Maintenance hook: A back door that allows a software developer or vendor to bypass access control mechanisms in order to perform maintenance. These back doors are often well know and pose a significant security threat if not properly secured.
Malware: Malicious software that typically damages, takes control of, or collects information from a computer. This classification of software broadly includes virus, worms, Trojan Horses, logic bomb, spyware and adware.
MAN: Metropolitan Area Network.
Mandatory Access Control (MAC) system: A type of access control system in which the access policy is determined by the system, rather than by the owner.
Man-on-the-middle Attack: A type of attack in which an attacker intercepts message between two paries and forwards a modified version of the original message.
Mantrap: A physical access control method consisting of a double set of locked door or turnstiles.
Manual controls: Controls that must be performed manually by people.
Maximum Tolerable Downtime (MTD): An extension of criticality Assessment that specifies the maximum period of time that a given business process can be inoperative before experiencing unacceptable consequences.
Maximum Tolerable Period of disruption (MTPD): See previous definition (MTD).
Media Controls: Controls that are used to manage information classification and physical media.
Meet-in-the-middle: A type of attack in which an attacker encrypts knows plaintext with each possible key on one end, decrypts the corresponding ciphertext with each possible key, and the compare the results in the middle.
Memory addressing: The method using by the Central Processing Unit (CPU) to access the contents of memory.
Memory space: The amount of memory available in a computer system.
MetaData:“Data about Data” that may present a security risk by revealing private information about a document or its history
MIME Objects Security Services (MOSS): Provide Confidentiality, Integrity, Identification, and authentification, and no repudiation by using MD2 or MD5, RSA Asymmetric keys and DES.
Mission statement: A statement that defines an organization’s reason for existence.
Mobile app: An application that runs on a mobile device and has the capability interact with the user, communicate over Internet, and store Data locally.
Mobile Device: A general term encompassing all smaller devices such as smartphones and tablets computers, which run operating systems such as iOS, Android or Windows Phone.
Monitoring: Activities that verify processes, procedures and systems.
Mono alphabetic substitution: A cryptographic system that uses a single alphabet to encrypt and decrypt an entire message.
Multi-level system: A single computer system that handles multiple classification levels between subjects and objects.
Multiprocessing: A system that execute multiple programs on multiprocessors simultaneous.
Multiprogramming: A system that alternates execution of multiple programs on a single processor.
Multi-Protocol Label Switching (MPLS): An extremely fast method of forwarding packets through a network by using labels inserted between Layer 2 and Layer 3 headers in the packet.
Multipurpose Internet Mail Extensions (MIME): An IETF standard that define the format for messages that are exchanged between e-mail systems over the Internet.
Multitasking: A system that alternates execution of multiple subprograms or tasks on a single processor.