Glossary

A unique or identifiable pattern that can be used to detect or match previously known attacks.

(Artificial Intelligence as a Service) refers to a cloud-based service that provides outsourced artificial intelligence capabilities.

It is a cybersecurity work where an individual analyzes threat data from various sources, disciplines, and agencies within the Intelligence Community.

The ability and means to interact with a system, which includes communicating with it, using its resources to manage information.

The sequence of actions an adversary undertakes or might undertake to plan, prepare for, and carry out an attack.

Repeated cyber events or behaviors that may suggest an attack is happening or has taken place, leading to a security breach or the possibility of one.

A quality obtained through cryptographic techniques that ensures something is genuine, verifiable, and trustworthy, instilling confidence.

The process of confirming the identity or specific attributes of an entity, such as a user, process, or device.

A pair of related keys—a public key and a private key—that are used to perform complementary operations.

Tools or proxies designed to make internet activities untraceable by masking the user's identity.

Pairs of tokens assigned to users to validate their requests, preventing attackers from making unauthorized requests on behalf of the victim.

A system or application log that records details of user activities within the application or system.

Process of determining if a subject is permitted to have specific types of access to a particular resource by evaluating relevant access control information.

The act of keeping a system physically disconnected or isolated from other systems or networks.

Setting up systems so that individuals and other systems can only perform the functions they are authorized to, and nothing beyond that.

A notification indicating that a particular attack has been identified or targeted at an organization's information systems.

A highly skilled and well-resourced adversary that employs various tactics, including cyber, physical, and deceptive methods.

Software that is able to automatically carry out or trigger actions without the explicit intervention of a user.

An asset is anything beneficial that aids in achieving success, such as an organizational mission; assets are valuable items or properties.

The individual or entity that controls a botnet, remotely directing the activities of the compromised computers within the network.

A collection of principles, practices, and tools aimed at designing, developing, and evolving information systems and...

An attack where unsolicited messages are sent to a Bluetooth-enabled device without the recipient's consent.

An unanticipated and typically minor defect, fault, flaw, or imperfection in an information system or device.

A group responsible for defending an enterprise's information systems during simulated attacks.

The degree to which an individual consistently applies various cybersecurity practices to prevent or mitigate the cyber threats they are exposed to.

A type of testing conducted without any prior knowledge of the internal workings or structure of the target system.

A write-only database distributed across a network of interconnected computers that employs cryptography to create...

A cloud-based service that provides backup and recovery solutions.

A computer connected to the internet that has been secretly compromised with malicious software.

A method used to attempt to discover the password of a specific login account by systematically trying every possible combination or by using...

A hacking method where an attacker gains unauthorized access to a wireless device through a Bluetooth connection.

A secure copy of some or all of a system's content which is stored to ensure that if the system fails or its integrity is compromised.

A method that allows both authorized and unauthorized users to bypass standard security measures and gain elevated access.

A password-hashing function derived from the Blowfish cipher, first introduced at the USENIX conference in 1999.

A technique often used by threat actors where malware periodically connects to an external system or network, effectively bypa...

A hacking technique where more data is inputted into a buffer than it can handle, potentially causing the system to crash or allowing the attacker to...

Potential risks or dangers that can cause significant harm to computer systems, networks, or data.

A smart card issued by the U.S. Department of Defense that serves as a standard identification for active-duty military personnel...

The application of mathematical techniques to deliver security services, including confidentiality, data integrity, entity authentication...

Malicious software that operates on a computer or mobile device, using its resources to mine cryptocurrencies without the user's consent.

A model that provides on-demand network access to a shared pool of configurable computing resources.

The activity, capability, or state dedicated to protecting and defending information and communication systems

The process of collecting, processing, organizing, and analyzing data...

A professional certification that validates an individual's knowledge and skills in securing...

Common Vulnerabilities and Exposures is a catalog of publicly disclosed computer security flaws.

The creation of a fake online identity by a cybercriminal with the intent to deceive, commit fraud, or exploit others.

A characteristic ensuring that information is not disclosed to users, processes, or devices unless they are authorized to access it.

A category of malware specifically created to automate various aspects of cybercrime, such as stealing personal information...

A small piece of data embedded in web pages that allows the owner of the site to track user activity, remember login credentials...

The act of creating a fake online identity by a cybercriminal with the intent to deceive, commit fraud, or exploit others.

The characteristic of data being complete, accurate, and reliable, ensuring that it has not been altered or destroyed in an unauthorized or unintended way.

A collaborative data management practice aimed at enhancing communication, integration, and automation of data flows between data managers and data consumers.

Synthetic media that has been digitally altered to convincingly replace one person's likeness with that of another.

The unauthorized transfer or exposure of sensitive information to an entity, typically outside the organization.

The process of converting encrypted or enciphered text back into its original plain text format using a cryptographic system.

The process of analyzing large volumes of existing data to uncover previously hidden patterns, correlations, or insights.

The process of collecting and merging data from multiple sources to generate new insights or information...

The continually changing characteristics of an information system, adjusted automatically to counteract or impede the actions of potential adversaries.

The practice of using advanced search techniques, often through search engines, to find vulnerabilities in websites or uncover information...

A cyberattack where the attacker overwhelms a target with a flood of internet traffic, disrupting access to online services and websites for legitimate users.

A cybersecurity work that involves developing and managing databases or data management systems to facilitate the storage, querying, and utilization of data.

Cybersecurity roles where an individual is responsible for evaluating training programs within a relevant subject area.

A digital mark associated with an electronic document, used to signify the intent to sign and authenticate the document.

Hidden code within computer software that performs a function not part of its normal operation.

The unauthorized transfer of information from an information system.

An Internet site designed for partner or customer organizations to connect to your systems to access information and other materials.

Protection of information from unauthorized interception during its transmission or emission.

To transform plaintext into ciphertext using a cryptographic system.

An observable occurrence in an information system or network.

The process of converting plaintext into ciphertext to protect data.

A holistic approach to managing risks that involves engaging people, processes, and systems throughout an organization to enhance decision-making...

The European Union Agency for Cybersecurity

The condition of being unprotected, thereby allowing access to information or capabilities that an attacker can use to enter a system or network.

The foundational software embedded in a computer or network device that controls its essential functions.

A hardware or software tool designed to control and restrict network traffic between different networks based on pre-defined security rules.

An ethical hacking technique used to gather comprehensive information about a computer system, network, or infrastructure to find potential vulnerabilities.

Digital forensics, a field involving the investigation of digital data to identify, analyze, and preserve evidence for legal purposes.

A situation where a security system raises an alarm for a threat that doesn't actually exist.

A defect in a computer or network system that results from human mistakes during development or operation.

A cloud computing service that enables customers to run code in response to specific events, without the need to manage the underlying infrastructure.

A software testing technique that automatically inputs incorrect or unexpected data into a system to identify bugs or security weaknesses.

The process of testing a system, especially its security features, in conditions that closely mimic real-world scenarios to ensure it operates as expected.

Failover is the transition from an active system to a backup system in a High Availability configuration, ensuring continuity of service.

Spreading critical components or infrastructure across different geographic areas to ensure operational continuity in case...

A security model that applies varying levels of protection depending on the sensitivity

The practice of creating virtual boundaries that trigger alerts or actions when an internet-connected device.

A method used to identify the physical location of a web user by analyzing their IP address.

The standard language used for creating and structuring content on web pages.

An event where individuals from different fields and skill levels, from enthusiasts to professionals, come together to solve specific problems collaboratively.

The act of hacking driven by a political, social, or ideological cause rather than personal benefit.

Fake, enticing data set up to attract cybercriminals, helping to detect and track unauthorized access attempts.

A system setup involving multiple components so that if one fails, another automatically takes over to ensure continuous service.

Refers to the collective skills, knowledge, and experience possessed by employees in an organization.

A person who gains or attempts to gain unauthorized access to an information system.

Setting up a network with intentional weaknesses to lure and study hackers by hosting it on a decoy server.

The process of running data through a mathematical algorithm to generate a fixed-length numeric output.

A security tool designed to detect, deflect, or counter unauthorized access attempts.

A numerical result obtained by applying a mathematical algorithm to a set of data, like a file, often used for verification purposes.

The process of enhancing the security of a computer system, often a server, by adjusting its configuration.

A cybersecurity technique where a decoy system is set up to detect or deflect unauthorized access by appearing attractive to attackers.

A source of danger or harm, whether natural or man-made, that can pose risks to individuals or systems.

A set of methods and processes that control and verify user identities and their permissions to access specific resources.

A man-made risk that exploits vulnerabilities in the supply chain of information and communications technology (ICT) systems, including procurement processes.

Any technology, equipment, or interconnected system used to process, transmit, or receive information or data.

The ability of an information system to continue functioning during adverse conditions and recover quickly when failures occur.

An event that could or does cause negative effects on an information system, such as a breach or policy violation, requiring a response to mitigate its impact.

A targeted phishing attack where an attacker pretends to be someone else or another entity to steal sensitive information.

A coordinated approach that allows an organization to share and manage risk information across different areas, unifying efforts to mitigate risks.

A system used to manage and control industrial processes like manufacturing, production, and infrastructure operations.

A software solution that automatically monitors system or network events, analyzes them for potential threats, and tries to prevent any detected incidents.

A personalized plan designed to help employees set career goals and develop their skills for future advancement.

The practice of managing and provisioning an organization’s IT infrastructure through machine-readable configuration files.

A person or group within an organization who poses a risk by violating security policies, often having knowledge or access to exploit vulnerabilities.

The organized process of handling and coordinating activities to manage and mitigate the effects of an event that threatens information systems.

A cloud-based service that provides identity and access management solutions, often delivered by third-party providers.

An unauthorized attempt to bypass a network or system's security measures to gain access.

A method used to disrupt a WiFi network by flooding the airwaves with interference on the same frequency, making the network unusable.

The process by which a Public Key is shared between the sender and recipient to enable secure communication.

Secure repositories that store cryptographic materials, such as certificates and private keys, which are essential for cryptographic protocols like TLS.

A value used in cryptographic algorithms to convert Plain Text into Cipher Text.

A tool that records everything a person types on a device. While some keyloggers have legitimate uses, many are employed for malicious purposes.

Cybersecurity roles where an individual oversees and manages the processes and tools that help.

A method where a cryptographic key is stored with a trusted third party, often to ensure that the key can be recovered if...

A questionable practice where a link is redirected to an intermediary or aggregator site instead of the original source it appears to be pointing to.

The principle of granting an individual only the minimum level of access necessary to perform their authorized tasks.

A design and programming approach that emphasizes secure and verifiable input handling throughout the entire software development process.

A type of encryption where the entire communication path between the sender and receiver is encrypted, protecting the data from interception.

A malicious code inserted into a system that is programmed to execute harmful actions when specific conditions are met, such as a particular date.

A shared, immersive, and continuous 3D virtual environment where people can interact and experience activities.

A field focused on creating and enhancing artificial intelligence algorithms that allow systems to...

A security approach that creates a constantly changing attack surface, making it more difficult for adversaries...

Program code designed to carry out unauthorized actions that negatively affect the confidentiality, integrity, or availability of an information system.

A security process that requires more than one method of verification, often more than just two, to confirm a user's identity before granting access.

A process where both parties involved in a data exchange verify each other’s identity before communication begins.

Malicious software designed to harm, exploit, or otherwise compromise a computer system.

A small application program that is automatically downloaded and executed, performing unauthorized actions on an information system.

A type of malware that attaches itself to documents and uses the macro capabilities of the document’s application to execute and spread.

A cyberattack where harmful code is inserted into legitimate online advertisements, which then spread malware to users.

A system that assigns different access levels to users based on their permissions, allowing each user to access only the information appropriate to their role.

A security approach in which both parties in a data exchange do not trust one another, so each requires the other to authenticate before proceeding.

The ability of a network to continue functioning despite failures or attacks, often achieved through redundancy and high availability measures.

The various services provided by a network, including functions such as data sharing, file transfers, email...

A security principle where users are granted access only to the information and systems necessary for them to perform their job.

Network Intrusion Detection System (NIDS): A system that monitors network traffic for suspicious activity and potential threats.

A security measure where a device is blocked from accessing a network until it proves its identity and shows that...

An XML-based format that allows the description of technical characteristics used to identify known threats or evidence of compromise.

An attack where a hacker exploits a program's memory buffer, causing it to overflow and potentially execute malicious code.

An external individual or group that poses a potential risk to an organization’s assets, but does not have authorized access.

A passive entity within an information system that contains or receives information, such as a file or database entry.

The practice of contracting external entities to perform tasks or provide services that would otherwise be handled internally...

The hardware and software used to control industrial systems and processes, such as those in manufacturing or infrastructure.

An open authorization framework that allows applications to securely access resources on behalf of a user without exposing their credentials.

A setting on a network card that allows it to accept all network traffic, not just traffic addressed to it, useful for network analysis and diagnostics.

A type of social engineering attack that tricks individuals into revealing sensitive information by pretending to be a legitimate entity.

An observable event or sign that indicates an attacker may be preparing to launch a cyberattack.

A set of rules and standards that define how two systems communicate and interact with each other.

Software that is freely available to the public, with its source code accessible for reuse, modification, or distribution under permissive licensing terms.

A shortened term for penetration testing, which involves evaluating a system’s security by simulating an attack.

A cloud computing model in which a third-party provider delivers hardware and software tools over the internet,

A malicious technique where an attacker takes control of a proxy server to intercept and manipulate the target’s internet traffic.

A cryptographic key that is widely distributed and used in combination with a private key in asymmetric encryption for secure communication.

A simulated cyber attack performed by security experts to identify and fix vulnerabilities in a system.

The assurance that certain information about an individual is protected and that they have control over how their data is used and shared.

A system that acts as an intermediary between a client and a server, making requests on behalf of the client to provide security...

A software update or change, often used to fix bugs or vulnerabilities in an operating system or application,

An attack in which an intruder attempts to gather or exploit information from a system without altering the system or its data.

An unauthorized access or breach into a system, often synonymous with intrusion.

Information that is not encrypted and can be easily read by humans or systems.

An algorithm that generates numbers that appear random, using unpredictable elements from the host computer,

A social engineering attack where the attacker offers something in exchange for information or access.

A list or catalogue of qualifications that are provided, recognized, or endorsed by an organization.

A structured system that defines qualifications and the learning outcomes associated with them,

A secure location where anti-malware software moves infected files to prevent them from causing harm, allowing for further inspection or removal.

The remaining risk after all mitigation measures have been implemented to address an identified security risk.

The capacity to adjust to disruptions, withstand adverse conditions, and recover quickly from challenges or failures.

Backup systems, processes, or resources put in place to maintain functionality in case of a failure or loss of the primary system or component.

The act of taking over the account or control of someone who hosts a software repository, often for malicious purposes.

The immediate actions taken to address the direct effects of an incident, which may also aid in short-term recovery.

Malicious software that locks or encrypts files on a victim's device, demanding payment for their release.

A type of cyberattack where the attacker records network traffic and then retransmits it, possibly with modifications.

A group authorized to simulate a potential attacker’s strategies and tactics in order to test and improve an organization’s cybersecurity defenses.

A set of software tools installed with high-level access on a system, often by an attacker,

An operating system designed to guarantee that real-time applications meet specific deadlines, ensuring tasks are completed within set timeframes.

The process of isolating a program or application in a secure environment where it can be tested without affecting production systems.

Manipulating individuals into divulging confidential information or performing actions that compromise security.

Another term for a data spill or data breach, where sensitive information is accidentally or maliciously exposed.

A cryptographic key used for both encryption and decryption in symmetric encryption schemes, where the same key is shared between parties.

A type of attack where the sender fakes the origin of a communication to trick users or systems into taking incorrect actions.

A type of cyberattack that scares users into visiting malicious websites or downloading harmful software by displaying alarming messages.

The process of removing sensitive information or changing real data so it can no longer be recognized or traced back to the original source.

A form of phishing where attackers send fraudulent text messages pretending to be from legitimate companies to trick individuals.

The practice of sending unsolicited bulk messages over electronic messaging systems, often for advertising or malicious purposes.

A random value added to a cryptographic algorithm to enhance its strength and improve the randomness of the output.

A risky configuration where a computer is connected to both the internet and a company’s network via VPN,

The process of gathering information about a target's activities and credentials by monitoring their actions, often used by hackers for cyberattacks.

A methodology that integrates IT security and operations teams to improve collaboration, communication, and overall security management.

The practice of hiding secret messages or data within an ordinary file, such as a photo, to prevent detection.

Malicious software secretly installed on a system to collect information about the user without their knowledge.

The replacement of manual processes with automated tools and systems to manage and respond to cyber incidents more efficiently.

A discussion-based training session where personnel gather to go over a scenario and evaluate the effectiveness of plans...

A security method that requires users to verify their identity using two forms of authentication,

Any event, circumstance, or entity that has the potential to exploit vulnerabilities and negatively affect organizational operations, assets, or individuals.

In access control, a piece of data that verifies the identity of a client or service and includes a session key...

A malicious program that appears to perform a legitimate function but contains hidden harmful components designed to evade security.

The full range of possible cybersecurity threats that an organization or individual may face.

A type of malware disguised as a legitimate file or application to trick users into executing it, ultimately allowing malicious activity on their system.

A secure cyberspace environment that adapts its security measures based on the user’s context and threat conditions,

A broad term that refers to any malicious software designed to disrupt or compromise the functionality of computers and devices.

A form of cybersquatting where attackers register domain names similar to popular websites, hoping users...

A technique used by attackers to alter the timestamps of files and directories to conceal their actions or hinder digital forensics investigations.

A physical security breach where an unauthorized person follows an authorized person into a restricted area.

A system of classifications using four colors (RED, AMBER, GREEN, WHITE) to control the sharing of sensitive information with appropriate audiences.

The process of enhancing an individual’s abilities by providing them with additional training and education to gain more advanced skills.

Access to a system or data that goes against the security policy in place, often without permission or proper authorization.

Creating a fake interface to trick users into entering sensitive information.

The web address or link that specifies the location of a resource on the internet, such as a webpage or file.

The process of checking and verifying user input data before it is used in a program, ensuring...

A type of phishing attack conducted over the phone to trick people into revealing personal information.

A type of malware that attaches itself to a host file or the Master Boot Record (MBR) and spreads when the infected file is accessed.

A wireless technology that enables devices to connect to a network using radio waves instead of physical cables, based on the IEEE 802.11 standards.

A testing method where the internal workings of a system are known and used to evaluate its security or performance.

The process in which an attacker creates or modifies malware to exploit a specific vulnerability in a target system.

A technique where attackers search for vulnerable wireless networks by driving around an area, using equipment to detect and exploit network weaknesses.

A flaw or imperfection in software, design, architecture, or deployment that could potentially turn into a vulnerability...

A security mechanism that only allows the execution of programs that are pre-approved and listed, preventing unauthorized software from running.

An ethical hacker who uses their skills to find and fix security vulnerabilities.

A simulation technique used to train cyber incident responders by immersing them in a realistic, interactive cyberattack scenario.

A type of malware that spreads by replicating itself and infecting other systems, often causing harm by consuming resources rather than directly damaging files.

A self-replicating malware that spreads through networks, often consuming resources and potentially depositing other types of malicious software.

An organization dedicated to supporting and advancing women in the field of cybersecurity through education, networking, and professional development.

A security standard used to protect XML data by providing authentication and encryption.

A broad term referring to any service delivered over the internet or through cloud computing,

A method of securely erasing data by overwriting it multiple times to ensure the original content cannot be recovered...

A type of cyberattack that exploits a vulnerability unknown to the software or security vendor,

A cyber attack that targets a software vulnerability unknown to the vendor, with no patch available.