Most significant bit(s)
The left-most bit(s) of a bit string.
Motion picture experts group (MPEG)
The MPEG is a multimedia standard used to compress videos consisting of images and sound. MPEG-1 is used for storing movies on CD-ROM while MPEG-2 is used to support higher resolution HDTVs. MPEG-2 is a superset of MPEG-1.
Multi-exit discriminator (MED)
A Border Gateway Protocol (BGP) attribute used on external links to indicate preferred entry or exit points (among many) for an autonomous system (AS). An AS is one or more routers working under a single administration operating the same routing policy.
Multi-drop
Network stations connected to a multipoint channel at one location.
Multifactor authentication
Authentication using two or more factors to achieve the authentication goal. Factors include (2) something you know (e.g., password/PIN), (2) something you have (e.g., cryptographic identification device or token), or (3) something you are (e.g., biometric).
Multi-hop problem
The security risks resulting from a mobile software agent visiting several platforms.
Multilevel secure
A class of system containing information with different sensitivities that simultaneously permits access by users with different security clearances and needs-to-know but prevents users from obtaining access to information for which they lack authorization.
Multilevel security mode
A mode of operation that allows two or more classification levels of information to be processed simultaneously within the same system when not all users have a clearance or formal access approval for all data handled by a computer system.
Multimedia messaging service (MMS)
An accepted standard for messaging that lets users send and receive messages formatted with text, graphics, photographs, audio, and video clips.
Multipartite virus
A virus that uses multiple infection methods, typically infecting both files and boot sectors.
Multiple component incident
A single incident that encompasses two or more incidents.
Multiplexers
A multiplexer is a device for combining two or more information channels. Multiplexing is the combining of two or more information channels onto a common transmission medium.
Multipoint
A network that enables two or more stations to communicate with a single system on one communications line.
Multi-processing
A computer consisting of several processors that may execute programs simultaneously.
Multi-programming
The concurrent execution of several programs. It is the same as multi-tasking.
Multipurpose Internet mail extension (MIME)
(1) A specification for formatting non-ASCII messages so that they can be sent over the Internet. MIME enables graphics, audio, and video files to be sent and received via the Internet mail system, using the SMTP protocol. In addition to e-mail applications, Web browsers also support various MIME types. This enables the browser to display or output various files that are not in HTML format. (2) A protocol that makes use of the headers in an IETF RFC 2822 message to describe the structure of rich message content.
Multi-tasking
The concurrent execution of several programs. It is the same as multiprogramming.
Multi-threading
Program code that is designed to be available for servicing multiple tasks at once, in particular by overlapping inputs and output.
Mutation analysis
The purpose of mutation analysis is to determine the thoroughness with which an application program has been tested and, in the process, detect errors. A large set of version or mutation of the original program is created by altering a single element of the program (e.g., variable, constant, or operator) and each mutant is then tested with a given collection of test datasets.
Mutual authentication
Occurs when parties at both sides of a communication activity authenticate each other. Providing mutual assurance regarding the identity of subjects and/or objects. For example, a system needs to authenticate a user, and the user needs to authenticate that the system is genuine.
N
NAK attack
See Negative acknowledgment (NAK) attack
Name spaces
Names are given to objects, which are only meaningful to a single subject, and thus cannot be addressed by other subjects.
Natural threats
Examples of natural threats include hurricanes, tornados, floods, and fires.
Need-to-know
The necessity for access to, knowledge of, or possession of specific information required to perform official tasks or services. The custodian, not the prospective recipient, of the classified or sensitive unclassified information determines the need-to-know.
Need-to-know violation
The disclosure of classified or other sensitive information to a person cleared but who has no requirement for such information to carry out assigned job duties.
Need-to-withhold
The necessity to limit access to some confidential information when broad access is given to all the information.
Negative acknowledgement (NAK) attack
(1) In binary synchronous communications, a transmission control character is sent as a negative response to data received by an attacker. A negative response means a reply was received that indicate that data was not received correctly or that a command was incorrect or unacceptable. (2) A penetration technique capitalizing on a potential weakness in an operating system that does not handle asynchronous interrupts properly, thus leaving the system in an unprotected state during such interrupts. An NAK means that a transmission was received with error (negative). An ACK (acknowledgment) means that a transmission was received without error (positive).
Net-centric architecture
A complex system of systems composed of subsystems and services that are part of a continuously evolving, complex community of people, devices, information, and services interconnected by a network that enhances information sharing and collaboration. Examples of this architecture include service-oriented architectures and cloud computing architectures.
Net present value (NPV) method
The most straightforward economic comparison is net present value (NPV). NPV is the difference between the present value (PV) of the benefits and the PV of the costs.
This method can be used to assess the financial feasibility of an investment in information security program.
Network
(1) Two or more systems connected by a communications medium. (2) An open communications medium, typically, the Internet, that is used to transport messages between the claimant and other parties. Unless otherwise stated no assumptions are made about the security of the network; it is assumed to be open and subject to active attacks (e.g., impersonation, man-in-the-middle, and session hijacking) and passive attacks (e.g., eavesdropping) at any point between the parties (e.g., claimant, verifier, CSP, or relying party).
Network access control (NAC)
A feature provided by some firewalls that allows access based on a user’s credentials and the results of health checks performed on the telework client device.