The ability and means to communicate with or otherwise interact with a system, to use system resources to handle information, to gain knowledge of the information the system contains, or to control system components and functions.

Access Control

The process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities.

Related Term(s): access control mechanism

Access Control Mechanism

Security measures are designed to detect and deny unauthorized access and permit authorized access to an information system or a physical facility.

Active Attack

An actual assault perpetrated by an intentional threat source that attempts to alter a system, its resources, its data, or its operations.

Related Term(s): passive attack

Advanced Persistent Threat (APT)

An advanced persistent threat is a cyberattack wherein criminals work together to steal data or infiltrate systems over a longer period of time.

Air Gap

The physical separation or isolation of a system from other systems or networks.


A notification that a specific attack has been detected or directed at an organization’s information systems.

Antispyware Software

A program that specializes in detecting and blocking or removing forms of spyware.

Related Term(s): spyware

Application Whitelisting

Application whitelisting is one form of endpoint security. It’s aimed at preventing malicious programs from running on a network.


Anything useful that contributes to the success of something, such as an organizational mission; assets are things of value or properties to which value can be assigned.

Attack Surface

An information system’s characteristics permit an adversary to probe, attack, or maintain a presence in the information system.


Behavior Monitoring

Observing activities of users, information systems, and processes and measuring the activities against organizational policies and rules, baselines of normal activity, thresholds, and trends.

Synonym(s): behavior monitoring

Blue Team

A group that defends an enterprise’s information systems when mock attackers (i.e., the Red Team) attack, typically as part of an operational exercise conducted according to rules established and monitored by a neutral group (i.e., the White Team).

Related Term(s): Red Team, White Team


A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under remote the command and control of a remote administrator.

Synonym(s): zombie

Related Term(s): botnet


What is a Botnet? Botnets are behind many types of attacks and hacks. Read about some real-life examples of Botnets and learn about how they are executed.

Bulletproof Hosting

Bulletproof hosting services are actively used by platforms such as online casinos, spam distribution sites, and pornographic resources.

Business Email Compromise (BEC)

Business Email Compromises cost companies over $1.7bn last year, far outstripping ransomware.



Data or information in its encrypted form.

Related Term(s): plaintext

Cloud Computing

A model for enabling on-demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Cryptographic Algorithm

A well-defined computational procedure that takes variable inputs, including a cryptographic key, and produces an output.

Related Term(s): key, encryption, decryption, symmetric key, asymmetric key


The art or science concerning the principles means, and methods for converting plaintext into ciphertext and for restoring encrypted ciphertext to plaintext.

Related Term(s): plaintext, ciphertext, encryption, decryption

Cyber Infrastructure

The information and communications systems and services are composed of all hardware and software that process, store, and communicate information, or any combination of all of these elements: Processing includes the creation, access, modification, and destruction of information. Storage includes paper, magnetic, electronic, and all other media types. Communications include the sharing and distribution of information.

Cyber Operations

In the NICE Framework, cybersecurity works where a person: Performs activities to gather evidence on criminal or foreign intelligence entities in order to mitigate possible or real-time threats, protect against espionage or insider threats, foreign sabotage, international terrorist activities, or support other intelligence activities.

Cyber Threat Intelligence

Threat intelligence, or cyber threat intelligence, involves analyzing any and all threats to an organization. The process begins with gathering as much information as possible in order to have the knowledge that allows your organization to prevent or mitigate potential attacks.


Strategy, policy, and standards regarding the security of and operations in cyberspace, and encompass[ing] the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure.


The interdependent network of information technology infrastructures, includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers.


Data Aggregation

The process of gathering and combining data from different sources, so that the combined data reveals new information.

Related Term(s): data mining

Data Breach

The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information.

Related Term(s): data loss, data theft, exfiltration

Data Integrity

The property that data is complete, intact, and trusted and has not been modified or destroyed in an unauthorized or accidental manner.

Related Term(s): integrity, system integrity


The process of converting encrypted data back into its original form, so it can be understood.

Synonym(s): decode, decrypt, decipher


With most of us consuming news from social media, how much of a cybersecurity threat is fake news created by Deepfake content?

Denial of Service (DoS)

An attack that prevents or impairs the authorized use of information system resources or services.

Digital Forensics

In the NICE Framework, cybersecurity works where a person: Collects, processes, preserves, analyzes, and presents computer-related evidence in support of network vulnerability, mitigation, and/or criminal, fraud, counterintelligence, or law enforcement investigations.

Synonym(s): computer forensics, forensics

Digital Signature

A value is computed with a cryptographic process using a private key and then appended to a data object, thereby digitally signing the data.

Related Term(s): electronic signature

Distributed Denial of Service (DDoS)

A denial of service technique that uses numerous systems to perform the attack simultaneously.

Related Term(s): denial of service, botnet

DNS Hijacking

An attacker who gains control over your DNS gains control over your entire domain.

Electronic Signature

Any mark in electronic form associated with an electronic document is applied with the intent to sign the document.

Related Term(s): digital signature


The generic term encompasses encipher and encode.

Synonym(s): encipher, encode


A technique to breach the security of a network or information system in violation of security policy.

Exploitation Analysis

In the NICE Framework, cybersecurity works where a person: Analyzes collected information to identify vulnerabilities and potential for exploitation.


Failure (System Failure)

The inability of a system or component to perform its required functions within specified performance requirements.

Fileless Malware

As the name suggests, this type of malware is a malicious program that uses software already present on a computer in order to infect it. Since it does not rely on using files of its own, it can be notably difficult to prevent and detect. By extension, this also makes it difficult to remove.


A hardware/software device or a software program that limits network traffic according to a set of rules of what access is and is not allowed or authorized.H


An unauthorized user who attempts to or gains access to an information system.


What is hacktivism? Learn about its origins to the present day, its motivations, and why hacktivist groups should still be on your threat assessment radar.

Hash Value

A numeric value results from applying a mathematical algorithm against a set of data such as a file.

Synonym(s): cryptographic hash value

Related Term(s): hashing


Find out what hashing is used for, how it works to transform keys and characters, and how it relates to data structure, cybersecurity, and cryptography.


Identity and Access Management

The methods and processes used to manage subjects and their authentication and authorizations to access specific objects.


An occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences.

Related Term(s): event

Incident Response Plan

A set of predetermined and documented procedures to detect and respond to a cyber incident.


An occurrence or sign that an incident may have occurred or may be in progress.

Related Term(s): precursor

Information Assurance

The measures that protect and defend information and information systems by ensuring their availability, integrity, and confidentiality.

Related Term(s): information security

Information Sharing

An exchange of data, information, and/or knowledge to manage risks or respond to incidents.

Information Technology

Any equipment or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information.

Related Term(s): information and communication(s) technology


Key Pair

Two mathematically related keys have the property that one key can be used to encrypt a message that can only be decrypted using the other key.

Related Term(s): private key, public key

Key Resource

A publicly or privately controlled asset necessary to sustain continuity of government and/or economic operations or an asset that is of great historical significance.

Related Term(s): critical infrastructure


Software or hardware that tracks keystrokes and keyboard events, usually surreptitiously / secretly, to monitor actions by the user of an information system.

Related Term(s): spyware


Macro Virus

A type of malicious code that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute, replicate, and spread or propagate itself.

Related Term(s): virus


Software that compromises the operation of a system by performing an unauthorized function or process.

Synonym(s): malicious code, malicious applet, malicious logic

Malware Analysis

Malware analysis is the process of taking a close look at a suspicious file or URL to detect potential threats. It is one of the first steps to identifying malware before it can infect a system and cause harm to critical assets.


Mimikatz continues to evade many security solutions. See why this successful password and credential-stealing tool continues to be popular among attackers.

Mitigation (Risk Management)

The application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences.

Mobile Malware

Mobile malware is malicious software that targets smartphones, tablets, and other mobile devices with the end goal of gaining access to private data. Although Mobile Malware is not as prolific as its counterpart (malware that attacks traditional workstations) it’s a growing threat for all organizations.


Next-Generation Antivirus (NGAV)

In contrast to legacy antivirus technology, next-generation antivirus (NGAV) advances threat detection by finding all symptoms of malicious behavior rather than focusing on looking only for known malware file attributes.


Open Source Intelligence (OSINT)

What is OSINT? How do hackers gather intel about targets? Just how much can they learn about you?

Operations Technology

The hardware and software systems used to operate industrial control devices.

Related Term(s): Industrial Control System


Passive Attack

An actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations.

Related Term(s): active attack

Password Security

A password is the key to opening the door to an account. Don’t let network integrity fall victim to poor password habits. Improve your password security know-how.


An unauthorized act of bypassing the security mechanisms of a network or information system.

Synonym(s): penetration

Phishing Scams

70% of ransomware attempts come from phishing scams. Learn how to recognize phishing scams and methods to avoid phishing attacks on your enterprise.


An observable occurrence or sign that an attacker may be preparing to cause an incident.

Related Term(s): indicator


Red Team

A group authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s cybersecurity posture.

Related Term(s): Blue Team, White Team

Red Team Exercise

An exercise, reflecting real-world conditions, is conducted as a simulated attempt by an adversary to attack or exploit vulnerabilities in an enterprise’s information systems.

Related Term(s): cyber exercise


Additional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process.


The ability to adapt to changing conditions and prepare for, withstand, and rapidly recover from disruption.


The activities that address the short-term, direct effects of an incident may also support short-term recovery.

Related Term(s): recovery


The potential for an unwanted or adverse outcome resulting from an incident, event, or occurrence, is determined by the likelihood that a particular threat will exploit a particular vulnerability, with the associated consequences.

Risk Analysis

The systematic examination of the components and characteristics of risk.

Related Term(s): risk assessment, risk

Risk Assessment

The appraisal of the risks facing an entity, asset, system, network, organizational operations, individuals, geographic area, other organizations, or society, and includes determining the extent to which adverse circumstances or events could result in harmful consequences.

Related Term(s): risk analysis, risk

Risk Management

The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.

Includes: 1) conducting a risk assessment; 2) implementing strategies to mitigate risks; 3) continuous monitoring of risk over time; and 4) documenting the overall risk management program.

Related Term(s): enterprise risk management, integrated risk management, risk

Ryuk Ransomware

Ryuk is one of the first ransomware families to have the ability to identify and encrypt network drives and resources and delete shadow copies on the victim endpoint.


SecOps (Security Operations)

What is SecOps? SecOps(Security Operations) is what is made when a cohesive IT security front is created. But what are the benefits & goals of SecOps?

Secret Key

A cryptographic key is used for both encryption and decryption, enabling the operation of a symmetric key cryptography scheme.

Related Term(s): symmetric key

Security Automation

The use of information technology in place of manual processes for cyber incident response and management.

Security Policy

A rule or set of rules that govern the acceptable use of an organization’s information and services to a level of acceptable risk and the means for protecting the organization’s information assets.

Situational Awareness

In cybersecurity, comprehending the current status and security posture with respect to availability, confidentiality, and integrity of networks, systems, users, and data, as well as projecting future states of these.

Software Assurance

The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle and that the software functions in the intended manner.


The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.

Spear Phishing

Spear phishing is a more sophisticated, coordinated form of phishing. It’s called spear phishing because it uses familiar, personalized information to infiltrate a business through one person.



The deliberate inducement of a user or resource to take incorrect action. Note: Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing.


Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.

Related Term(s): keylogger

Supervisory Control and Data Acquisition

A generic name for a computerized system that is capable of gathering and processing data and applying operational controls to geographically dispersed assets over long distances.

Related Term(s): Industrial Control System

Supply Chain

A system of organizations, people, activities, information, and resources, for creating and moving products including product components and/or services from suppliers through to their customers.

Related Term(s): supply chain risk management

Supply Chain Risk Management

The process of identifying, analyzing, and assessing supply chain risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.

Related Term(s): supply chain

Symmetric Cryptography

A branch of cryptography in which a cryptographic system or algorithms use the same secret key (a shared secret key).

Systems Development

In the NICE Framework, cybersecurity work where a person: Works on the development phases of the systems development lifecycle.

Systems Requirements Planning

In the NICE Framework, cybersecurity work where a person: Consults with customers to gather and evaluate functional requirements and translates these requirements into technical solutions; provides guidance to customers about the applicability of information systems to meet business needs.



A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society.

Threat Actor

An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.

Related Term(s): adversary, attacker

Threat Analysis

In the NICE Framework, cybersecurity work where a person: Identifies and assesses the capabilities and activities of cyber criminals or foreign intelligence entities; and produces findings to help initialize or support law enforcement and counterintelligence investigations or activities.

Threat Assessment

The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations, and/or property.

Related Term(s): threat analysis

Threat Hunting

Curious about threat hunting? Is your security team actively searching for malicious actors & hidden threats on your network?

Trojan Horse

A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.



A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer.

Related Term(s): macro virus


Characteristic of location or security posture or of design, security procedures, internal controls, or the implementation of any of these that permit a threat or hazard to occur. Vulnerability (expressing degree of vulnerability): qualitative or quantitative expression of the level of susceptibility to harm when a threat or hazard is realized.

Related Term(s): weakness

Vulnerability Assessment and Management

In the NICE Framework, cybersecurity work where a person: Conducts assessments of threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.W


A shortcoming or imperfection in software code, design, architecture, or deployment that, under proper conditions, could become a vulnerability or contribute to the introduction of vulnerabilities.

Related Term(s): vulnerability

White Team

A group is responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of information systems.

Related Term(s): Blue Team, Red Team


A list of entities that are considered trustworthy and are granted access or privileges.

Related Term(s): blacklist

Windows PowerShell

How can PowerShell impact your business’s valuable assets? Learn the basics of PowerShell, why it’s attractive to hackers & how to protect the enterprise.


A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.



Protecting the organization across multiple layers requires an XDR platform, but what is XDR exactly? And what should you look for when choosing a solution?


Zero Trust Architecture

Zero trust is a design approach that ensures that security is prioritized over any form of trust gained by users.


Zero Days (0-Days) occur more than you think. Read how threat actors exploit vulnerabilities to perform Zero Day attacks & how to defend against them.