Letter: A
Access control. The process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities. Related Term(s): access control mechanism
Advanced Persistent Threat. An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception).
Air gap. To physically separate or isolate a system from other systems or networks (verb). Extended Definition: The physical separation or isolation of a system from other systems or networks (noun).
Antispyware software. A program that specializes in detecting and blocking or removing forms of spyware. Related Term(s): spyware
Antivirus software. A program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents. Sometimes by removing or neutralizing the malicious code.
Asymmetric cryptography. Synonym(s): public key cryptography
Attack path. The steps that an adversary takes or may take to plan, prepare for, and execute an attack.
Attack surface. The set of ways in which an adversary can enter a system and potentially cause damage. Extended Definition: An information system’s characteristics that permit an adversary to probe, attack, or maintain presence in the information system.
Authentication. The process of verifying the identity or other attributes of an entity (user, process, or device). Extended Definition: Also the process of verifying the source and integrity of data.
Authorization. A process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource. Extended Definition: The process or act of granting access privileges or the access privileges as granted.
Availability. The property of being accessible and usable upon demand. Extended Definition: In cybersecurity, applies to assets such as information or information systems. Related Term(s): confidentiality, integrity.
Letter: B
Blue Team. A group that defends an enterprise’s information systems when mock attackers (i.e., the Red Team) attack, typically as part of an operational exercise conducted according to rules established and monitored by a neutral group (i.e., the White Team). Extended Definition: Also, a group that conducts operational vulnerability evaluations and recommends mitigation techniques to customers who need an independent technical review of their cybersecurity posture. Related Term(s): Red Team, White Team
Bot. A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under remote the command and control of a remote administrator. Extended Definition: A member of a larger collection of compromised computers known as a botnet. Synonym(s): zombie. Related Term(s): botnet
Botnet. A collection of computers compromised by malicious code and controlled across a network.
Bug. An unexpected and relatively small defect, fault, flaw, or imperfection in an information system or device.
Letter: C
Cipher. Synonym(s): cryptographic algorithm
Ciphertext. Data or information in its encrypted form. Related Term(s): plaintext
Cloud computing. A model for enabling on-demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
Computer forensics. Synonym(s): digital forensics
Computer network defense. The actions taken to defend against unauthorized activity within computer networks.
Computer security incident. Synonym(s): incident. Related Term(s): event
Confidentiality. A property that information is not disclosed to users, processes, or devices unless they have been authorized to access the information. Extended Definition: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. Related Term(s): availability, integrity
Critical infrastructure. The systems and assets, whether physical or virtual, so vital to society that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters. Related Term(s): key resource
Cryptanalysis. The operations performed in defeating or circumventing cryptographic protection of information by applying mathematical techniques and without an initial knowledge of the key employed in providing the protection. Extended Definition: The study of mathematical techniques for attempting to defeat or circumvent cryptographic techniques and/or information systems security.
Cryptographic algorithm. A well-defined computational procedure that takes variable inputs, including a cryptographic key, and produces an output. Related Term(s): key, encryption, decryption, symmetric key, asymmetric key.
Cryptography. The use of mathematical techniques to provide security services, such as confidentiality, data integrity, entity authentication, and data origin authentication. Extended Definition: The art or science concerning the principles, means, and methods for converting plaintext into ciphertext and for restoring encrypted ciphertext to plaintext. Related Term(s): plaintext, ciphertext, encryption, decryption
Cryptology. The mathematical science that deals with cryptanalysis and cryptography. Related Term(s): cryptanalysis, cryptography.
Cyber incident. Synonym(s): incident. Related Term(s): event
Cybersecurity. The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation. Extended Definition: Strategy, policy, and standards regarding the security of and operations in cyberspace, and encompass[ing] the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure.
Cyberspace. The interdependent network of information technology infrastructures, that includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers.
Cyber Threat Intelligence (CTI). The collecting, processing, organizing, and analyzing data into actionable information that relates to capabilities, opportunities, actions, and intent of adversaries in the cyber domain to meet a specific requirement determined by and informing decision-makers.
Letter: D
Data breach. The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information. Related Term(s): data loss, data theft, exfiltration.
Data integrity. The property that data is complete, intact, and trusted and has not been modified or destroyed in an unauthorized or accidental manner. Related Term(s): integrity, system integrity
Data leakage. Synonym(s): data breach
Data loss. The result of unintentionally or accidentally deleting data, forgetting where it is stored, or exposure to an unauthorized party. Related Term(s): data leakage, data theft
Data loss prevention. A set of procedures and mechanisms to stop sensitive data from leaving a security boundary. Related Term(s): data loss, data theft, data leak
Data mining. The process or techniques used to analyze large sets of existing information to discover previously unrevealed patterns or correlations. Related Term(s): data aggregation
Data spill. Synonym(s): data breach
Data theft. The deliberate or intentional act of stealing of information. Related Term(s): data aggregation, data leakage, data loss.
Decipher. To convert enciphered text to plain text by means of a cryptographic system. Synonym(s): decode, decrypt
Decode. To convert encoded text to plain text by means of a code. Synonym(s): decipher, decrypt
Decrypt. A generic term encompassing decode and decipher. Synonym(s): decipher, decode.
Decryption. The process of transforming ciphertext into its original plaintext. Extended Definition: The process of converting encrypted data back into its original form, so it can be understood. Synonym(s): decode, decrypt, decipher
Denial of service (DOS). An attack that prevents or impairs the authorized use of information system resources or services.
Digital forensics. The processes and specialized techniques for gathering, retaining, and analyzing system-related data (digital evidence) for investigative purposes. Extended Definition: In the NICE Framework, cybersecurity work where a person: Collects, processes, preserves, analyzes, and presents computer-related evidence in support of network vulnerability, mitigation, and/or criminal, fraud, counterintelligence or law enforcement investigations. Synonym(s): computer forensics, forensics
Digital rights management (DRM). A form of access control technology to protect and manage use of digital content or devices in accordance with the content or device provider’s intentions.
Digital signature. A value computed with a cryptographic process using a private key and then appended to a data object, thereby digitally signing the data. Related Term(s): electronic signature.
Distributed denial of service (DDOS). A denial of service technique that uses numerous systems to perform the attack simultaneously. Related Term(s): denial of service, botnet
Letter: E
Electronic signature. Any mark in electronic form associated with an electronic document, applied with the intent to sign the document. Related Term(s): digital signature
Encipher. To convert plaintext to ciphertext by means of a cryptographic system. Synonym(s): encode, encrypt
Encode. To convert plaintext to ciphertext by means of a code. Synonym(s): encipher, encrypt
Encrypt. The generic term encompassing encipher and encode. Synonym(s): encipher, encode
Encryption. The process of transforming plaintext into ciphertext. Extended Definition: Converting data into a form that cannot be easily understood by unauthorized people. Synonym(s): encode, encrypt, encipher
Event. An observable occurrence in an information system or network. Extended Definition: Sometimes provides an indication that an incident is occurring or at least raise the suspicion that an incident may be occurring. Related Term(s): incident
Exfiltration. The unauthorized transfer of information from an information system. Related Term(s): data breach
Exploit. A technique to breach the security of a network or information system in violation of security policy.
Exposure. The condition of being unprotected, thereby allowing access to information or access to capabilities that an attacker can use to enter a system or network.
Letter: F
Firewall. A capability to limit network traffic between networks and/or information systems. Extended Definition: A hardware/software device or a software program that limits network traffic according to a set of rules of what access is and is not allowed or authorized.
Forensics. Synonym(s): digital forensics
Letter: G
Letter: H
Hacker. An unauthorized user who attempts to or gains access to an information system.
Hash value. A numeric value resulting from applying a mathematical algorithm against a set of data such as a file. Synonym(s): cryptographic hash value. Related Term(s): hashing
Hashing. A process of applying a mathematical algorithm against a set of data to produce a numeric value (a ‘hash value’) that represents the data. Extended Definition: Mapping a bit string of arbitrary length to a fixed length bit string to produce the hash value. Related Term(s): hash value
Letter: I
Incident. An occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences. Extended Definition: An occurrence that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. Related Term(s): event
Indicator. An occurrence or sign that an incident may have occurred or may be in progress. Related Term(s): precursor
Industrial Control System (ICS). An information system used to control industrial processes such as manufacturing, product handling, production, and distribution or to control infrastructure assets. Related Term(s): Supervisory Control and Data Acquisition, Operations Technology
Information assurance (IA). The measures that protect and defend information and information systems by ensuring their availability, integrity, and confidentiality. Related Term(s): information security
Information security policy. An aggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information. Related Term(s): security policy
Information technology. Any equipment or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information. Related Term(s): information and communication(s) technology
Inside(r) threat. A person or group of persons within an organization who pose a potential risk through violating security policies. Extended Definition: One or more individuals with the access and/or inside knowledge of a company, organization, or enterprise that would allow them to exploit the vulnerabilities of that entity’s security, systems, services, products, or facilities with the intent to cause harm. Related Term(s): outside(r) threat
Integrity. The property whereby information, an information system, or a component of a system has not been modified or destroyed in an unauthorized manner. Extended Definition: A state in which information has remained unaltered from the point it was produced by a source, during transmission, storage, and eventual receipt by the destination. Related Term(s): availability, confidentiality, data integrity, system integrity
Intrusion. An unauthorized act of bypassing the security mechanisms of a network or information system. Synonym(s): penetration
Intrusion detection. The process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred.
Letter: J
Letter: K
Key. The numerical value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification. Related Term(s): private key, public key, secret key, symmetric key
Key pair. A public key and its corresponding private key. Extended Definition: Two mathematically related keys having the property that one key can be used to encrypt a message that can only be decrypted using the other key. Related Term(s): private key, public key
Keylogger. Software or hardware that tracks keystrokes and keyboard events, usually surreptitiously / secretly, to monitor actions by the user of an information system. Related Term(s): spyware
Letter: L
Letter: M
Macro virus. A type of malicious code that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute, replicate, and spread or propagate itself. Related Term(s): virus
Malicious applet. A small application program that is automatically downloaded and executed and that performs an unauthorized function on an information system. Related Term(s): malicious code
Malicious code. Program code intended to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system. Extended Definition: Includes software, firmware, and scripts. Related Term(s): malicious logic
Malicious logic. Hardware, firmware, or software that is intentionally included or inserted in a system to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system. Related Term(s): malicious code
Malware. Software that compromises the operation of a system by performing an unauthorized function or process. Synonym(s): malicious code, malicious applet, malicious logic
Mitigation. The application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences. Extended Definition: Implementing appropriate risk-reduction controls based on risk management priorities and analysis of alternatives.
Letter: N
Network resilience. The ability of a network to: (1) provide continuous operation (i.e., highly resistant to disruption and able to operate in a degraded mode if damaged); (2) recover effectively if failure does occur; and (3) scale to meet rapid or unpredictable demands.
Network Services. In the NICE Framework, cybersecurity work where a person: Installs, configures, tests, operates, maintains, and manages networks and their firewalls, including hardware (e.g., hubs, bridges, switches, multiplexers, routers, cables, proxy servers, and protective distributor systems) and software that permit the sharing and transmission of all spectrum transmissions of information to support the security of information and information systems.
Non-repudiation. A property achieved through cryptographic methods to protect against an individual or entity falsely denying having performed a particular action related to data. Extended Definition: Provides the capability to determine whether a given individual took a particular action such as creating information, sending a message, approving information, and receiving a message. Related Term(s): integrity, authenticity
Letter: O
Letter: P
Passive attack. An actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations. Related Term(s): active attack
Password. A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization.
Pen test. A colloquial term for penetration test or penetration testing. Synonym(s): penetration testing
Penetration. Synonym(s): intrusion
Penetration testing. An evaluation methodology whereby assessors search for vulnerabilities and attempt to circumvent the security features of a network and/or information system.
Personal Identifying Information / Personally Identifiable Information (PII). The information that permits the identity of an individual to be directly or indirectly inferred.
Phishing. A digital form of social engineering to deceive individuals into providing sensitive information.
Plaintext. Unencrypted information. Related Term(s): ciphertext
Precursor. An observable occurrence or sign that an attacker may be preparing to cause an incident. Related Term(s): indicator
Privacy. The assurance that the confidentiality of, and access to, certain information about an entity is protected. Extended Definition: The ability of individuals to understand and exercise control over how information about themselves may be used by others.
Private key. A cryptographic key that must be kept confidential and is used to enable the operation of an asymmetric (public key) cryptographic algorithm. Extended Definition: The secret part of an asymmetric key pair that is uniquely associated with an entity. Related Term(s): public key, asymmetric cryptography
Public key. A cryptographic key that may be widely published and is used to enable the operation of an asymmetric (public key) cryptographic algorithm. Extended Definition: The public part of an asymmetric key pair that is uniquely associated with an entity and that may be made public. Related Term(s): private key, asymmetric cryptography
Public key cryptography. A branch of cryptography in which a cryptographic system or algorithms use two uniquely linked keys: a public key and a private key (a key pair). Synonym(s): asymmetric cryptography, public key encryption
Public key encryption. Synonym(s): public key cryptography
Public Key Infrastructure (PKI). A framework consisting of standards and services to enable secure, encrypted communication and authentication over potentially insecure networks such as the Internet. Extended Definition: A framework and services for generating, producing, distributing, controlling, accounting for, and revoking (destroying) public key certificates.
Letter: Q
Letter: R
Recovery. The activities after an incident or event to restore essential services and operations in the short and medium term and fully restore all capabilities in the longer term.
Red Team. A group authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s cybersecurity posture. Related Term(s): Blue Team, White Team
Red Team exercise. An exercise, reflecting real-world conditions, that is conducted as a simulated attempt by an adversary to attack or exploit vulnerabilities in an enterprise’s information systems. Related Term(s): cyber exercise
Redundancy. Additional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process.
Resilience. The ability to adapt to changing conditions and prepare for, withstand, and rapidly recover from disruption.
Response. The activities that address the short-term, direct effects of an incident and may also support short-term recovery. Extended Definition: In cybersecurity, response encompasses both automated and manual activities. Related Term(s): recovery
Risk assessment. The product or process which collects information and assigns values to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making. Extended Definition: The appraisal of the risks facing an entity, asset, system, or network, organizational operations, individuals, geographic area, other organizations, or society, and includes determining the extent to which adverse circumstances or events could result in harmful consequences. Related Term(s): risk analysis, risk
Rootkit. A set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges, and conceal the activities conducted by the tools.
Letter: S
Secret key. A cryptographic key that is used for both encryption and decryption, enabling the operation of a symmetric key cryptography scheme. Extended Definition: Also, a cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption of plaintext and decryption of ciphertext. Related Term(s): symmetric key
Securely Provision. A NICE Framework category consisting of specialty areas concerned with conceptualizing, designing, and building secure IT systems, with responsibility for some aspect of the systems’ development.
Security automation. The use of information technology in place of manual processes for cyber incident response and management.
Security incident. Synonym(s): incident
Signature. Definition: A recognizable, distinguishing pattern. Extended Definition: Types of signatures: attack signature, digital signature, electronic signature.
Situational awareness. Comprehending information about the current and developing security posture and risks, based on information gathered, observation and analysis, and knowledge or experience. Extended Definition: In cybersecurity, comprehending the current status and security posture with respect to availability, confidentiality, and integrity of networks, systems, users, and data, as well as projecting future states of these.
Software assurance. The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner.
Spam. The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.
Spillage. Synonym(s): data spill, data breach
Spoofing. Faking the sending address of a transmission to gain illegal [unauthorized] entry into a secure system. Extended Definition: The deliberate inducement of a user or resource to take incorrect action. Note: Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing.
Spyware. Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner. Related Term(s): keylogger
Supervisory Control and Data Acquisition (SCADA). A generic name for a computerized system that is capable of gathering and processing data and applying operational controls to geographically dispersed assets over long distances. Related Term(s): Industrial Control System
Supply chain. A system of organizations, people, activities, information and resources, for creating and moving products including product components and/or services from suppliers through to their customers. Related Term(s): supply chain risk management
Supply Chain Risk Management (SCRM). The process of identifying, analyzing, and assessing supply chain risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken. Related Term(s): supply chain
Symmetric cryptography. A branch of cryptography in which a cryptographic system or algorithms use the same secret key (a shared secret key).
Symmetric encryption algorithm. Synonym(s): symmetric cryptography
Symmetric key. A cryptographic key that is used to perform both the cryptographic operation and its inverse, for example to encrypt plaintext and decrypt ciphertext, or create a message authentication code and to verify the code. Extended Definition: Also, a cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption of plaintext and decryption of ciphertext. Related Term(s): secret key
System Administration. In the NICE Framework, cybersecurity work where a person: Installs, configures, troubleshoots, and maintains server configurations (hardware and software) to ensure their confidentiality, integrity, and availability; also manages accounts, firewalls, and patches; responsible for access control, passwords, and account creation and administration.
System integrity. The attribute of an information system when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. Related Term(s): integrity, data integrity
Letter: T
Tabletop exercise. A discussion-based exercise where personnel meet in a classroom setting or breakout groups and are presented with a scenario to validate the content of plans, procedures, policies, cooperative agreements or other information for managing an incident.
Targets. In the NICE Framework, cybersecurity work where a person: Applies current knowledge of one or more regions, countries, non-state entities, and/or technologies.
Threat. A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society. Extended Definition: Includes an individual or group of individuals, entity such as an organization or a nation), action, or occurrence.
Threat actor. Synonym(s): threat agent
Threat agent. An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities. Related Term(s): adversary, attacker
Threat analysis. The detailed evaluation of the characteristics of individual threats. Extended Definition: In the NICE Framework, cybersecurity work where a person: Identifies and assesses the capabilities and activities of cyber criminals or foreign intelligence entities; produces findings to help initialize or support law enforcement and counterintelligence investigations or activities.
Threat assessment. The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations, and/or property. Related Term(s): threat analysis
Trojan horse. A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.
Letter: U
Unauthorized access. Any access that violates the stated security policy.
Letter: V
Virus. A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer. Related Term(s): macro virus
Vulnerability. A characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard. Extended Definition: Characteristic of location or security posture or of design, security procedures, internal controls, or the implementation of any of these that permit a threat or hazard to occur. Vulnerability (expressing degree of vulnerability): qualitative or quantitative expression of the level of susceptibility to harm when a threat or hazard is realized. Related Term(s): weakness
Letter: W
Weakness. A shortcoming or imperfection in software code, design, architecture, or deployment that, under proper conditions, could become a vulnerability or contribute to the introduction of vulnerabilities. Related Term(s): vulnerability
White Team. A group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of information systems. Related Term(s): Blue Team, Red Team
Worm. A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.
Letter: X
Letter: Y
Letter: Z
Zero-day. A vulnerability for which there is currently no mitigation or patch. If exploited, susceptible system have little defense against the attack.
Last Published Date: January 11, 2022
Pop's Two Cents 