Users are assigned with specific roles and de-roles based on their job duties and responsibilities

User capabilities are revoked from roles and as such are revoked from users

Objects can be assigned to object groups based on secrecy levels of the objects

Object groups are organized according to the business functions of an organization

User ID

A unique symbol or character string used by a system to identify a specific user.

User interface

A combination of menus, screen design, keyboard commands, command language, and help screens that together create the way a user interacts with a computer. Hardware, such as a mouse or touch screen, is also included. Synonymous with graphical user interface (GUI).

User profile

Patterns of a user’s activity used to detect changes in normal routines.

Utility computing

Based on the concept of “pay and use” with regards to computing power in the form of computations, storage, and Web-based services, similar to public utilities (such as, gas, water, and electricity). Utility computing is provided through “on demand” computing and supports cloud computing, grid computing, and distributed computing (Wikipedia).

Utility program

(1) A computer program that supports the operation of a computer. Utility programs provide file management capabilities, such as sorting, copying, archiving, comparing, listing, and searching, as well as diagnostic routines that check the health of the computer system. It also includes compilers or software that translates a programming language into machine language. (2) A computer program or routine that performs general data and system-related functions required by other application software, the operating system, or users. Examples include copy, sort, or merge files. (3) It is a program that performs a specific task for an information system, such as managing a disk drive or printer.

V

Valid password

A personal password that authenticates the identity of an individual when presented to a password system or an access password that allows the requested access when presented to a password system.

Validation

(1) The performance of tests and evaluations in order to determine compliance with security specifications and requirements. (2) The process of evaluating a system or component (including software) during or at the end of the development process to determine whether it satisfies specified requirements. (3) The process of demonstrating that the system under consideration meets all respects the specification of that system.

Value-added network (VAN)

A network of computers owned or controlled by a single entity used for data transmission (e.g., EDI and EFT), electronic mail, information retrieval, and other functions by subscribers. EDI can be VAN-based or Web-based.

Variable minimization

A method of reducing the number of variables which a subject has access, not exceeding the minimum required, thereby reducing the risk of malicious or erroneous actions by that subject. This concept can be generalized to include data minimization.

Vendor governance

Requires a vendor to establish written policies, procedures, standards, and guidelines regarding how to deal with its customers or clients in a professional and business-like manner. It also requires establishing an oversight mechanism and implementing best practices in the industry. Customer (user) organizations should consider the following criteria when selecting potential hardware, software, consulting, or contracting vendors.

Experience in producing or delivering high quality security products and services on-time and all the time

A track-record in responding to security flaws in vendor products, project management skills, and cost and budget controls

Methods to handle software and hardware maintenance, end-user support, and maintenance agreements

The vendor’s long-term financial, operational, and strategic viability

Adherence to rules of engagement (ROE) during contractual agreements, procurement processes, and red team testing

Verification

(1) The process of comparing two levels of system specification for proper correspondence (e.g., security policy models with top-level specification, top-level specification with source code, or source code with object code). (2) The process of evaluating a system or component (including software) to determine whether the products of a given development process satisfy the requirements imposed at the start of that process. This process may or may not be automated. (3) The process of affirming that a claimed identity is correct by comparing the offered claims of identity with previously proven information stored in the identity card.

Verified name

A subscriber name that has been verified by identity proofing.

Verifier

(1) An entity that verifies the authenticity of a digital signature using the public key. (2) An entity that verifies the claimant’s identity by verifying the claimant’s possession of a token using an authentication protocol. To do this, the verifier may also need to validate credentials that link the token and identity and check their status. A verifier includes the functions necessary for engaging in authentication exchanges.

Verifier impersonation attack

A scenario where an attacker impersonates the verifier in an authentication protocol, usually to capture information (e.g., password) that can be used to masquerade as that claimant to the real verifier.

Version (configuration management)

It is a change to a baseline configuration item that modifies its functional capabilities. As functional capabilities are added to, modified within, or deleted from a baseline configuration item, its version identifier changes. Note that baselining is first and versioning is next.

Version (software)

A new release of commercial software reflecting major changes made in functions.

Version control

A mechanism that allows distinct versions of an object to be identified and associated with independent attributes in a well-defined manner.

Version scanning

The process of identifying the service application and application version in use.

Victim

A machine or a person that is attacked.

Virtual disk encryption

The process of encrypting a container, which can hold many files and folders, and permitting access to the data within the container only after proper authentication is provided. A container is a file encompassing and protecting other files.

Virtual local-area network (VLAN)

A network configuration in which frames are broadcast within the VLAN and routed between VLANs. VLANs separate the logical topology of the LANs from their physical topology.

Virtual machine (VM)

Software that allows a single host to run one or more guest operating systems.

Virtual network perimeter

A network that appears to be a single protected network behind firewalls, which actually encompasses encrypted virtual links over untrusted networks.

Virtual password

A password computed from a passphrase that meets the requirements of password storage.

Virtual private dial network (VPDN)

A virtual private network (VPN) tailored specifically for dial-up access.

Virtual private network (VPN)

(1) It is used for highly confidential data transmission. (2) It is an Internet Protocol (IP) connection between two sites over a public IP network so that only source and destination nodes can decrypt the traffic packets. (3) A means by which certain authorized individuals (such as remote employees) can gain secure access to an organization’s intranet by means of an extranet (a part of the internal network that is accessible via the Internet). (4) A tunnel that connects the teleworker’s computer to the organization’s network. (5) A virtual network, built on top of an existing physical network that provides a secure communications tunnel for data and other information transmitted between networks. (6) VPN is used to securely connect two networks or a network and a client system, over an insecure network such as the Internet. (7) A VPN typically employs encryption to secure the connection. (8) It is a protected information system link utilizing tunneling, security controls, and endpoint address translation giving the impression of a dedicated (leased) line. (9) A VPN is a logical network that is established, at the application layer of the open systems interconnection (OSI) model, over an existing physical network and typically does not include every node present on the physical network. Authorized users are granted access to the logical network. For example, there are a number of systems that enable one to create networks using the Internet as the medium for transporting data. These systems use encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.