Cybersecurity Terms and Glossary
Cybersecurity
The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation.
Asset
A person, structure, facility, information, and records, information technology systems and resources, material, process, relationships, or reputation that has value.
Integrity
The property whereby information, an information system, or a component of a system has not been modified or destroyed in an unauthorized manner.
System Integrity
The attribute of an information system when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
Personal Identifying Information / Personally Identifiable Information
The information that permits the identity of an individual to be directly or indirectly inferred.
Privacy
The assurance that the confidentiality of, and access to, certain information about an entity is protected.
Confidentiality
A property that information is not disclosed to users, processes, or devices unless they have been authorized to access the information.
Anonymity
Anonymity is a set of techniques that protect privacy by modifying data (including its elimination). What is sought with this technique is to alter the data in such a way that, even if they are subsequently processed by third parties, the identity or certain sensitive attributes of the persons whose data are being processed cannot be revealed.
Authenticity
A property achieved through cryptographic methods of being genuine and being able to be verified and trusted, resulting in confidence in the validity of a transmission, information or a message, or sender of information or a message.
Authorization
A process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource.
Availability
The property of being accessible and usable upon demand.
Critical Infrastructure
The systems and assets, whether physical or virtual, so vital to society that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters.
Computer Network Defense
The actions taken to defend against unauthorized activity within computer networks.
Exposure
The condition of being unprotected, thereby allowing access to information or access to capabilities that an attacker can use to enter a system or network.
Situational Awareness
Comprehending information about the current and developing security posture and risks, based on information gathered, observation and analysis, and knowledge or experience.
Threat
A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society.
Malicious Insider, Turncloak
Someone who maliciously and intentionally abuses legitimate credentials, typically to steal information for financial or personal incentives. For example, an individual who holds a grudge against a former employer, or an opportunistic employee who sells secret information to a competitor.
Inside/Insider Threat
A person or group of persons within an organization who pose a potential risk through violating security policies.
Outside/Outsider Threat
A person or group of persons external to an organization who are not authorized to access its assets and pose a potential risk to the organization and its assets.
Adversary, Threat Agent, Threat Actor, Attacker
An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.
Threat Analysis
The detailed evaluation of the characteristics of individual threats.
Risk Analysis
The systematic examination of the components and characteristics of risk.
Risk Assessment
The product or process which collects information and assigns values to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making.
Attack
An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity.
Attack Method, Attack Mode
The manner or technique and means an adversary may use in an assault on information or an information system.
Event, Incident, Security Incident, Cyber Incident, Computer Security Incident
An observable occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system/network or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences.
Impact, Consequence
The effect of an event, incident, or occurrence.
Unauthorized Access
Any access that violates the stated security policy.
Intrusion, Penetration
An unauthorized act of bypassing the security mechanisms of a network or information system.
Intrusion Detection
The process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred.
Response, Incident Response
The activities that address the short-term, direct effects of an incident and may also support short-term recovery.
Penetration Testing, Pen Test
An evaluation methodology whereby assessors search for vulnerabilities and attempt to circumvent the security features of a network and/or information system.
Forensics, Computer Forensics, Digital Forensics
The processes and specialized techniques for gathering, retaining, and analyzing system-related data (digital evidence) for investigative purposes.
Firewall
A capability to limit network traffic between networks and/or information systems.
Antispyware Software
A program that specializes in detecting and blocking or removing forms of spyware.
Antivirus Software
A program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents. Sometimes by removing or neutralizing the malicious code.
Honeypot
A honeypot is a cybersecurity mechanism that uses a manufactured attack target to lure cybercriminals away from legitimate targets. They also gather intelligence about the identity, methods and motivations of adversaries.
Hacker
An unauthorized user who attempts to or gains access to an information system.
Hacktivist
In the simplest and broadest sense, a hacktivist is someone who uses technology hacking to effect social change. The conflict now is between those who want to change the meaning of the word to denote immoral, sinister activities and those who want to defend the broader, more inclusive understanding of hacktivist.
Cyber Criminal, Black Hat Hacker
Cybercriminals are individuals or teams of people who use technology to commit malicious activities on digital systems or networks with the intention of stealing sensitive company information or personal data, and generating profit.
Script Kiddie
Script kiddie is a derogative term that computer hackers coined to refer to immature, but often just as dangerous, exploiters of internet security weaknesses. Not all novice hackers are script kiddies.
Nation State
A nation state is a political unit where the state and nation are congruent. It is a more precise concept than "country", since a country does not need to have a predominant ethnic group.
Bot
A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under remote the command and control of a remote administrator.
Botnet
A collection of computers compromised by malicious code and controlled across a network.
Denial of Service (DoS)
An attack that prevents or impairs the authorized use of information system resources or services.
Distributed Denial of Service (DDoS)
A denial of service technique that uses numerous systems to perform the attack simultaneously.
Disruption
An event which causes unplanned interruption in operations or functions for an unacceptable length of time.
Exfiltration
The unauthorized transfer of information from an information system.
Exploit
A technique to breach the security of a network or information system in violation of security policy.
Zero Day Exploit
A zero-day or 0 Day in the cybersecurity biz is a vulnerability in an internet-connected device, network component or piece of software that was essentially just discovered or exposed. The whole idea is that this vulnerability has zero-days of history.
Rootkit
A set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges, and conceal the activities conducted by the tools.
Spam
The abuse of email systems to indiscriminately send unsolicited bulk messages.
Phishing
A digital form of social engineering to deceive individuals into providing sensitive information.
Spoofing
Faking the sending address of a transmission to gain illegal [unauthorized] entry into a secure system.
Social Engineering
The term social engineering refers to methods employed by hackers to gain the trust of an end user so that the hacker can obtain information that can be used to access data or systems.
Malware, Malicious Code
Software that compromises the operation of a system by performing an unauthorized function or process.
Program code intended to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system.
Spyware
Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.
Keylogger
A keylogger is a type of software that records keys as you strike them on your keyboard. Keystroke loggers arrive just as any other malware and are hard to discover if you don't know what to look for. You can get infected by simply visiting a website.
Virus
A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer.
Macro Virus
A type of malicious code that attaches itself to documents and uses the macro programming capabilities of the document's application to execute, replicate, and spread or propagate itself.
Worm
A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.
Trojan Horse
A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.
Ransomware
Ransomware is an emerging form of malware that locks the user out of their files or their device, then demands an anonymous online payment to restore access.
Blue Team
A group that defends an enterprise's information systems when mock attackers (i.e., the Red Team) attack, typically as part of an operational exercise conducted according to rules established and monitored by a neutral group (i.e., the White Team).
Red Team
A group authorized and organized to emulate a potential adversary's attack or exploitation capabilities against an enterprise's cybersecurity posture.
White Team
A group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of information systems.
Cryptanalysis
The operations performed in defeating or circumventing cryptographic protection of information by applying mathematical techniques and without an initial knowledge of the key employed in providing the protection.
Cryptographic Algorithm, Cipher
A well-defined computational procedure that takes variable inputs, including a cryptographic key, and produces an output.
Cryptography
The use of mathematical techniques to provide security services, such as confidentiality, data integrity, entity authentication, and data origin authentication.
Public Key Infrastructure
A framework consisting of standards and services to enable secure, encrypted communication and authentication over potentially insecure networks such as the Internet.
Asymmetric Cryptography, Public Key Cryptography, Public Key Encryption
A branch of cryptography in which a cryptographic system or algorithms use two uniquely linked keys: a public key and a private key (a key pair).
Symmetric Cryptography, Symmetric Encryption Algorithm
A branch of cryptography in which a cryptographic system or algorithms use the same secret key (a shared secret key).
Symmetric Key
A cryptographic key that is used to perform both the cryptographic operation and its inverse, for example to encrypt plaintext and decrypt ciphertext, or create a message authentication code and to verify the code.
Secret Key
A cryptographic key that is used for both encryption and decryption, enabling the operation of a symmetric key cryptography scheme.
Private Key
A cryptographic key that must be kept confidential and is used to enable the operation of an asymmetric (public key) cryptographic algorithm.
Public Key
A cryptographic key that may be widely published and is used to enable the operation of an asymmetric (public key) cryptographic algorithm.
Plaintext, Clear Text
Unencrypted information.
Ciphertext
Data or information in its encrypted form.
Encryption
The process of transforming plaintext into ciphertext.
Decryption
The process of transforming ciphertext into its original plaintext.
Hashing
A process of applying a mathematical algorithm against a set of data to produce a numeric value (a 'hash value') that represents the data.
Hash Value, Cryptographic Hash Value
A numeric value resulting from applying a mathematical algorithm against a set of data such as a file.
Digital Signature
A value computed with a cryptographic process using a private key and then appended to a data object, thereby digitally signing the data.