IEC TS 62351-2 pdf download Power systems management and associated information exchange – Data and communications security – Part 2: Glossary of terms
2.2 Glossary of security and related communication terms
2.2.1 Abstract Communication Service Interface (ACSI) A virtual interface to an IED providing abstract communication services, e.g. connection, variable access, unsolicited data transfer, device control and file transfer services, independent of the actual communication stack and profiles used. [IEC 61 850 series]
2.2.2 Access The ability and means to communicate with or otherwise interact with a system in order to use system resources to either handle information or gain knowledge of the information the system contains. [RFC 2828]
2.2.3 Access Authority An entity responsible for monitoring and granting access privileges for other authorized entities. [RFC 2828]
2.2.4 Access Control
1 . Prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner. [ISO/IEC 1 8028-2:2006]
2. Protection of resources against unauthorized access; a process by which use of resources is regulated according to a security policy and is permitted by only authorized system entities according to that policy. [RFC 2828]
3. Rules and deployment mechanisms which control access to information systems, and physical access to premises. The entire subject of Information Security is based upon Access Control, without which Information Security cannot, by definition, exist. [ISO/IEC 27002:2005]
2.2.5 Access Control List (ACL) A mechanism that implements access control for a system resource by enumerating the identities of the system entities that are permitted to access the resources. [RFC 2828]
2.2.6 Accountability 1 . The property that ensures that the actions of an entity may be traced uniquely to the entity. [ISO/IEC 7498-2] 2. The property of a system (including all of its system resources) that ensures that the actions of a system entity may be traced uniquely to that entity, which can be held responsible for its actions. [RFC 2828] 2.2.7 Adequate Security Security commensurate with the risk and the magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information. This includes assuring that information systems and applications used by the organization operate effectively and provide appropriate confidentiality, integrity, and availability, through the use of cost-effective management, operational, and technical controls. [NIST SP 800-53]
2.2.8 Advanced Encryption Standard (AES)
1 . A symmetric encryption mechanism providing variable key length and allowing an efficient implementation specified as Federal Information Processing Standard (FIPS) 1 97. [ISO/IEC 1 8028-4:2005]
2. The Advanced Encryption Standard specifies a U.S. Government-approved cryptographic algorithm that can be used to protect electronic data. The AES algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt (decipher) information. [NIST SP 800-46]
3. This standard specifies the Rijndael algorithm, a symmetric block cipher that can process data blocks of 1 28 bits, using cipher keys with lengths of 1 28, 1 92, and 256 bits. [FIPS 1 ]
www.freestandardsintroduction.com