Cybersecurity Terms and Glossary
The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation.
A person, structure, facility, information, and records, information technology systems and resources, material, process, relationships, or reputation that has value.
The property whereby information, an information system, or a component of a system has not been modified or destroyed in an unauthorized manner.
The attribute of an information system when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
Personal Identifying Information / Personally Identifiable Information
The information that permits the identity of an individual to be directly or indirectly inferred.
The assurance that the confidentiality of, and access to, certain information about an entity is protected.
A property that information is not disclosed to users, processes, or devices unless they have been authorized to access the information.
Anonymity is a set of techniques that protect privacy by modifying data (including its elimination). What is sought with this technique is to alter the data in such a way that, even if they are subsequently processed by third parties, the identity or certain sensitive attributes of the persons whose data are being processed cannot be revealed.
A property achieved through cryptographic methods of being genuine and being able to be verified and trusted, resulting in confidence in the validity of a transmission, information or a message, or sender of information or a message.
A process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource.
The property of being accessible and usable upon demand.
The systems and assets, whether physical or virtual, so vital to society that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters.
Computer Network Defense
The actions taken to defend against unauthorized activity within computer networks.
The condition of being unprotected, thereby allowing access to information or access to capabilities that an attacker can use to enter a system or network.
Comprehending information about the current and developing security posture and risks, based on information gathered, observation and analysis, and knowledge or experience.
A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society.
Malicious Insider, Turncloak
Someone who maliciously and intentionally abuses legitimate credentials, typically to steal information for financial or personal incentives. For example, an individual who holds a grudge against a former employer, or an opportunistic employee who sells secret information to a competitor.
A person or group of persons within an organization who pose a potential risk through violating security policies.
A person or group of persons external to an organization who are not authorized to access its assets and pose a potential risk to the organization and its assets.
Adversary, Threat Agent, Threat Actor, Attacker
An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.
The detailed evaluation of the characteristics of individual threats.
The systematic examination of the components and characteristics of risk.
The product or process which collects information and assigns values to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making.
An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity.
Attack Method, Attack Mode
The manner or technique and means an adversary may use in an assault on information or an information system.
Event, Incident, Security Incident, Cyber Incident, Computer Security Incident
An observable occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system/network or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences.
The effect of an event, incident, or occurrence.
Any access that violates the stated security policy.
An unauthorized act of bypassing the security mechanisms of a network or information system.
The process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred.
Response, Incident Response
The activities that address the short-term, direct effects of an incident and may also support short-term recovery.
Penetration Testing, Pen Test
An evaluation methodology whereby assessors search for vulnerabilities and attempt to circumvent the security features of a network and/or information system.
Forensics, Computer Forensics, Digital Forensics
The processes and specialized techniques for gathering, retaining, and analyzing system-related data (digital evidence) for investigative purposes.
A capability to limit network traffic between networks and/or information systems.
A program that specializes in detecting and blocking or removing forms of spyware.
A program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents. Sometimes by removing or neutralizing the malicious code.
A honeypot is a cybersecurity mechanism that uses a manufactured attack target to lure cybercriminals away from legitimate targets. They also gather intelligence about the identity, methods and motivations of adversaries.
An unauthorized user who attempts to or gains access to an information system.
In the simplest and broadest sense, a hacktivist is someone who uses technology hacking to effect social change. The conflict now is between those who want to change the meaning of the word to denote immoral, sinister activities and those who want to defend the broader, more inclusive understanding of hacktivist.
Cyber Criminal, Black Hat Hacker
Cybercriminals are individuals or teams of people who use technology to commit malicious activities on digital systems or networks with the intention of stealing sensitive company information or personal data, and generating profit.
Script kiddie is a derogative term that computer hackers coined to refer to immature, but often just as dangerous, exploiters of internet security weaknesses. Not all novice hackers are script kiddies.
A nation state is a political unit where the state and nation are congruent. It is a more precise concept than "country", since a country does not need to have a predominant ethnic group.
A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under remote the command and control of a remote administrator.
A collection of computers compromised by malicious code and controlled across a network.
Denial of Service (DoS)
An attack that prevents or impairs the authorized use of information system resources or services.
Distributed Denial of Service (DDoS)
A denial of service technique that uses numerous systems to perform the attack simultaneously.
An event which causes unplanned interruption in operations or functions for an unacceptable length of time.
The unauthorized transfer of information from an information system.
A technique to breach the security of a network or information system in violation of security policy.
Zero Day Exploit
A zero-day or 0 Day in the cybersecurity biz is a vulnerability in an internet-connected device, network component or piece of software that was essentially just discovered or exposed. The whole idea is that this vulnerability has zero-days of history.
A set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges, and conceal the activities conducted by the tools.
The abuse of email systems to indiscriminately send unsolicited bulk messages.
A digital form of social engineering to deceive individuals into providing sensitive information.
Faking the sending address of a transmission to gain illegal [unauthorized] entry into a secure system.
The term social engineering refers to methods employed by hackers to gain the trust of an end user so that the hacker can obtain information that can be used to access data or systems.
Malware, Malicious Code
Software that compromises the operation of a system by performing an unauthorized function or process.
Program code intended to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system.
Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.
A keylogger is a type of software that records keys as you strike them on your keyboard. Keystroke loggers arrive just as any other malware and are hard to discover if you don't know what to look for. You can get infected by simply visiting a website.
A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer.
A type of malicious code that attaches itself to documents and uses the macro programming capabilities of the document's application to execute, replicate, and spread or propagate itself.
A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.
A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.
Ransomware is an emerging form of malware that locks the user out of their files or their device, then demands an anonymous online payment to restore access.
A group that defends an enterprise's information systems when mock attackers (i.e., the Red Team) attack, typically as part of an operational exercise conducted according to rules established and monitored by a neutral group (i.e., the White Team).
A group authorized and organized to emulate a potential adversary's attack or exploitation capabilities against an enterprise's cybersecurity posture.
A group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of information systems.
The operations performed in defeating or circumventing cryptographic protection of information by applying mathematical techniques and without an initial knowledge of the key employed in providing the protection.
Cryptographic Algorithm, Cipher
A well-defined computational procedure that takes variable inputs, including a cryptographic key, and produces an output.
The use of mathematical techniques to provide security services, such as confidentiality, data integrity, entity authentication, and data origin authentication.
Public Key Infrastructure
A framework consisting of standards and services to enable secure, encrypted communication and authentication over potentially insecure networks such as the Internet.
Asymmetric Cryptography, Public Key Cryptography, Public Key Encryption
A branch of cryptography in which a cryptographic system or algorithms use two uniquely linked keys: a public key and a private key (a key pair).
Symmetric Cryptography, Symmetric Encryption Algorithm
A branch of cryptography in which a cryptographic system or algorithms use the same secret key (a shared secret key).
A cryptographic key that is used to perform both the cryptographic operation and its inverse, for example to encrypt plaintext and decrypt ciphertext, or create a message authentication code and to verify the code.
A cryptographic key that is used for both encryption and decryption, enabling the operation of a symmetric key cryptography scheme.
A cryptographic key that must be kept confidential and is used to enable the operation of an asymmetric (public key) cryptographic algorithm.
A cryptographic key that may be widely published and is used to enable the operation of an asymmetric (public key) cryptographic algorithm.
Plaintext, Clear Text
Data or information in its encrypted form.
The process of transforming plaintext into ciphertext.
The process of transforming ciphertext into its original plaintext.
A process of applying a mathematical algorithm against a set of data to produce a numeric value (a 'hash value') that represents the data.
Hash Value, Cryptographic Hash Value
A numeric value resulting from applying a mathematical algorithm against a set of data such as a file.
A value computed with a cryptographic process using a private key and then appended to a data object, thereby digitally signing the data.