A
Access
The ability and means to communicate with or otherwise interact with a system, to use system resources to handle information, to gain knowledge of the information the system contains, or to control system components and functions.
Access Control
The process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities.
Related Term(s): access control mechanism
Access Control Mechanism
Security measures are designed to detect and deny unauthorized access and permit authorized access to an information system or a physical facility.
Active Attack
An actual assault perpetrated by an intentional threat source that attempts to alter a system, its resources, its data, or its operations.
Related Term(s): passive attack
Advanced Persistent Threat (APT)
An advanced persistent threat is a cyberattack wherein criminals work together to steal data or infiltrate systems over a longer period of time.
Air Gap
The physical separation or isolation of a system from other systems or networks.
Alert
A notification that a specific attack has been detected or directed at an organization’s information systems.
Antispyware Software
A program that specializes in detecting and blocking or removing forms of spyware.
Related Term(s): spyware
Application Whitelisting
Application whitelisting is one form of endpoint security. It’s aimed at preventing malicious programs from running on a network.
Asset
Anything useful that contributes to the success of something, such as an organizational mission; assets are things of value or properties to which value can be assigned.
Attack Surface
An information system’s characteristics permit an adversary to probe, attack, or maintain a presence in the information system.
B
Behavior Monitoring
Observing activities of users, information systems, and processes and measuring the activities against organizational policies and rules, baselines of normal activity, thresholds, and trends.
Synonym(s): behavior monitoring
Blue Team
A group that defends an enterprise’s information systems when mock attackers (i.e., the Red Team) attack, typically as part of an operational exercise conducted according to rules established and monitored by a neutral group (i.e., the White Team).
Related Term(s): Red Team, White Team
Bot
A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under remote the command and control of a remote administrator.
Synonym(s): zombie
Related Term(s): botnet
Botnet
What is a Botnet? Botnets are behind many types of attacks and hacks. Read about some real-life examples of Botnets and learn about how they are executed.
Bulletproof Hosting
Bulletproof hosting services are actively used by platforms such as online casinos, spam distribution sites, and pornographic resources.
Business Email Compromise (BEC)
Business Email Compromises cost companies over $1.7bn last year, far outstripping ransomware.
C
Ciphertext
Data or information in its encrypted form.
Related Term(s): plaintext
Cloud Computing
A model for enabling on-demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
Cryptographic Algorithm
A well-defined computational procedure that takes variable inputs, including a cryptographic key, and produces an output.
Related Term(s): key, encryption, decryption, symmetric key, asymmetric key
Cryptography
The art or science concerning the principles means, and methods for converting plaintext into ciphertext and for restoring encrypted ciphertext to plaintext.
Related Term(s): plaintext, ciphertext, encryption, decryption
Cyber Infrastructure
The information and communications systems and services are composed of all hardware and software that process, store, and communicate information, or any combination of all of these elements: Processing includes the creation, access, modification, and destruction of information. Storage includes paper, magnetic, electronic, and all other media types. Communications include the sharing and distribution of information.
Cyber Operations
In the NICE Framework, cybersecurity works where a person: Performs activities to gather evidence on criminal or foreign intelligence entities in order to mitigate possible or real-time threats, protect against espionage or insider threats, foreign sabotage, international terrorist activities, or support other intelligence activities.
Cyber Threat Intelligence
Threat intelligence, or cyber threat intelligence, involves analyzing any and all threats to an organization. The process begins with gathering as much information as possible in order to have the knowledge that allows your organization to prevent or mitigate potential attacks.
Cybersecurity
Strategy, policy, and standards regarding the security of and operations in cyberspace, and encompass[ing] the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure.
Cyberspace
The interdependent network of information technology infrastructures, includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers.
D
Data Aggregation
The process of gathering and combining data from different sources, so that the combined data reveals new information.
Related Term(s): data mining
Data Breach
The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information.
Related Term(s): data loss, data theft, exfiltration
Data Integrity
The property that data is complete, intact, and trusted and has not been modified or destroyed in an unauthorized or accidental manner.
Related Term(s): integrity, system integrity
Decryption
The process of converting encrypted data back into its original form, so it can be understood.
Synonym(s): decode, decrypt, decipher
Deepfakes
With most of us consuming news from social media, how much of a cybersecurity threat is fake news created by Deepfake content?
Denial of Service (DoS)
An attack that prevents or impairs the authorized use of information system resources or services.
Digital Forensics
In the NICE Framework, cybersecurity works where a person: Collects, processes, preserves, analyzes, and presents computer-related evidence in support of network vulnerability, mitigation, and/or criminal, fraud, counterintelligence, or law enforcement investigations.
Synonym(s): computer forensics, forensics
Digital Signature
A value is computed with a cryptographic process using a private key and then appended to a data object, thereby digitally signing the data.
Related Term(s): electronic signature
Distributed Denial of Service (DDoS)
A denial of service technique that uses numerous systems to perform the attack simultaneously.
Related Term(s): denial of service, botnet
DNS Hijacking
An attacker who gains control over your DNS gains control over your entire domain.
Electronic Signature
Any mark in electronic form associated with an electronic document is applied with the intent to sign the document.
Related Term(s): digital signature
Encryption
The generic term encompasses encipher and encode.
Synonym(s): encipher, encode
Exploit
A technique to breach the security of a network or information system in violation of security policy.
Exploitation Analysis
In the NICE Framework, cybersecurity works where a person: Analyzes collected information to identify vulnerabilities and potential for exploitation.
F
Failure (System Failure)
The inability of a system or component to perform its required functions within specified performance requirements.
Fileless Malware
As the name suggests, this type of malware is a malicious program that uses software already present on a computer in order to infect it. Since it does not rely on using files of its own, it can be notably difficult to prevent and detect. By extension, this also makes it difficult to remove.
Firewall
A hardware/software device or a software program that limits network traffic according to a set of rules of what access is and is not allowed or authorized.H
Hacker
An unauthorized user who attempts to or gains access to an information system.
Hacktivism
What is hacktivism? Learn about its origins to the present day, its motivations, and why hacktivist groups should still be on your threat assessment radar.
Hash Value
A numeric value results from applying a mathematical algorithm against a set of data such as a file.
Synonym(s): cryptographic hash value
Related Term(s): hashing
Hashing
Find out what hashing is used for, how it works to transform keys and characters, and how it relates to data structure, cybersecurity, and cryptography.
I
Identity and Access Management
The methods and processes used to manage subjects and their authentication and authorizations to access specific objects.
Incident
An occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences.
Related Term(s): event
Incident Response Plan
A set of predetermined and documented procedures to detect and respond to a cyber incident.
Indicator
An occurrence or sign that an incident may have occurred or may be in progress.
Related Term(s): precursor
Information Assurance
The measures that protect and defend information and information systems by ensuring their availability, integrity, and confidentiality.
Related Term(s): information security
Information Sharing
An exchange of data, information, and/or knowledge to manage risks or respond to incidents.
Information Technology
Any equipment or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information.
Related Term(s): information and communication(s) technology
K
Key Pair
Two mathematically related keys have the property that one key can be used to encrypt a message that can only be decrypted using the other key.
Related Term(s): private key, public key
Key Resource
A publicly or privately controlled asset necessary to sustain continuity of government and/or economic operations or an asset that is of great historical significance.
Related Term(s): critical infrastructure
Keylogger
Software or hardware that tracks keystrokes and keyboard events, usually surreptitiously / secretly, to monitor actions by the user of an information system.
Related Term(s): spyware
M
Macro Virus
A type of malicious code that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute, replicate, and spread or propagate itself.
Related Term(s): virus
Malware
Software that compromises the operation of a system by performing an unauthorized function or process.
Synonym(s): malicious code, malicious applet, malicious logic
Malware Analysis
Malware analysis is the process of taking a close look at a suspicious file or URL to detect potential threats. It is one of the first steps to identifying malware before it can infect a system and cause harm to critical assets.
Mimikatz
Mimikatz continues to evade many security solutions. See why this successful password and credential-stealing tool continues to be popular among attackers.
Mitigation (Risk Management)
The application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences.
Mobile Malware
Mobile malware is malicious software that targets smartphones, tablets, and other mobile devices with the end goal of gaining access to private data. Although Mobile Malware is not as prolific as its counterpart (malware that attacks traditional workstations) it’s a growing threat for all organizations.
N
Next-Generation Antivirus (NGAV)
In contrast to legacy antivirus technology, next-generation antivirus (NGAV) advances threat detection by finding all symptoms of malicious behavior rather than focusing on looking only for known malware file attributes.
O
Open Source Intelligence (OSINT)
What is OSINT? How do hackers gather intel about targets? Just how much can they learn about you?
Operations Technology
The hardware and software systems used to operate industrial control devices.
Related Term(s): Industrial Control System
P
Passive Attack
An actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations.
Related Term(s): active attack
Password Security
A password is the key to opening the door to an account. Don’t let network integrity fall victim to poor password habits. Improve your password security know-how.
Penetration
An unauthorized act of bypassing the security mechanisms of a network or information system.
Synonym(s): penetration
Phishing Scams
70% of ransomware attempts come from phishing scams. Learn how to recognize phishing scams and methods to avoid phishing attacks on your enterprise.
Precursor
An observable occurrence or sign that an attacker may be preparing to cause an incident.
Related Term(s): indicator
R
Red Team
A group authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s cybersecurity posture.
Related Term(s): Blue Team, White Team
Red Team Exercise
An exercise, reflecting real-world conditions, is conducted as a simulated attempt by an adversary to attack or exploit vulnerabilities in an enterprise’s information systems.
Related Term(s): cyber exercise
Redundancy
Additional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process.
Resilience
The ability to adapt to changing conditions and prepare for, withstand, and rapidly recover from disruption.
Response
The activities that address the short-term, direct effects of an incident may also support short-term recovery.
Related Term(s): recovery
Risk
The potential for an unwanted or adverse outcome resulting from an incident, event, or occurrence, is determined by the likelihood that a particular threat will exploit a particular vulnerability, with the associated consequences.
Risk Analysis
The systematic examination of the components and characteristics of risk.
Related Term(s): risk assessment, risk
Risk Assessment
The appraisal of the risks facing an entity, asset, system, network, organizational operations, individuals, geographic area, other organizations, or society, and includes determining the extent to which adverse circumstances or events could result in harmful consequences.
Related Term(s): risk analysis, risk
Risk Management
The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.
Includes: 1) conducting a risk assessment; 2) implementing strategies to mitigate risks; 3) continuous monitoring of risk over time; and 4) documenting the overall risk management program.
Related Term(s): enterprise risk management, integrated risk management, risk
Ryuk Ransomware
Ryuk is one of the first ransomware families to have the ability to identify and encrypt network drives and resources and delete shadow copies on the victim endpoint.
S
SecOps (Security Operations)
What is SecOps? SecOps(Security Operations) is what is made when a cohesive IT security front is created. But what are the benefits & goals of SecOps?
Secret Key
A cryptographic key is used for both encryption and decryption, enabling the operation of a symmetric key cryptography scheme.
Related Term(s): symmetric key
Security Automation
The use of information technology in place of manual processes for cyber incident response and management.
Security Policy
A rule or set of rules that govern the acceptable use of an organization’s information and services to a level of acceptable risk and the means for protecting the organization’s information assets.
Situational Awareness
In cybersecurity, comprehending the current status and security posture with respect to availability, confidentiality, and integrity of networks, systems, users, and data, as well as projecting future states of these.
Software Assurance
The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle and that the software functions in the intended manner.
Spam
The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.
Spear Phishing
Spear phishing is a more sophisticated, coordinated form of phishing. It’s called spear phishing because it uses familiar, personalized information to infiltrate a business through one person.
S
Spoofing
The deliberate inducement of a user or resource to take incorrect action. Note: Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing.
Spyware
Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.
Related Term(s): keylogger
Supervisory Control and Data Acquisition
A generic name for a computerized system that is capable of gathering and processing data and applying operational controls to geographically dispersed assets over long distances.
Related Term(s): Industrial Control System
Supply Chain
A system of organizations, people, activities, information, and resources, for creating and moving products including product components and/or services from suppliers through to their customers.
Related Term(s): supply chain risk management
Supply Chain Risk Management
The process of identifying, analyzing, and assessing supply chain risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.
Related Term(s): supply chain
Symmetric Cryptography
A branch of cryptography in which a cryptographic system or algorithms use the same secret key (a shared secret key).
Systems Development
In the NICE Framework, cybersecurity work where a person: Works on the development phases of the systems development lifecycle.
Systems Requirements Planning
In the NICE Framework, cybersecurity work where a person: Consults with customers to gather and evaluate functional requirements and translates these requirements into technical solutions; provides guidance to customers about the applicability of information systems to meet business needs.
T
Threat
A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society.
Threat Actor
An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.
Related Term(s): adversary, attacker
Threat Analysis
In the NICE Framework, cybersecurity work where a person: Identifies and assesses the capabilities and activities of cyber criminals or foreign intelligence entities; and produces findings to help initialize or support law enforcement and counterintelligence investigations or activities.
Threat Assessment
The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations, and/or property.
Related Term(s): threat analysis
Threat Hunting
Curious about threat hunting? Is your security team actively searching for malicious actors & hidden threats on your network?
Trojan Horse
A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.
V
Virus
A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer.
Related Term(s): macro virus
Vulnerability
Characteristic of location or security posture or of design, security procedures, internal controls, or the implementation of any of these that permit a threat or hazard to occur. Vulnerability (expressing degree of vulnerability): qualitative or quantitative expression of the level of susceptibility to harm when a threat or hazard is realized.
Related Term(s): weakness
Vulnerability Assessment and Management
In the NICE Framework, cybersecurity work where a person: Conducts assessments of threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.W
Weakness
A shortcoming or imperfection in software code, design, architecture, or deployment that, under proper conditions, could become a vulnerability or contribute to the introduction of vulnerabilities.
Related Term(s): vulnerability
White Team
A group is responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of information systems.
Related Term(s): Blue Team, Red Team
Whitelist
A list of entities that are considered trustworthy and are granted access or privileges.
Related Term(s): blacklist
Windows PowerShell
How can PowerShell impact your business’s valuable assets? Learn the basics of PowerShell, why it’s attractive to hackers & how to protect the enterprise.
Worm
A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.
X
XDR
Protecting the organization across multiple layers requires an XDR platform, but what is XDR exactly? And what should you look for when choosing a solution?
Z
Zero Trust Architecture
Zero trust is a design approach that ensures that security is prioritized over any form of trust gained by users.
Zero-Day
Zero Days (0-Days) occur more than you think. Read how threat actors exploit vulnerabilities to perform Zero Day attacks & how to defend against them.