Explore Terms: A Glossary of Common Cybersecurity Words and Phrases
The NICCS website is intended to serve public and private sector cybersecurity communities. The language on the NICCS website complements other lexicons such as the IR 7298 Rev. 3, Glossary of Key Information Security Terms.
Letter: A
- access
- Definition: The ability and means to communicate with or otherwise interact with a system, to use system resources to handle information, to gain knowledge of the information the system contains, or to control system components and functions.
- From: CNSSI 4009
- access and identity management
- Synonym(s): identity and access management
- access control
- Definition: The process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities.
- Related Term(s): access control mechanism
- From: CNSSI 4009
- access control mechanism
- Definition: Security measures designed to detect and deny unauthorized access and permit authorized access to an information system or a physical facility.
- From: CNSSI 4009
- active attack
- Definition: An actual assault perpetrated by an intentional threat source that attempts to alter a system, its resources, its data, or its operations.
- Related Term(s): passive attack
- From: IETF RFC 4949, NIST SP 800-63 Rev 1
- active content
- Definition: Software that is able to automatically carry out or trigger actions without the explicit intervention of a user.
- From: CNSSI 4009
- advanced persistent threat
- Definition: An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception).
- From: NIST SP 800-53 Rev 4
- adversary
- Definition: An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.
- Related Term(s): threat agent, attacker
- From: DHS Risk Lexicon
- AIaaS
- Acronym Expansion: Artificial Intelligence as a Service
- Definition: a cloud-based service offering artificial intelligence (AI) outsourcing
- air gap
- Definition: To physically separate or isolate a system from other systems or networks (verb).
- Extended Definition: The physical separation or isolation of a system from other systems or networks (noun).
- alert
- Definition: A notification that a specific attack has been detected or directed at an organization’s information systems.
- From: CNSSI 4009
- all source intelligence
- Definition: In the NICE Framework, cybersecurity work where a person: Analyzes threat information from multiple sources, disciplines, and agencies across the Intelligence Community. Synthesizes and places intelligence information in context; draws insights about the possible implications.
- From: NICE Framework
- allowlist
- Definition: A list of entities that are considered trustworthy and are granted access or privileges.
- Related Term(s): Blocklist
- From: DHS personnel
- AMCIS
- Acronym Expansion: Americas Conference on Information Systems
- analyze
- Definition: A NICE Framework category consisting of specialty areas responsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.
- From: NICE Framework
- anonymizers
- Definition: an anonymous proxy is a tool that attempts to make activity on the Internet untraceable
- anti-CSRF
- Acronym Expansion: Anti - Cross-Site Request Forgery
- Definition: related pairs of tokens given to users to validate their requests and prevent issue requests from attackers via the victim
- Antispoofing
- Definition: a technique for identifying and dropping packets that have a false source address.
- Extended Definition: In a spoofing attack, the source address of an incoming packet is changed to make it appear as if it is coming from a known, trusted source. Spoofed packets are commonly used to carry out denial-of-service (DoS) attacks, exploit network and system vulnerabilities, and gain unauthorized access to corporate networks and data.
- antispyware software
- Definition: A program that specializes in detecting and blocking or removing forms of spyware.
- Related Term(s): spyware
- From: NCSD Glossary
- antivirus software
- Definition: A program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents. Sometimes by removing or neutralizing the malicious code.
- From: NCSD Glossary
- AP
- Acronym Expansion: Advanced Placement
- AppSec
- Definition: the process of finding, fixing, and preventing security vulnerabilities at the application level, as part of the software development processes
- asset
- Definition: A person, structure, facility, information, and records, information technology systems and resources, material, process, relationships, or reputation that has value.
- Extended Definition: Anything useful that contributes to the success of something, such as an organizational mission; assets are things of value or properties to which value can be assigned.
- From: DHS Risk Lexicon
- asymmetric cryptography
- Synonym(s): public key cryptography
- ATE
- Acronym Expansion: Advanced Technological Education
- attack
- Definition: An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity.
- Extended Definition: The intentional act of attempting to bypass one or more security services or controls of an information system.
- Related Term(s): active attack, passive attack
- From: NCSD Glossary. NTSSI 4009 (2000), CNSSI 4009
- attack method
- Definition: The manner or technique and means an adversary may use in an assault on information or an information system.
- From: DHS Risk Lexicon, NCSD Glossary
- attack mode
- Synonym(s): attack method
- attack path
- Definition: The steps that an adversary takes or may take to plan, prepare for, and execute an attack.
- From: DHS Risk Lexicon, NCSD Glossary
- attack pattern
- Definition: Similar cyber events or behaviors that may indicate an attack has occurred or is occurring, resulting in a security violation or a potential security violation.
- Extended Definition: For software, descriptions of common methods for exploiting software systems.
- Related Term(s): attack signature
- From: Oak Ridge National Laboratory Visualization Techniques for Computer Network Defense, MITRE's CAPEC web site
- attack signature
- Definition: A characteristic or distinctive pattern that can be searched for or that can be used in matching to previously identified attacks.
- Extended Definition: An automated set of rules for identifying a potential threat (such as an exploit or the presence of an attacker tool) and possible responses to that threat.
- Related Term(s): attack pattern
- From: NCSD Glossary, CNSSI 4009, ISSG V1.2 Database
- attack surface
- Definition: The set of ways in which an adversary can enter a system and potentially cause damage.
- Extended Definition: An information system's characteristics that permit an adversary to probe, attack, or maintain presence in the information system.
- From: Manadhata, P.K., & Wing, J.M. in Attack Surface Measurement; DHS personnel
- attacker
- Definition: An individual, group, organization, or government that executes an attack.
- Extended Definition: A party acting with malicious intent to compromise an information system.
- Related Term(s): adversary, threat agent
- From: Barnum & Sethi (2006), NIST SP 800-63 Rev 1
- authenticate
- Related Term(s): authentication
- authentication
- Definition: The process of verifying the identity or other attributes of an entity (user, process, or device).
- Extended Definition: Also the process of verifying the source and integrity of data.
- From: CNSSI 4009, NIST SP 800-21, NISTIR 7298
- authenticity
- Definition: A property achieved through cryptographic methods of being genuine and being able to be verified and trusted, resulting in confidence in the validity of a transmission, information or a message, or sender of information or a message.
- Related Term(s): integrity, non-repudiation
- From: CNSSI 4009, NIST SP 800-53 Rev 4
- authorization
- Definition: A process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource.
- Extended Definition: The process or act of granting access privileges or the access privileges as granted.
- From: OASIS SAML Glossary 2.0; Adapted from CNSSI 4009
- availability
- Definition: The property of being accessible and usable upon demand.
- Extended Definition: In cybersecurity, applies to assets such as information or information systems.
- Related Term(s): confidentiality, integrity
- From: CNSSI 4009, NIST SP 800-53 Rev 4, 44 U.S.C., Sec 3542
Letter: B
- BaaS
- Acronym Expansion: Backup as a service
- Backdoor
- Definition: A backdoor refers to any method by which authorized and unauthorized users are able to get around normal security measures and gain high level user access (aka root access) on a computer system, network, or software application
- Backdoored
- Related Term(s): Backdoor
- BCrypt
- Definition: password-hashing function based on the Blowfish cipher and presented at USENIX in 1999
- behavior monitoring
- Synonym(s): behavioral monitoring
- From: DHS personnel
- behaviour
- Definition: the extent to which an individual practices several types of cybersecurity measures to avoid or attenuate the types of cyber threats that they are vulnerable to
- blackbox
- Definition: a form of testing that is performed with no knowledge of a target system's internals
- Related Term(s): Whitebox
- blocklist
- Definition: A list of entities that are blocked or denied privileges or access.
- Related Term(s): Allowlist
- From: DHS personnel
- blue Team
- Definition: A group that defends an enterprise's information systems when mock attackers (i.e., the Red Team) attack, typically as part of an operational exercise conducted according to rules established and monitored by a neutral group (i.e., the White Team).
- Extended Definition: Also, a group that conducts operational vulnerability evaluations and recommends mitigation techniques to customers who need an independent technical review of their cybersecurity posture.
- Related Term(s): Red Team, White Team
- From: CNSSI 4009
- bluejacking
- Definition: an attack in which someone sends unsolicited messages to a Bluetooth-enabled device
- Related Term(s): Bluesnarfing
- bluesnarfing
- Definition: a hacking technique in which a hacker accesses a wireless device through a Bluetooth connection
- Related Term(s): Bluejacking
- bot
- Definition: A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under remote the command and control of a remote administrator.
- Extended Definition: A member of a larger collection of compromised computers known as a botnet.
- Related Term(s): botnet
- Synonym(s): zombie
- bot herder
- Synonym(s): bot master
- bot master
- Definition: The controller of a botnet that, from a remote location, provides direction to the compromised computers in the botnet.
- Synonym(s): bot herder
- botnet
- Definition: A collection of computers compromised by malicious code and controlled across a network.
- bruteforce
- Definition: an attack is a method that uses trial and error to crack passwords, login credentials, and encryption keys
- bug
- Definition: An unexpected and relatively small defect, fault, flaw, or imperfection in an information system or device.
- From: NCSD Glossary
- build security in
- Definition: A set of principles, practices, and tools to design, develop, and evolve information systems and software that enhance resistance to vulnerabilities, flaws, and attacks.
- From: Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program (2011), US-CERT's Build Security In website.
Letter: C
- CaC
- Acronym Expansion: Common Access Card
- CAE
- Acronym Expansion: Centers of Academic Excellence
- capability
- Definition: The means to accomplish a mission, function, or objective.
- Related Term(s): intent
- From: DHS Risk Lexicon
- Catphish
- Definition: the fabrication of a false online identity by a cybercriminal for the purposes of deception, fraud, or exploitation
- CBP
- Acronym Expansion: U.S. Customs and Border Protection
- CCP
- Acronym Expansion: Cyber Competitions Project
- CEO
- Acronym Expansion: Cybersecurity Education Office
- CIA
- Acronym Expansion: Central Intelligence Agency
- CIO
- Acronym Expansion: Chief Information Officer
- CIoTSP
- Acronym Expansion: Certified Internet of Things Security Practitioner
- cipher
- Synonym(s): cryptographic algorithm
- ciphertext
- Definition: Data or information in its encrypted form.
- Related Term(s): plaintext
- From: CNSSI 4009
- CIS
- Acronym Expansion: U.S. Citizenship and Immigration Services
- CISSE
- Acronym Expansion: Colloquium for Information Systems Security Education
- CISSP-ISSAP
- Acronym Expansion: Certified Information Security Systems Professional - Information Systems Security Architecture Professional
- CISSP-ISSMP
- Acronym Expansion: Certified Information Security Systems Professional - Information Security System Management Professional
- Clientside
- Definition: refers to everything in a web application that is displayed or takes place on the client (end user device)
- Extended Definition: This includes what the user sees, such as text, images, and the rest of the UI, along with any actions that an application performs within the user's browser.
- cloud computing
- Definition: A model for enabling on-demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
- From: CNSSI 4009, NIST SP 800-145
- CMaaS
- Acronym Expansion: Continuous Monitoring as a Service
- CMM
- Acronym Expansion: Capability Maturity Model
- CNAP
- Acronym Expansion: Cybersecurity National Action Plan
- CNCI
- Acronym Expansion: Comprehensive National Cybersecurity Initiative
- CNO
- Acronym Expansion: Computer Network Operations
- collect & operate
- Definition: A NICE Framework category consisting of specialty areas responsible for specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence.
- From: NICE Framework
- collection operations
- Definition: In the NICE Framework, cybersecurity work where a person: Executes collection using appropriate strategies and within the priorities established through the collection management process.
- From: NICE Framework
- CompTIA
- Acronym Expansion: Computing Technology Industry Association
- computer forensics
- Synonym(s): digital forensics
- computer network defense
- Definition: The actions taken to defend against unauthorized activity within computer networks.
- From: CNSSI 4009
- computer network defense analysis
- Definition: In the NICE Framework, cybersecurity work where a person: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.
- From: NICE Framework
- computer network defense infrastructure support
- Definition: In the NICE Framework, cybersecurity work where a person: Tests, implements, deploys, maintains, reviews, and administers the infrastructure hardware and software that are required to effectively manage the computer network defense service provider network and resources; monitors network to actively remediate unauthorized activities.
- From: NICE Framework
- computer security incident
- Related Term(s): event
- From: incident
- confidentiality
- Definition: A property that information is not disclosed to users, processes, or devices unless they have been authorized to access the information.
- Extended Definition: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.
- Related Term(s): availability, integrity
- From: CNSSI 4009, NIST SP 800-53 Rev 4, 44 U.S.C., Sec 3542
- consequence
- Definition: The effect of an event, incident, or occurrence.
- Extended Definition: In cybersecurity, the effect of a loss of confidentiality, integrity or availability of information or an information system on an organization's operations, its assets, on individuals, other organizations, or on national interests.
- From: DHS Risk Lexicon, National Infrastructure Protection Plan, NIST SP 800-53 Rev 4
- continuity of operations plan
- Definition: A document that sets forth procedures for the continued performance of core capabilities and critical operations during any disruption or potential disruption.
- Related Term(s): Business Continuity Plan, Disaster Recovery Plan, Contingency Plan
- From: CPG 101, CNSSI 4009
- COP
- Acronym Expansion: Community of Practice
- CounterIntel
- Acronym Expansion: Counter Intelligence
- Definition: monitoring other competitor organizations and nations to gather information
- crimeware
- Definition: a class of malware designed specifically to automate cybercrime
- critical infrastructure
- Definition: The systems and assets, whether physical or virtual, so vital to society that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters.
- Related Term(s): key resource
- From: National Infrastructure Protection Plan
- critical infrastructure and key resources
- Synonym(s): critical infrastructure
- cryptanalysis
- Definition: The operations performed in defeating or circumventing cryptographic protection of information by applying mathematical techniques and without an initial knowledge of the key employed in providing the protection.
- Extended Definition: The study of mathematical techniques for attempting to defeat or circumvent cryptographic techniques and/or information systems security.
- From: CNSSI 4009, NIST SP 800-130
- Crypto-Siphoning
- Acronym Expansion: A type of cyber attach using data from cryptocurrency wallets and messaging apps such as Telegram, Steam, and Discord to gather information and steal cryptocurrency.
- cryptocurrrency
- Definition: a digital currency in which transactions are verified and records maintained by a decentralized system using cryptography, rather than by a centralized authority.
- cryptographic algorithm
- Definition: A well-defined computational procedure that takes variable inputs, including a cryptographic key, and produces an output.
- Related Term(s): key, encryption, decryption, symmetric key, asymmetric key
- From: CNSSI 4009
- cryptography
- Definition: The use of mathematical techniques to provide security services, such as confidentiality, data integrity, entity authentication, and data origin authentication.
- Extended Definition: The art or science concerning the principles, means, and methods for converting plaintext into ciphertext and for restoring encrypted ciphertext to plaintext.
- Related Term(s): plaintext, ciphertext, encryption, decryption
- From: NIST SP 800-130; Adapted from: CNSSI 4009
- Cryptojacking
- Definition: a type of cybercrime that involves the unauthorized use of a target's devices (computers, smartphones, tablets, or even servers) by cybercriminals to mine for cryptocurrency
- cryptology
- Definition: The mathematical science that deals with cryptanalysis and cryptography.
- Related Term(s): cryptanalysis, cryptography
- From: CNSSI 4009
- cryptomalware
- Definition: is malware that encrypts data on the targets device and demands a ransom to restore it
- Cryptominers
- Definition: Cryptomining is an online threat that hides on a computer or mobile device and uses the machine’s resources to “mine” cryptocurrencies.
- Related Term(s): Cryptojacking
- CS
- Acronym Expansion: Computer Science
- CSEC
- Acronym Expansion: Cyber Security Education Consortium
- CSSIA
- Acronym Expansion: Center for Systems Security and Information Assurance
- customer service and technical support
- Definition: In the NICE Framework, cybersecurity work where a person: Addresses problems, installs, configures, troubleshoots, and provides maintenance and training in response to customer requirements or inquiries (e.g., tiered-level customer support).
- From: NICE Framework
- CWI
- Acronym Expansion: Cyber Workforce Initiative
- cyber ecosystem
- Definition: The interconnected information infrastructure of interactions among persons, processes, data, and information and communications technologies, along with the environment and conditions that influence those interactions.
- From: DHS personnel
- cyber exercise
- Definition: A planned event during which an organization simulates a cyber disruption to develop or test capabilities such as preventing, detecting, mitigating, responding to or recovering from the disruption.
- From: NCSD Glossary, DHS Homeland Security Exercise and Evaluation Program
- cyber incident
- Related Term(s): event
- Synonym(s): incident
- cyber incident response plan
- Synonym(s): incident response plan
- cyber infrastructure
- Definition: An electronic information and communications systems and services and the information contained therein.
- Extended Definition: The information and communications systems and services composed of all hardware and software that process, store, and communicate information, or any combination of all of these elements: • Processing includes the creation, access, modification, and destruction of information. • Storage includes paper, magnetic, electronic, and all other media types. • Communications include sharing and distribution of information.
- From: NIPP
- cyber operations
- Definition: In the NICE Framework, cybersecurity work where a person: Performs activities to gather evidence on criminal or foreign intelligence entities in order to mitigate possible or real-time threats, protect against espionage or insider threats, foreign sabotage, international terrorist activities, or to support other intelligence activities.
- From: NICE Framework
- cyber operations planning
- Definition: in the NICE Framework, cybersecurity work where a person: Performs in-depth joint targeting and cyber planning process. Gathers information and develops detailed Operational Plans and Orders supporting requirements. Conducts strategic and operational-level planning across the full range of operations for integrated information and cyberspace operations.
- From: NICE Framework
- cyber threat intelligence (CTI)
- Definition: The collecting, processing, organizing, and analyzing data into actionable information that relates to capabilities, opportunities, actions, and intent of adversaries in the cyber domain to meet a specific requirement determined by and informing decision-makers.
- From: ICD 203, CIA, SANS, Dragos, Carnegie Mellon
- Cyberattack
- Definition: a malicious and deliberate attempt to breach the information system
- cyberespionage
- Definition: or cyber spying, is a type of cyberattack in which an unauthorized user attempts to access sensitive or classified data or intellectual property (IP) for economic gain, competitive advantage or political reasons
- Cybersecuring
- Definition: the process of hardening technologies, processes, and controls to protect systems, networks, programs, devices and data from cyber attacks
- cybersecurity
- Definition: The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation.
- Extended Definition: Strategy, policy, and standards regarding the security of and operations in cyberspace, and encompass[ing] the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure.
- From: CNSSI 4009, NIST SP 800-53 Rev 4, NIPP, DHS National Preparedness Goal; White House Cyberspace Policy Review, May 2009
- Cybersecurity adjacent
- Definition: a number of roles that have cybersecurity responsibilities which typically form only part of their overall responsibilities within an organization.
- cybersecurity-aware
- Definition: knowing what security threats are and acting responsibly to avoid potential risks.
- cyberthreats
- Definition: refers to anything that has the potential to cause serious harm to a computer system
- Extended Definition: A cyberthreat is something that may or may not happen, but has the potential to cause serious damage. Cyberthreats can lead to attacks on computer systems, networks and more.
- cyberwarfare
- Definition: typically defined as a set of actions by a nation or organization to attack countries or institutions' computer network systems with the intention of disrupting, damaging, or destroying infrastructure by computer viruses or denial-of-service attacks
- CyberWarrior
- Definition: an individual who participates in cyberwarfare, motivated either by personal, patriotic, or religious reasons, but not due to professional requirement
Letter: D
- data administration
- Definition: In the NICE Framework, cybersecurity work where a person: Develops and administers databases and/or data management systems that allow for the storage, query, and utilization of data.
- From: NICE Framework
- data aggregation
- Definition: The process of gathering and combining data from different sources, so that the combined data reveals new information.
- Extended Definition: The new information is more sensitive than the individual data elements themselves and the person who aggregates the data was not granted access to the totality of the information.
- Related Term(s): data mining
- From: CNSSI 4009
- data breach
- Definition: The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information.
- Related Term(s): data loss, data theft, exfiltration
- data integrity
- Definition: The property that data is complete, intact, and trusted and has not been modified or destroyed in an unauthorized or accidental manner.
- Related Term(s): integrity, system integrity
- From: CNSSI 4009, NIST SP 800-27
- data leakage
- Synonym(s): data breach
- data loss
- Definition: The result of unintentionally or accidentally deleting data, forgetting where it is stored, or exposure to an unauthorized party.
- Related Term(s): data leakage, data theft
- data loss prevention
- Definition: A set of procedures and mechanisms to stop sensitive data from leaving a security boundary.
- Related Term(s): data loss, data theft, data leak
- From: Liu, S., & Kuhn, R. (2010, March/April). Data loss prevention. IEEE IT Professional, 11(2), pp. 10-13.
- data mining
- Definition: The process or techniques used to analyze large sets of existing information to discover previously unrevealed patterns or correlations.
- Related Term(s): data aggregation
- From: DHS personnel
- data spill
- Synonym(s): data breach
- data theft
- Definition: The deliberate or intentional act of stealing of information.
- Related Term(s): data aggregation, data leakage, data loss
- DataOps
- Definition: a collaborative data management practice focused on improving the communication, integration and automation of data flows between data managers and data consumers across an organization
- DBaaS
- Acronym Expansion: Database as a service
- Definition: a cloud database offering that provides customers with access to a database without having to deploy and manage the underlying infrastructure
- DDoS
- Acronym Expansion: Distributed Denial-of-Service
- Definition: a cybercrime in which the attacker floods a target with internet traffic to prevent users from accessing connected online services and sites
- de-perimeterization
- Definition: an information security strategy to strengthens an organization's security posture by implementing multiple levels of protection, including inherently secure computer systems and protocols, high-level encryption, and authentication
- deauthentication
- Definition: To revoke the authentication of; to cause no longer to be authenticated.
- Extended Definition: A deauthentication attack is a type of Denial of Service (DoS) attack and refers to an unauthorized disruption of the connection between a wireless device and its access point.
- decipher
- Definition: To convert enciphered text to plain text by means of a cryptographic system.
- Synonym(s): decode, decrypt
- From: CNSSI 4009
- decode
- Definition: To convert encoded text to plain text by means of a code.
- Synonym(s): decipher, decrypt
- From: CNSSI 4009
- decrypt
- Definition: A generic term encompassing decode and decipher.
- Synonym(s): decipher, decode
- From: CNSSI 4009
- decryption
- Definition: The process of transforming ciphertext into its original plaintext.
- Extended Definition: The process of converting encrypted data back into its original form, so it can be understood.
- Synonym(s): decode, decrypt, decipher
- From: ICAM SAML 2.0 WB SSO Profile 1.0.2
- Decryptor
- Definition: A tool, or set of tools, used to decrypt encrypted files. Either for recovery or anti-ransomware purposes.
- deepfake
- Definition: synthetic media that have been digitally manipulated to replace one person's likeness convincingly with that of another
- DEF CON
- Acronym Expansion: Defense Readiness Condition
- denial of service
- Definition: An attack that prevents or impairs the authorized use of information system resources or services.
- From: NCSD Glossary
- designed-in security
- Synonym(s): Build Security In
- DevOps
- Definition: the combination of cultural philosophies, practices, and tools that increases an organization's ability to deliver applications and services
- DevSecOps
- Acronym Expansion: development, security, and operations
- Definition: an approach to culture, automation, and platform design that integrates security as a shared responsibility throughout the entire IT lifecycle
- DHS
- Acronym Expansion: Department of Homeland Security
- digital forensics
- Definition: The processes and specialized techniques for gathering, retaining, and analyzing system-related data (digital evidence) for investigative purposes.
- Extended Definition: In the NICE Framework, cybersecurity work where a person: Collects, processes, preserves, analyzes, and presents computer-related evidence in support of network vulnerability, mitigation, and/or criminal, fraud, counterintelligence or law enforcement investigations.
- Synonym(s): computer forensics, forensics
- From: CNSSI 4009; From: NICE Framework
- digital rights management
- Definition: A form of access control technology to protect and manage use of digital content or devices in accordance with the content or device provider's intentions.
- digital signature
- Definition: A value computed with a cryptographic process using a private key and then appended to a data object, thereby digitally signing the data.
- Related Term(s): electronic signature
- From: CNSSI 4009, IETF RFC 2828, ICAM SAML 2.0 WB SSO Profile 1.0.2, InCommon Glossary, NIST SP 800-63 Rev 1
- Disinformationists
- Definition: One who propagates disinformation
- disruption
- Definition: An event which causes unplanned interruption in operations or functions for an unacceptable length of time.
- From: CNSSI 4009
- disruptionware
- Definition: a category of malware designed to suspend operations within a target through the compromise of the availability, integrity, and confidentiality of the systems, networks, and data
- Related Term(s): Threatware
- distributed denial of service
- Definition: A denial of service technique that uses numerous systems to perform the attack simultaneously.
- Related Term(s): denial of service, botnet
- From: CNSSI 4009
- Distros
- Definition: A Linux distribution is an operating system made from a software collection that includes the Linux kernel and often a package management system.
- Related Term(s): Distro
- DNSTwist
- Definition: generates a list of similarly looking domain names for a given domain name and performs DNS queries for them (A, AAAA, NS and MX) which can be used to intercept misdirected traffic.
- DoD
- Acronym Expansion: Department of Defense
- DoED
- Acronym Expansion: Department of Education
- Dorking
- Definition: using search techniques to hack into vulnerable sites or search for information that is not available in public search results
- DoS
- Acronym Expansion: Denial of Service
- Related Term(s): Denial of Service
- DPIA
- Definition: A Data Protection Impact Assessment (DPIA) describes a process designed to identify risks arising out of the processing of personal data and to minimize these risks as far and as early as possible
- Extended Definition: DPIAs are important tools for negating risk, and for demonstrating compliance with the GDPR.
- dynamic attack surface
- Definition: The automated, on-the-fly changes of an information system's characteristics to thwart actions of an adversary.
- From: DHS personnel
Letter: E
- EBK
- Acronym Expansion: Security Essential Body of Knowledge
- eCrime
- Definition: criminal activity that involves the use of computers or networks such as the internet
- education and training
- Definition: In the NICE Framework, cybersecurity work where a person: Conducts training of personnel within pertinent subject domain; develop, plan, coordinate, deliver, and/or evaluate training courses, methods, and techniques as appropriate.
- From: NICE Framework
- EHRI
- Acronym Expansion: Enterprise Human Resources Integration
- electronic signature
- Definition: Any mark in electronic form associated with an electronic document, applied with the intent to sign the document.
- Related Term(s): digital signature
- From: CNSSI 4009
- encipher
- Definition: To convert plaintext to ciphertext by means of a cryptographic system.
- Synonym(s): encode, encrypt
- From: CNSSI 4009
- encode
- Definition: To convert plaintext to ciphertext by means of a code.
- Synonym(s): encipher, encrypt
- From: CNSSI 4009
- encrypt
- Definition: The generic term encompassing encipher and encode.
- Synonym(s): encipher, encode
- From: CNSSI 4009
- encryption
- Definition: The process of transforming plaintext into ciphertext.
- Extended Definition: Converting data into a form that cannot be easily understood by unauthorized people.
- Synonym(s): encode, encrypt, encipher
- From: CNSSI 4009, ICAM SAML 2.0 WB SSO Profile 1.0.2
- ENISA
- Acronym Expansion: The European Union Agency for Cybersecurity
- Extended Definition: Established in 2004 and strengthened by the EU Cybersecurity Act, the European Union Agency for Cybersecurity contributes to EU cyber policy, enhances the trustworthiness of ICT products, services and processes with cybersecurity certification schemes, cooperates with Member States and EU bodies, and helps Europe prepare for the cyber challenges of tomorrow.
- enterprise risk management
- Definition: A comprehensive approach to risk management that engages people, processes, and systems across an organization to improve the quality of decision making for managing risks that may hinder an organization’s ability to achieve its objectives.
- Extended Definition: Involves identifying mission dependencies on enterprise capabilities, identifying and prioritizing risks due to defined threats, implementing countermeasures to provide both a static risk posture and an effective dynamic response to active threats; and assessing enterprise performance against threats and adjusts countermeasures as necessary.
- Related Term(s): risk management, integrated risk management, risk
- From: DHS Risk Lexicon, CNSSI 4009
- EoL
- Acronym Expansion: End of Life
- Definition: that the app has reached the end of its useful life. It may mean that a new version is available that supersedes the existing product or that the product is no longer supported.
- event
- Definition: An observable occurrence in an information system or network.
- Extended Definition: Sometimes provides an indication that an incident is occurring or at least raise the suspicion that an incident may be occurring.
- Related Term(s): incident
- From: CNSSI 4009
- exfiltration
- Definition: The unauthorized transfer of information from an information system.
- Related Term(s): data breach
- From: NIST SP 800-53 Rev 4
- exploit
- Definition: A technique to breach the security of a network or information system in violation of security policy.
- From: ISO/IEC 27039 (draft), DHS personnel
- exploitation analysis
- Definition: In the NICE Framework, cybersecurity work where a person: Analyzes collected information to identify vulnerabilities and potential for exploitation.
- From: NICE Framework
- exposure
- Definition: The condition of being unprotected, thereby allowing access to information or access to capabilities that an attacker can use to enter a system or network.
- From: NCSD glossary
Letter: F
- FaaS
- Acronym Expansion: Function as a Service
- Definition: a cloud-computing service that allows customers to execute code in response to events, without managing the complex infrastructure
- failure
- Definition: The inability of a system or component to perform its required functions within specified performance requirements.
- From: NCSD Glossary
- FAQ
- Acronym Expansion: Frequently Asked Questions
- FedRAMP-compliant
- Acronym Expansion: Federal Risk and Authorization Management Program
- Definition: a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services
- FedVTE
- Acronym Expansion: Federal Virtual Training Environment
- FedVTE Live!
- Acronym Expansion: Federal Virtual Training Environment Live!
- FEMA
- Acronym Expansion: Federal Emergency Management Agency
- firewall
- Definition: A capability to limit network traffic between networks and/or information systems.
- Extended Definition: A hardware/software device or a software program that limits network traffic according to a set of rules of what access is and is not allowed or authorized.
- From: CNSSI 4009
- FISMA
- Acronym Expansion: Federal Information Security Management Act
- FISSEA
- Acronym Expansion: Federal Information Systems Security Educators' Association
- FLETC
- Acronym Expansion: Federal Law Enforcement Training Center
- FOIA
- Acronym Expansion: Freedom of Information Act
- Footprinting
- Definition: an ethical hacking technique used to gather as much data as possible about a specific targeted computer system, an infrastructure and networks to identify opportunities to penetrate them
- forensics
- Synonym(s): digital forensics
- Fuzzer
- Definition: an automated software testing method that injects invalid, malformed, or unexpected inputs into a system to reveal software defects and vulnerabilities
Letter: G
- GAO
- Acronym Expansion: Government Accountability Office
- Geofencing
- Definition: to set up triggers so that when a device such as an internet-connected smartphone enters a defined geographical boundary, the user gets an alert
- GeoIP
- Definition: a technique allowing to locate a web user based on their IP address
- georedundancy
- Definition: the distribution of mission-critical components or infrastructures across multiple geographic locations
- Extended Definition: Geo-redundancy acts as a safety in case of primary site failures or in the event of a disaster or an outage that impacts a region.
- GFIRST
- Acronym Expansion: Government Forum of Incident Response and Security Teams
Letter: H
- hackathon
- Definition: a gathering of individuals from various backgrounds and different stages in their careers (hobbyist to professionals) to solve problems of common interest.
- hacker
- Definition: An unauthorized user who attempts to or gains access to an information system.
- From: CNSSI 4009
- hash value
- Definition: A numeric value resulting from applying a mathematical algorithm against a set of data such as a file.
- Related Term(s): hashing
- Synonym(s): cryptographic hash value
- From: CNSSI 4009
- hashing
- Definition: A process of applying a mathematical algorithm against a set of data to produce a numeric value (a 'hash value') that represents the data.
- Extended Definition: Mapping a bit string of arbitrary length to a fixed length bit string to produce the hash value.
- Related Term(s): hash value
- From: CNSSI 4009, FIPS 201-2
- hazard
- Definition: A natural or man-made source or cause of harm or difficulty.
- Related Term(s): threat
- From: DHS Risk Lexicon
- HC
- Acronym Expansion: Human Capital
- HCAAF
- Acronym Expansion: Human Capital Assessment and Accountability Framework
- HICSS
- Acronym Expansion: Hawaii International Conference on System Sciences
- Honeynetting
- Definition: a network set up with intentional vulnerabilities hosted on a decoy server to attract hackers
- Honeyport
- Definition: a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information
- Related Term(s): Honeypot
- Honeypot
- Definition: a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information
- Related Term(s): Honeyport
- Honeytokens
- Definition: is data that looks attractive to cyber criminals but is actually false or of no value
- Extended Definition: a fake IT resource created and positioned in a system or network to appear to a cyber criminals to be of value, but is actually used to allow tracking and detection of hacking attempts
- Related Term(s): Honeypot
- HQ
- Acronym Expansion: Headquarters
- HR
- Acronym Expansion: Human Resources
- HTML
- Acronym Expansion: HyperText Markup Language
Letter: I
- I-Corps
- Acronym Expansion: Innovation Corps
- IA
- Acronym Expansion: Information Assurance
- IaC
- Acronym Expansion:
- Information Assurance Component
- infrastructure as code
- Definition: The process of managing and provisioning an organization’s IT infrastructure using machine-readable configuration files, rather than employing physical hardware configuration or interactive configuration tools.
- IC
- Acronym Expansion: Intelligence Community
- ICC
- Acronym Expansion: Interagency Coordinating Council
- ICE
- Acronym Expansion: U.S. Immigration and Customs Enforcement
- ICEC
- Acronym Expansion: Integrated Cybersecurity Education Communities
- ICT
- Acronym Expansion: Information and Communication Technology
- ict supply chain threat
- Definition: A man-made threat achieved through exploitation of the information and communications technology (ICT) system’s supply chain, including acquisition processes.
- Related Term(s): supply chain, threat
- From: DHS SCRM PMO
- IDaaS
- Acronym Expansion: identity as a Service
- Definition: a cloud-based identity and access management (IAM) offered by a third-party provider
- identity and access management
- Definition: The methods and processes used to manage subjects and their authentication and authorizations to access specific objects.
- IDP
- Acronym Expansion: Individual Development Plan
- IDPS
- Acronym Expansion: Intrusion Detection and Prevention System
- Definition: Software that automates the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents and attempting to stop detected possible incidents
- IEEE
- Acronym Expansion: Institute of Electrical and Electronics Engineers
- IIoT
- Acronym Expansion: Industrial Internet of Things
- Definition: the collection of sensors, instruments and autonomous devices connected through the internet to industrial applications
- impact
- Synonym(s): consequence
- impersonization
- Definition: An attack type targeted phishing attack where a malicious actor pretends to be someone else or other entities to steal sensitive data
- incident
- Definition: An occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences.
- Extended Definition: An occurrence that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.
- Related Term(s): event
- From: CNSSI 4009, FIPS 200, NIST SP 800-53 Rev 4, ISSG
- incident management
- Definition: The management and coordination of activities associated with an actual or potential occurrence of an event that may result in adverse consequences to information or information systems.
- From: NCSD Glossary, ISSG NCPS Target Architecture Glossary
- incident response
- Definition: The activities that address the short-term, direct effects of an incident and may also support short-term recovery.
- Extended Definition: In the Workforce framework, cybersecurity work where a person: Responds to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats; uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of life, preservation of property, and information security. Investigates and analyzes all relevant response activities.
- Related Term(s): recovery
- Synonym(s): response
- From: Workforce Framework
- incident response plan
- Definition: A set of predetermined and documented procedures to detect and respond to a cyber incident.
- From: CNSSI 4009
- indicator
- Definition: An occurrence or sign that an incident may have occurred or may be in progress.
- Related Term(s): precursor
- From: CNSSI 4009, NIST SP 800-61 Rev 2 (DRAFT), ISSG V1.2 Database
- industrial control system
- Definition: An information system used to control industrial processes such as manufacturing, product handling, production, and distribution or to control infrastructure assets.
- Related Term(s): Supervisory Control and Data Acquisition, Operations Technology
- From: NIST SP 800-53 Rev 4, NIST SP 800-82
- information and communication(s) technology
- Definition: Any information technology, equipment, or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information.
- Related Term(s): information technology
- From: The Access Board's 2011 Advance Notice of Proposed Rulemaking for Section 508
- information assurance
- Definition: The measures that protect and defend information and information systems by ensuring their availability, integrity, and confidentiality.
- Related Term(s): information security
- From: CNSSI 4009
- information assurance compliance
- Definition: In the NICE Framework, cybersecurity work where a person: Oversees, evaluates, and supports the documentation, validation, and accreditation processes necessary to assure that new IT systems meet the organization's information assurance and security requirements; ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.
- From: NICE Framework
- information security policy
- Definition: An aggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information.
- Related Term(s): security policy
- From: CNSSI 4009; NIST SP 800-53 Rev 4
- information sharing
- Definition: An exchange of data, information, and/or knowledge to manage risks or respond to incidents.
- From: NCSD glossary
- information system resilience
- Definition: The ability of an information system to: (1) continue to operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (2) recover effectively in a timely manner.
- Related Term(s): resilience
- From: NIST SP 800-53 Rev 4
- information systems security operations
- Definition: In the NICE Framework, cybersecurity work where a person: Oversees the information assurance program of an information system in or outside the network environment; may include procurement duties (e.g., Information Systems Security Office
- From: NICE Framework
- information technology
- Definition: Any equipment or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information.
- Related Term(s): information and communication(s) technology
- From: CNSSI 4009, NIST SP 800-53 rev. 4, based on 40 U.S.C. sec. 1401
- InfoSec
- Acronym Expansion: Information Security
- Definition: the processes and tools designed and deployed to protect sensitive business information from modification, disruption, destruction, and inspection
- inside( r) threat
- Definition: A person or group of persons within an organization who pose a potential risk through violating security policies.
- Extended Definition: One or more individuals with the access and/or inside knowledge of a company, organization, or enterprise that would allow them to exploit the vulnerabilities of that entity's security, systems, services, products, or facilities with the intent to cause harm.
- Related Term(s): outside( r) threat
- From: CNSSI 4009; From: NIAC Final Report and Recommendations on the Insider Threat to Critical Infrastructure, 2008
- integrated risk management
- Definition: The structured approach that enables an enterprise or organization to share risk information and risk analysis and to synchronize independent yet complementary risk management strategies to unify efforts across the enterprise.
- Related Term(s): risk management, enterprise risk management
- From: DHS Risk Lexicon
- integrity
- Definition: The property whereby information, an information system, or a component of a system has not been modified or destroyed in an unauthorized manner.
- Extended Definition: A state in which information has remained unaltered from the point it was produced by a source, during transmission, storage, and eventual receipt by the destination.
- Related Term(s): availability, confidentiality, data integrity, system integrity
- From: CNSSI 4009, NIST SP 800-53 Rev 4, 44 U.S.C., Sec 3542, SANS; From SAFE-BioPharma Certificate Policy 2.5
- intent
- Definition: A state of mind or desire to achieve an objective.
- Related Term(s): capability
- From: DHS Risk Lexicon
- interoperability
- Definition: The ability of two or more systems or components to exchange information and to use the information that has been exchanged.
- From: IEEE Standard Computer Dictionary, DHS personnel
- intrusion
- Definition: An unauthorized act of bypassing the security mechanisms of a network or information system.
- Synonym(s): penetration
- From: CNSSI 4009
- intrusion detection
- Definition: The process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred.
- From: CNSSI 4009, ISO/IEC 27039 (draft)
- investigate
- Definition: a NICE Framework category consisting of specialty areas responsible for the investigation of cyber events and/or crimes of IT systems, networks, and digital evidence
- From: NICE Framework
- investigation
- Definition: A systematic and formal inquiry into a qualified threat or incident using digital forensics and perhaps other traditional criminal inquiry techniques to determine the events that transpired and to collect evidence.
- Extended Definition: In the NICE Framework, cybersecurity work where a person: Applies tactics, techniques, and procedures for a full range of investigative tools and processes to include but not limited to interview and interrogation techniques, surveillance, counter surveillance, and surveillance detection, and appropriately balances the benefits of prosecution versus intelligence gathering.
- From: ISSG V1.2 Database; Conrad, E., Misenauer, S., & Feldman, J. (2010). CISSP® Study Guide. Burlington, MA: Syngress; From: NICE Workforce Framework
- IoA
- Acronym Expansion: Indicators of Attack
- Definition: a clue that a malicious entity has gained, or is attempting to gain, unauthorised access to the network or assets connected to the network
- IoC
- Acronym Expansion: Indicators of Compromise
- Definition: clues and evidence of a data breach
- IPSec
- Acronym Expansion: Internet Protocol Security
- Definition: a set of communication rules or protocols for setting up secure connections over a network
- Extended Definition: Internet Protocol (IP) is the common standard that determines how data travels over the internet. IPSec adds encryption and authentication to make the protocol more secure.
- ISC²
- Acronym Expansion: International Information Systems Security Certification Consortium
- IT
- Acronym Expansion: Information Technology
- it asset
- Synonym(s): asset
- itSM
- Acronym Expansion: IT service management
- ITWAC
- Acronym Expansion: IT Workforce Assessment for Cybersecurity
Letter: K
- keylogger
- Definition: a tool that record what a person types on a device
- Extended Definition: While there are legitimate and legal uses for keyloggers, many uses for keyloggers are malicious
- Keystores
- Definition: Repositories that contain cryptographic artifacts like certificates and private keys that are used for cryptographic protocols such as TLS
- knowledge management
- Definition: In the NICE Framework, cybersecurity work where a person: Manages and administers processes and tools that enable the organization to identify, document, and access intellectual capital and information content.
- From: NICE Framework
- KSA
- Acronym Expansion: Knowledge, Skills, and Abilities
Letter: L
- LaaS
- Acronym Expansion: Logging as a service
- Definition: an IT architectural model for centrally ingesting and collecting any type of log files coming from any given source or location such as servers, applications, and devices
- LangSec
- Acronym Expansion: Language Security
- Definition: a design and programming philosophy that focuses on formally correct and verifiable input handling throughout all phases of the software development lifecycle
- legal advice and advocacy
- Definition: In the NICE Framework, cybersecurity work where a person: Provides legally sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain; advocates legal and policy changes and makes a case on behalf of client via a wide range of written and oral work products, including legal briefs and proceedings.
- From: NICE Framework
Letter: M
- machine learning and evolution
- Definition: A field concerned with designing and developing artificial intelligence algorithms for automated knowledge discovery and innovation by information systems.
- From: DHS personnel
- macro virus
- Definition: A type of malicious code that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute, replicate, and spread or propagate itself.
- Related Term(s): virus
- From: CNSSI 4009
- malicious applet
- Definition: A small application program that is automatically downloaded and executed and that performs an unauthorized function on an information system.
- Related Term(s): malicious code
- From: CNSSI 4009
- malicious code
- Definition: Program code intended to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system.
- Extended Definition: Includes software, firmware, and scripts.
- Related Term(s): malicious logic
- From: CNSSI 4009. NIST SP 800-53 Rev 4
- malicious logic
- Definition: Hardware, firmware, or software that is intentionally included or inserted in a system to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system.
- Related Term(s): malicious code
- From: CNSSI 4009
- Malvertising
- Definition: a malicious attack that involves injecting harmful code into legitimate online advertising networks
- malware
- Definition: Software that compromises the operation of a system by performing an unauthorized function or process.
- Synonym(s): malicious code, malicious applet, malicious logic
- From: CNSSI 4009, NIST SP 800-83
- MDC3
- Acronym Expansion: MD Cyber Challenge and Conference
- Metaverse
- Definition: A shared, immersive, persistent, 3D virtual space where humans experience life in ways they could not in the physical world
- Related Term(s): virtual reality
- mitigation
- Definition: The application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences.
- Extended Definition: Implementing appropriate risk-reduction controls based on risk management priorities and analysis of alternatives.
- From: DHS Risk Lexicon, CNSSI 4009, NIST SP 800-53 Rev 4
- MitM
- Acronym Expansion: Man in the Middle
- Definition: a man-in-the-middle attack is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating
- moving target defense
- Definition: The presentation of a dynamic attack surface, increasing an adversary's work factor necessary to probe, attack, or maintain presence in a cyber target.
- From: DHS personnel
- MS-ISAC
- Acronym Expansion: Multi-State Information Sharing and Analysis Center
Letter: N
- NAS
- Acronym Expansion: National Academy of Sciences
- NCCoE
- Acronym Expansion: National Cybersecurity Center of Excellence
- Extended Definition: A NIST public-private partnership that enables the creation of practical cybersecurity solutions for specific industries or broad, cross-sector technology challenges
- NCEC
- Acronym Expansion: National Cybersecurity Education Council
- NCS
- Acronym Expansion: National Cryptologic School
- NCSA
- Acronym Expansion: National Cyber Security Alliance
- NCSAM
- Acronym Expansion: National Cyber Security Awareness Month
- NCSD
- Acronym Expansion: National Cyber Security Division
- network resilience
- Definition: The ability of a network to: (1) provide continuous operation (i.e., highly resistant to disruption and able to operate in a degraded mode if damaged); (2) recover effectively if failure does occur; and (3) scale to meet rapid or unpredictable demands.
- From: CNSSI 4009
- network services
- Definition: In the NICE Framework, cybersecurity work where a person: Installs, configures, tests, operates, maintains, and manages networks and their firewalls, including hardware (e.g., hubs, bridges, switches, multiplexers, routers, cables, proxy servers, and protective distributor systems) and software that permit the sharing and transmission of all spectrum transmissions of information to support the security of information and information systems.
- From: NICE Framework
- NewSQL
- Definition: relational database system that bridges the gap between SQL and NoSQL. NewSQL databases aim to scale and stay consistent.
- NICCS
- Acronym Expansion: National Initiative for Cybersecurity Careers and Studies
- NIST
- Acronym Expansion: National Institute of Standards and Technology
- No FEAR
- Acronym Expansion: Notification and Federal Employee Antidiscrimination and Retaliation
- non-repudiation
- Definition: A property achieved through cryptographic methods to protect against an individual or entity falsely denying having performed a particular action related to data.
- Extended Definition: Provides the capability to determine whether a given individual took a particular action such as creating information, sending a message, approving information, and receiving a message.
- Related Term(s): integrity, authenticity
- From: CNSSI 4009; From: NIST SP 800-53 Rev 4
- noob
- Definition: a person who is inexperienced in a particular sphere or activity, especially as related to computing
- NPPD
- Acronym Expansion: National Protection and Programs Directorate
- NRD
- Acronym Expansion: National Resource Directory
- NSA
- Acronym Expansion: National Security Agency
- NSF
- Acronym Expansion: National Science Foundation
- NVD
- Acronym Expansion: National Vulnerability Database
Letter: O
- OAuth
- Acronym Expansion: Open Authorization standard
- Definition: an open-standard authorization protocol or framework that provides applications the ability for secure designated access
- object
- Definition: A passive information system-related entity containing or receiving information.
- Related Term(s): subject, access, access control
- From: CNSSI 4009, NIST SP 800-53 Rev 4
- ODNI
- Acronym Expansion: Office of the Director of National Intelligence
- OffSec
- Acronym Expansion: Offensive Security
- Definition: the proactive approach to securing networks and systems from attacks by actively seeking out vulnerabilities and weaknesses
- OpenIOC
- Acronym Expansion: Open Indicators of Compromise
- Definition: an extensible XML schema that enables you to describe the technical characteristics that identify a known threat, an attacker's methodology, or other evidence of compromise
- operate & maintain
- Definition: A NICE Framework category consisting of specialty areas responsible for providing the support, administration, and maintenance necessary to ensure effective and efficient IT system performance and security.
- From: NICE Framework
- operational exercise
- Definition: An action-based exercise where personnel rehearse reactions to an incident scenario, drawing on their understanding of plans and procedures, roles, and responsibilities.
- Extended Definition: Also referred to as operations-based exercise.
- From: DHS Homeland Security Exercise and Evaluation Program
- operations technology
- Definition: The hardware and software systems used to operate industrial control devices.
- Related Term(s): Industrial Control System
- From: DHS personnel
- OPM
- Acronym Expansion: Office of Personnel Management
- outside( r) threat
- Definition: A person or group of persons external to an organization who are not authorized to access its assets and pose a potential risk to the organization and its assets.
- Related Term(s): inside( r) threat
- From: CNSSI 4009
- Overfitting
- Definition: an undesirable machine learning behavior that occurs when the machine learning model gives accurate predictions for training data but not for new data
- oversight & development
- Definition: A NICE Framework category consisting of specialty areas providing leadership, management, direction, and/or development and advocacy so that all individuals and the organization may effectively conduct cybersecurity work.
- From: NICE Framework
Letter: P
- PaaS
- Acronym Expansion: Platform as a Service
- Definition: a cloud computing model where a third-party provider delivers hardware and software tools to users over the internet
- passive attack
- Definition: An actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations.
- Related Term(s): active attack
- From: IETF RFC 4949, NIST SP 800-63 Rev 1
- password
- Definition: A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization.
- From: FIPS 140-2
- passwordless
- Definition: an authentication method in which a user can log in to a computer system without the entering a password or any other knowledge-based secret
- PCAST
- Acronym Expansion: President’s Council of Advisors on Science and Technology
- pen test
- Definition: A colloquial term for penetration test or penetration testing.
- From: penetration testing
- penetration
- Synonym(s): intrusion
- penetration testing
- Definition: An evaluation methodology whereby assessors search for vulnerabilities and attempt to circumvent the security features of a network and/or information system.
- From: NCSD Glossary, CNSSI 4009, NIST SP 800-53 Rev 4
- Pentester
- Acronym Expansion: Penetration tester
- Definition: An information security expert who performs penetration tests
- personal identifying information / personally identifiable information
- Definition: The information that permits the identity of an individual to be directly or indirectly inferred.
- From: NCSD Glossary, CNSSI 4009, GAO Report 08-356, as cited in NIST SP 800-63 Rev 1
- phishing
- Definition: A digital form of social engineering to deceive individuals into providing sensitive information.
- From: NCSD Glossary, CNSSI 4009, NIST SP 800-63 Rev 1
- PII
- Acronym Expansion: Personally Identifiable Information
- PIV
- Acronym Expansion: Personal Identity Verification
- Definition: an identification card issued by a federal agency that contains a computer chip, which allows it to receive, store, recall, and send information in a secure method
- plaintext
- Definition: Unencrypted information.
- Related Term(s): ciphertext
- From: CNSSI 4009
- precursor
- Definition: An observable occurrence or sign that an attacker may be preparing to cause an incident.
- Related Term(s): indicator
- From: CNSSI 4009, NIST SP 800-61 Rev 2 (DRAFT)
- preparedness
- Definition: The activities to build, sustain, and improve readiness capabilities to prevent, protect against, respond to, and recover from natural or manmade incidents.
- From: NIPP
- privacy
- Definition: The assurance that the confidentiality of, and access to, certain information about an entity is protected.
- Extended Definition: The ability of individuals to understand and exercise control over how information about themselves may be used by others.
- From: NIST SP 800-130; Adapted from: DHS personnel
- private key
- Definition: A cryptographic key that must be kept confidential and is used to enable the operation of an asymmetric (public key) cryptographic algorithm.
- Extended Definition: The secret part of an asymmetric key pair that is uniquely associated with an entity.
- Related Term(s): public key, asymmetric cryptography
- From: CNSSI 4009, NIST SP 800-63 Rev 1, FIPS 201-2, FIPS 140-2, Federal Bridge Certificate Authority Certification Policy 2.25
- protect & defend
- Definition: A NICE Framework category consisting of specialty areas responsible for the identification, analysis, and mitigation of threats to internal IT systems or networks.
- From: NICE Framework
- Proxyjacking
- Definition: a malicious technique where an attacker gains control over a target's proxy server, allowing them to intercept and manipulate the targets internet traffic
- PTaaS
- Acronym Expansion: Pentest as a Service
- Definition: a hybrid solution that combines the breadth of automation with the depth of human assessment, while integrated with advanced vulnerability management and analytics
- public key
- Definition: A cryptographic key that may be widely published and is used to enable the operation of an asymmetric (public key) cryptographic algorithm.
- Extended Definition: The public part of an asymmetric key pair that is uniquely associated with an entity and that may be made public.
- Related Term(s): private key, asymmetric cryptography
- From: CNSSI 4009, NIST SP 800-63 Rev 1, FIPS 201-2, FIPS 140-2, Federal Bridge Certificate Authority Certification Policy 2.25
- public key cryptography
- Definition: A branch of cryptography in which a cryptographic system or algorithms use two uniquely linked keys: a public key and a private key (a key pair).
- Synonym(s): asymmetric cryptography, public key encryption
- From: CNSSI 4009, FIPS 140-2, InCommon Glossary
- public key encryption
- Synonym(s): public key cryptography
- public key infrastructure
- Definition: A framework consisting of standards and services to enable secure, encrypted communication and authentication over potentially insecure networks such as the Internet.
- Extended Definition: A framework and services for generating, producing, distributing, controlling, accounting for, and revoking (destroying) public key certificates.
- From: CNSSI 4009, IETF RFC 2828, Federal Bridge Certificate Authority Cross-certification Methodology 3.0, InCommon Glossary, Kantara Identity Assurance Framework 1100, NIST SP 800-63 Rev 1
Letter: Q
- QnA
- Acronym Expansion: questions and answers
Letter: R
- ransomware
- Definition: a malware designed to deny a user or organization access to files on their computer
- recovery
- Definition: The activities after an incident or event to restore essential services and operations in the short and medium term and fully restore all capabilities in the longer term.
- From: NIPP
- red team
- Definition: A group authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s cybersecurity posture.
- Related Term(s): Blue Team, White Team
- From: CNSSI 4009
- red team exercise
- Definition: An exercise, reflecting real-world conditions, that is conducted as a simulated attempt by an adversary to attack or exploit vulnerabilities in an enterprise's information systems.
- Related Term(s): cyber exercise
- From: NIST SP 800-53 Rev 4
- redundancy
- Definition: Additional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process.
- From: DHS Risk Lexicon
- Remoting
- Definition: A technology that allows a program to interact with the internals of another program running on a different machine
- Repojacking
- Definition: intentionally taking over the account of an owner or maintainer who hosts a repository
- resilience
- Definition: The ability to adapt to changing conditions and prepare for, withstand, and rapidly recover from disruption.
- From: DHS Risk Lexicon
- response
- Definition: The activities that address the short-term, direct effects of an incident and may also support short-term recovery.
- Extended Definition: In cybersecurity, response encompasses both automated and manual activities.
- Related Term(s): recovery
- From: National Infrastructure Protection Plan, NCPS Target Architecture Glossary
- response plan
- Synonym(s): incident response plan
- risk
- Definition: The potential for an unwanted or adverse outcome resulting from an incident, event, or occurrence, as determined by the likelihood that a particular threat will exploit a particular vulnerability, with the associated consequences.
- From: DHS Risk Lexicon, NIPP and adapted from: CNSSI 4009, FIPS 200, NIST SP 800-53 Rev 4, SAFE-BioPharma Certificate Policy 2.5
- risk analysis
- Definition: The systematic examination of the components and characteristics of risk.
- Related Term(s): risk assessment, risk
- From: DHS Risk Lexicon
- risk assessment
- Definition: The product or process which collects information and assigns values to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making.
- Extended Definition: The appraisal of the risks facing an entity, asset, system, or network, organizational operations, individuals, geographic area, other organizations, or society, and includes determining the extent to which adverse circumstances or events could result in harmful consequences.
- Related Term(s): risk analysis, risk
- From: DHS Risk Lexicon, CNSSI 4009, NIST SP 800-53 Rev 4
- risk management
- Definition: The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.
- Extended Definition: Includes: 1) conducting a risk assessment; 2) implementing strategies to mitigate risks; 3) continuous monitoring of risk over time; and 4) documenting the overall risk management program.
- Related Term(s): enterprise risk management, integrated risk management, risk
- From: DHS Risk Lexicon and Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4
- risk mitigation
- Synonym(s): mitigation
- risk-based data management
- Definition: A structured approach to managing risks to data and information by which an organization selects and applies appropriate security controls in compliance with policy and commensurate with the sensitivity and value of the data.
- From: DHS personnel
- rootkit
- Definition: A set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges, and conceal the activities conducted by the tools.
- From: CNSSI 4009
- RTOS
- Definition: A real-time operating system (RTOS) is an OS that guarantees real-time applications a certain capability within a specified deadline.
- Extended Definition: In an RTOS, repeated tasks are performed within a tight time boundary, while in a general-purpose operating system, this is not necessarily so
Letter: S
- SA
- Acronym Expansion: Specialty Area
- SA&A
- Acronym Expansion: Security Assessment and Authorization
- SAC
- Acronym Expansion: Senate Appropriations Committee
- SANS
- Acronym Expansion: System Administration, Networking, and Security Institute
- Scareware
- Definition: a cyberattack tactic that frightens people into visiting spoofed or infected websites or downloading malicious software (malware)
- SECaaS
- Acronym Expansion: Security as a Service
- Definition: a cloud-based method of outsourcing your cybersecurity
- SecDevOps
- Definition: a software development methodology that places security concerns first in planning and development
- SecOps
- Definition: a combination of the terms security and operations, is a methodology that IT managers implement to enhance the connection, collaboration and communication between IT security and IT operations teams
- secret key
- Definition: A cryptographic key that is used for both encryption and decryption, enabling the operation of a symmetric key cryptography scheme.
- Extended Definition: Also, a cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption of plaintext and decryption of ciphertext.
- Related Term(s): symmetric key
- From: CNSSI 4009
- securely provision
- Definition: A NICE Framework category consisting of specialty areas concerned with conceptualizing, designing, and building secure IT systems, with responsibility for some aspect of the systems' development.
- From: NICE Framework
- security automation
- Definition: The use of information technology in place of manual processes for cyber incident response and management.
- From: DHS personnel
- security incident
- Synonym(s): incident
- security policy
- Definition: A rule or set of rules that govern the acceptable use of an organization's information and services to a level of acceptable risk and the means for protecting the organization's information assets.
- Extended Definition: A rule or set of rules applied to an information system to provide security services.
- From: CNSSI 4009, NIST SP 800-53 Rev 4, NIST SP 800-130, OASIS SAML Glossary 2.0
- security program management
- Definition: In the NICE Framework, cybersecurity work where a person: Manages information security (e.g., information security) implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and other resources (e.g., the role of a Chief Information Security Officer).
- From: NICE Framework
- SFS
- Acronym Expansion: Scholarship for Service
- SIEM
- Acronym Expansion: Security information and event management
- Definition: a security solution that helps organizations detect threats before they disrupt business
- signature
- Definition: A recognizable, distinguishing pattern.
- Extended Definition: Types of signatures: attack signature, digital signature, electronic signature.
- From: CNSSI 4009; Adapted from: NIST SP 800-94
- SIGSE
- Acronym Expansion: Special Interest Group on Software Engineering
- situational awareness
- Definition: Comprehending information about the current and developing security posture and risks, based on information gathered, observation and analysis, and knowledge or experience.
- Extended Definition: In cybersecurity, comprehending the current status and security posture with respect to availability, confidentiality, and integrity of networks, systems, users, and data, as well as projecting future states of these.
- From: CNSSI 4009, DHS personnel, National Response Framework
- SlowLoris
- Definition: an attack tool designed to take down a server by flooding it with incomplete HTTP requests, without using much of bandwidth
- SME
- Acronym Expansion: Subject Matter Expert
- smishing
- Definition: the fraudulent practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information
- Extended Definition: Similar to Phishing, and Vishing
- Related Term(s): Phishing
- SO/DEV
- Acronym Expansion: Supervisory Office / NICCS Development Team
- SoC
- Acronym Expansion: Security Operations Center
- Definition: an intelligence hub for the company, gathering data from across the organization's networks, servers, endpoints and other digital assets and using intelligent automation to identify, prioritize and respond to potential cybersecurity threats
- Social Engineering
- Definition: the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes
- SoD
- Acronym Expansion: Segregation of Duties
- Extended Definition: an internal control designed to prevent error and fraud by ensuring that at least two individuals are responsible for the separate parts of any task.
- software assurance
- Definition: The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner.
- From: CNSSI 4009
- software assurance and security engineering
- Definition: In the NICE Framework, cybersecurity work where a person: Develops and writes/codes new (or modifies existing) computer applications, software, or specialized utility programs following software assurance best practices.
- From: NICE Framework
- spam
- Definition: The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.
- From: CNSSI 4009
- Spidering
- Definition: the process where hackers familiarize themselves with their targets in order to obtain credentials based on their activity
- Related Term(s): phishing, smishing, vishing, social engineering
- spillage
- Synonym(s): data spill, data breach
- spoofing
- Definition: Faking the sending address of a transmission to gain illegal [unauthorized] entry into a secure system.
- Extended Definition: The deliberate inducement of a user or resource to take incorrect action. Note: Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing.
- From: CNSSI 4009
- spyware
- Definition: Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.
- Related Term(s): keylogger
- From: CNSSI 4009, NIST SP 800-53 Rev 4
- SRD
- Acronym Expansion: System Reference Document
- STaaS
- Acronym Expansion: Storage as a Service
- Definition: a practice of using public cloud storage resources to store your data
- STEM
- Acronym Expansion: Science, technology, engineering, and mathematics
- strategic planning and policy development
- Definition: In the NICE Framework, cybersecurity work where a person: Applies knowledge of priorities to define an entity.
- From: NICE Framework
- subject
- Definition: An individual, process, or device causing information to flow among objects or a change to the system state.
- Extended Definition: An active entity.
- Related Term(s): object, access, access control
- From: NIST SP 800-53 Rev 4., CNSSI 4009
- supervisory control and data acquisition
- Definition: A generic name for a computerized system that is capable of gathering and processing data and applying operational controls to geographically dispersed assets over long distances.
- Related Term(s): Industrial Control System
- From: NCSD Glossary, CNSSI 4009
- supply chain
- Definition: A system of organizations, people, activities, information and resources, for creating and moving products including product components and/or services from suppliers through to their customers.
- Related Term(s): supply chain risk management
- From: CNSSI 4009, NIST SP 800-53 Rev 4
- supply chain risk management
- Definition: The process of identifying, analyzing, and assessing supply chain risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.
- Related Term(s): supply chain
- From: DHS Risk Lexicon, CNSSD 505
- switchport
- Definition: the physical opening where a data cable can be plugged in
- symmetric cryptography
- Definition: A branch of cryptography in which a cryptographic system or algorithms use the same secret key (a shared secret key).
- From: CNSSI 4009, SANS
- symmetric encryption algorithm
- Synonym(s): symmetric cryptography
- symmetric key
- Definition: A cryptographic key that is used to perform both the cryptographic operation and its inverse, for example to encrypt plaintext and decrypt ciphertext, or create a message authentication code and to verify the code.
- Extended Definition: Also, a cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption of plaintext and decryption of ciphertext.
- Related Term(s): secret key
- From: CNSSI 4009
- SysOp
- Acronym Expansion: System Operator
- Definition: responsible for the upkeep and maintenance of servers, networks, and other IT infrastructure
- Related Term(s): DevOp
- system administration
- Definition: In the NICE Framework, cybersecurity work where a person: Installs, configures, troubleshoots, and maintains server configurations (hardware and software) to ensure their confidentiality, integrity, and availability; also manages accounts, firewalls, and patches; responsible for access control, passwords, and account creation and administration.
- From: NICE Framework
- system integrity
- Definition: The attribute of an information system when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
- Related Term(s): integrity, data integrity
- From: CNSSI 4009
- systems development
- Definition: In the NICE Framework, cybersecurity work where a person: Works on the development phases of the systems development lifecycle.
- From: NICE Framework
- systems requirements planning
- Definition: In the NICE Framework, cybersecurity work where a person: Consults with customers to gather and evaluate functional requirements and translates these requirements into technical solutions; provides guidance to customers about applicability of information systems to meet business needs.
- From: NICE Framework
- systems security analysis
- Definition: In the NICE Framework, cybersecurity work where a person: Conducts the integration/testing, operations, and maintenance of systems security.
- From: NICE Framework
- systems security architecture
- Definition: In the NICE Framework, cybersecurity work where a person: Develops system concepts and works on the capabilities phases of the systems development lifecycle; translates technology and environmental conditions (e.g., law and regulation) into system and security designs and processes.
- From: NICE Framework
Letter: T
- tabletop exercise
- Definition: A discussion-based exercise where personnel meet in a classroom setting or breakout groups and are presented with a scenario to validate the content of plans, procedures, policies, cooperative agreements or other information for managing an incident.
- From: NCSD Glossary, DHS Homeland Security Exercise and Evaluation Program
- tailored trustworthy space
- Definition: A cyberspace environment that provides a user with confidence in its security, using automated mechanisms to ascertain security conditions and adjust the level of security based on the user's context and in the face of an evolving range of threats.
- From: National Science and Technology Council's Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program
- targets
- Definition: In the NICE Framework, cybersecurity work where a person: Applies current knowledge of one or more regions, countries, non-state entities, and/or technologies.
- From: NICE Framework
- technology research and development
- Definition: In the NICE Framework, cybersecurity work where a person: Conducts technology assessment and integration processes; provides and supports a prototype capability and/or evaluates its utility.
- From: NICE Framework
- test and evaluation
- Definition: In the NICE Framework, cybersecurity work where a person: Develops and conducts tests of systems to evaluate compliance with specifications and requirements by applying principles and methods for cost-effective planning, evaluating, verifying, and validating of technical, functional, and performance characteristics (including interoperability) of systems or elements of systems incorporating information technology.
- From: NICE Framework
- threat
- Definition: A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society.
- Extended Definition: Includes an individual or group of individuals, entity such as an organization or a nation), action, or occurrence.
- From: DHS Risk Lexicon, NIPP, CNSSI 4009, NIST SP 800-53 Rev 4
- threat actor
- Synonym(s): threat agent
- threat agent
- Definition: An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.
- Related Term(s): adversary, attacker
- From: DHS Risk Lexicon
- threat analysis
- Definition: The detailed evaluation of the characteristics of individual threats.
- Extended Definition: In the NICE Framework, cybersecurity work where a person: Identifies and assesses the capabilities and activities of cyber criminals or foreign intelligence entities; produces findings to help initialize or support law enforcement and counterintelligence investigations or activities.
- From: DHS personnel; From NICE Framework
- threat assessment
- Definition: The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations, and/or property.
- Related Term(s): threat analysis
- From: DHS Risk Lexicon and adapted from: CNSSI 4009, NIST SP 800-53, Rev 4
- threatscape
- Definition: the spectrum of possible cybersecurity threats
- Threatware
- Definition: a general term encompassing all types of malicious software on computers and electronic devices
- Related Term(s): disruptionware
- ticket
- Definition: In access control, data that authenticates the identity of a client or a service and, together with a temporary encryption key (a session key), forms a credential.
- From: IETF RFC 4120 Kerberos V5, July 2005; Conrad, E., Misenauer, S., & Feldman, J. (2010). CISSP® Study Guide. Burlington, MA: Syngress
- Timestomping
- Definition: a technique used in cybersecurity and digital forensics, where attackers modify the timestamps of files and directories on a computer system to hide their actions or impede investigations
- TMI
- Acronym Expansion: Talent Management Institute
- traffic light protocol
- Definition: A set of designations employing four colors (RED, AMBER, GREEN, and WHITE) used to ensure that sensitive information is shared with the correct audience.
- From: US-CERT
- TRB
- Acronym Expansion: Technical Review Board
- Trojan
- Definition: a type of malware that conceals its true content to fool a user into thinking it's a harmless file
- Related Term(s): Trojan Horse, Trojanize, Trojaning
- trojan horse
- Definition: A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.
- From: CNSSI 4009
- Trojaning
- Related Term(s): Trojan, Trojan Horse
- Trojanize
- Definition: To convert into a Trojan
- From: Trojan horse, Trojan
- TSA
- Acronym Expansion: Transportation and Security Administration
- Typosquatting
- Definition: a form of cybersquatting (sitting on sites under someone else's brand or copyright) that targets Internet users who incorrectly type a website address into their web browser
- Related Term(s): DNS Twist
Letter: U
- unauthorized access
- Definition: Any access that violates the stated security policy.
- From: CNSSI 4009
- UpSkill
- Definition: to provide someone, such as an employee, with more advanced skills through additional education and training
- URL
- Acronym Expansion: Uniform Resource Locator
- US CERT
- Acronym Expansion: United States Computer Emergency Readiness Team
- USCG
- Acronym Expansion: U.S. Coast Guard
- USDA
- Acronym Expansion: Department of Agriculture
- USSS
- Acronym Expansion: U.S. Secret Service
Letter: V
- Virtualization
- Definition: creating virtual representations of servers, storage, networks, and other physical machines
- virus
- Definition: A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer.
- Related Term(s): macro virus
- From: CNSSI 4009
- vishing
- Definition: a hacking technique of defrauding target's over the phone, enticing them to divulge sensitive information
- Related Term(s): Phishing
- VTI
- Acronym Expansion: Virtual Tunnel Interface
- vulnerability
- Definition: A characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard.
- Extended Definition: Characteristic of location or security posture or of design, security procedures, internal controls, or the implementation of any of these that permit a threat or hazard to occur. Vulnerability (expressing degree of vulnerability): qualitative or quantitative expression of the level of susceptibility to harm when a threat or hazard is realized.
- Related Term(s): weakness
- From: DHS Risk Lexicon, CNSSI 4009, NIST SP 800-53 Rev 4
- vulnerability assessment and management
- Definition: In the NICE Framework, cybersecurity work where a person: Conducts assessments of threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.
- From: NICE Framework
Letter: W
- wardriving
- Definition: attackers searching for wireless networks with vulnerabilities while moving around an area in a moving vehicle
- Wargaming
- Definition: an interactive technique that immerses potential cyber incident responders in a simulated cyber scenario
- weakness
- Definition: A shortcoming or imperfection in software code, design, architecture, or deployment that, under proper conditions, could become a vulnerability or contribute to the introduction of vulnerabilities.
- Related Term(s): vulnerability
- From: ITU-T X.1520 CWE, FY 2013 CIO FISMA Reporting Metrics
- Weaponization
- Definition: an attacker creates malware or malicious payloads to use against the target by designing new forms of malware. Modifying existing programs to better match the vulnerabilities they're trying to exploit
- Weaponize
- Definition: to develop an exploit against a vulnerability into an attack tool that can be deployed against a target
- white team
- Definition: A group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of information systems.
- Related Term(s): Blue Team, Red Team
- From: CNSSI 4009
- whitebox
- Definition: a form of testing that is performed with knowledge of a target system's internals
- Related Term(s): Blackbox
- WiCyS
- Acronym Expansion: Women in CyberSecurity
- work factor
- Definition: An estimate of the effort or time needed by a potential adversary, with specified expertise and resources, to overcome a protective measure.
- From: CNSSI 4009
- worm
- Definition: A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.
- From: CNSSI 4009
Letter: X
- XaaS
- Acronym Expansion: Anything as a service
- Definition: a general category of services related to cloud computing and remote access