Internet Security Glossary, Version 2

$ security: ...
Parker suggests that providing a condition of system security may involve the following six basic functions [Park]; however, these functions overlap to some extent:
- "Deterrence": Reducing an intelligent threat by discouraging action, such as by fear or doubt. (See: attack, threat action.)
- "Avoidance": Reducing a risk by either reducing the value of the potential loss or reducing the probability that the loss will occur. (See: risk analysis. Compare: "risk avoidance" under "risk".)
- "Prevention": Impeding a security violation by using a countermeasure.
- "Detection": Determining that a security violation is impending, is in progress, or has recently occurred, and thus make it possible to reduce the potential loss. (See: intrusion detection.)
- "Recovery": Restoring a normal state of system operation by compensating for a security violation, possibly by eliminating or repairing its effects. (See: contingency plan, main entry for "recovery".)
- "Correction": Changing a security architecture to eliminate or reduce the risk of reoccurrence of a security violation or threat consequence, such as by eliminating a vulnerability.

Someone asked me about a good security glossary. See Internet Security Glossary, Version 2; 20 March until 20 September 2006; Obsoletes: RFC 2828, FYI 36