group of wireless networking devices within a limited geographic area, such as an office building, that exchange data through radio communications.
The security of each WLAN is heavily dependent on how well each WLAN component—including client devices, APs, and wireless switches—is secured throughout the WLAN lifecycle, from initial WLAN design and deployment through ongoing maintenance and monitoring. (SP 800-153) (NISTIR)
Wireless Technology – Technology that permits the transfer of information between separated points without physical connection. Note: Currently wireless technologies use infrared, acoustic, radio frequency, and optical. (CNSSI-4009) (NISTIR)
Work Factor – Estimate of the effort or time needed by a potential perpetrator, with specified expertise and resources, to overcome a protective measure. (CNSSI-4009) (NISTIR)
Workcraft Identity – Synonymous with Tradecraft Identity. (CNSSI-4009) (NISTIR)
Worm – A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself. See Malicious Code. (CNSSI-4009) (NISTIR)
Write – Fundamental operation in an information system that results only in the flow of information from a subject to an object. See Access Type. (CNSSI-4009) (NISTIR)
Write Access – Permission to write to an object in an information system. (CNSSI-4009) (NISTIR)
Write-Blocker – A device that allows investigators to examine media while preventing data writes from occurring on the subject media. (SP 800-72) (NISTIR)