A | B | C | D | E | F | G | H | I | J | K | L | M |
N | O | P | Q | R | S | T | U

Major Application
An application that requires special attention to security due to the risk and magnitude of the harm resulting from the loss, misuse, or unauthorized access to or modification of the information in the application. See also: Application, Process.

Malicious Code
Software or firmware that is intentionally included in a MIS for an unauthorized purpose. See also: Trapdoor, Trojan Horse, Virus, Worm.

Management Information System (MIS)
A MIS is an assembly of computer hardware, software, and/or firmware configured to collect, create, communicate, compute, disseminate, process, store, and/or control data or information. Examples include: information storage and retrieval systems, mainframe computers, minicomputers, personal computers and workstations, office automation systems, automated message processing systems (AMPSs), and those supercomputers and process control computers (e.g., embedded computer systems) that perform general purpose computing functions.

Man-in-the-middle Attack (MIM)
BlackHat accomplishes a MIM by substituting his public key for Alice’s public key. Then Bob mistakenly encrypts with BlackHat’s public key instead of Alice’s public key. BlackHat intercepts Bob’s message to Alice and encrypts it with Alice’s public key so that no one suspects the subterfuge. Just because public keys need not be concealed, doesn’t mean public keys can just be sent (or stored) without protection.

Master Secret
A random value generated using a pre-master secret, other random values and a pseudo-random function (PRF). It is used in Secure Socket Layers (SSL) to make six shared secret keys.

MD5
One of the two most popular non-keyed message digest programs. It makes a 128-bit digest which means a birthday attack against its strong collision resistance using 128/2 = 64 bits makes it vulnerable. In addition, MD5 collisions have been found for small messages. Because of this, other more secure hash methods are rapidly replacing MD5.

Message Authentication
See integrity.

Message Authentication Codes (MAC)
Keyed message digests that combine a message and a shared secret key. MACs require the sender and receiver to share a secret key.

Message Digest
A redundant short proxy for a usually much larger message to identify if the message was modified during transmission. Message digest methods super compress messages so encryption and decryption operate on less data and, therefore, take less time. Also known as cryptographic hash; cryptographic checksum; digital or message fingerprint.

Message Integrity Codes (MIC)
A non-keyed message digests made without a secret key ; also known as Modification Detection Codes (MDC). Most public key digital signatures use non-keyed message digests.

MHS
Message Handling System.

Microprocessor
A semiconductor central processing unit contained on a single integrated circuit chip.

MIME
Multipurpose Internet Mail Extensions.

MIS Owner
The official who has the authority to decide on accepting the security safeguards prescribed for a MIS and is responsible for issuing an accreditation statement that records the decision to accept those safeguards. See also: Accrediting Authority (AA), Application Owner, Process Owner.

MIS Security
Measures or controls that safeguard or protect a MIS against unauthorized (accidental or intentional) disclosure, modification, destruction of the MIS and data, or denial of service. MIS security provides an acceptable level of risk for the MIS and the data contained in it. Considerations include: 1) all hardware and/or software functions, characteristics, and/or features; 2) operational procedures, accountability procedures, and access controls at all computer facilities in the MIS; 3) management constraints; 4) physical structures and devices; and 5) personnel and communications controls.

Mod
An abbreviation for modulo mathematics used in public key cryptography.

Mode
An attribute in Internet Protocol Security (IPsec) that controls how much of the data packet is protected by confidentiality and message integrity. The mode choices are formally called Tunnel and Transport. An IPsec data packet must be protected by either a protocol or a mode.

Modular Inverses
Two whole numbers that when multiplied by each other result in the product of one. Cryptographers use modular inverses to manufacture public/private key pairs in most commercial public key cryptography because they provide time-consuming problems to cryptanalyze.

Monoalphabetic Substitution
A method of encryption where a letter in the plaintext is always replaced by the same letter in the ciphertext.