Add-on Software (Adware)
Software which automatically plays, displays, or downloads advertising material onto your
computer once the application has been installed or is in use.
Authentication
The act of confirming the identity of a user and/or verifying that a program, e-mail, electronic
signature, etc. is from a trusted source.
Bandwidth
The capacity of a communication channel to pass data throughout the channel in a given
amount of time, expressed in bits per second (bps).
Backdoor
Gaining unauthorized access to a program, online service or an entire computer system
without detection or documentation.
Business Systems
Mission essential systems that are used to manage or support common business processes
such as Enterprise Resource Planning, E-commerce, and E-mail systems.
Control Systems
Cyber systems used to monitor and control sensitive processes and physical functions
including SCADA (see below for definition), Process Control Systems (HVAC), and
Distributed Control Systems (Environmental Control Systems).
Cookie
Data exchanged between an HTTP server and a web browser (i.e. Internet Explorer or
Firefox) to store state information on the client side and retrieve it later for server use.
Cyber Crime
Criminal activities that use computers and/or networks.
Cyber Infrastructure
Physical assets and virtual systems and networks that enable key capabilities and services.
Cyber Security
Protection of information from theft or corruption, or the preservation of availability, whole
allowing the information and property to remain accessible and productive to its intended
users.
Cyberspace
An environment in which digitized information is distributed on networks of computers.
Data Driven Attack
A form of attack that is encoded in seemingly innocuous data, which is executed by a user
or a process to implement an attack. This is a concern for those depending solely on
firewalls because the attack is able to penetrate the firewall in data form and then launch a
system attack.
DDoS
Distributed Denial of Service; Flooding the networks or servers of individuals or
organizations with false data requests so they are unable to respond to requests from
legitimate users.
Dictionary Attacks
An attack that uses a brute-force technique of successively trying all the words in some
large, exhaustive list.
Domain
A sphere of knowledge, or a collection of facts about some program entities or a number of
network points or addresses, identified by a name. On the Internet, a domain consists of a
set of network addresses. In the Internet’s domain name system, a domain is a name with
which name server records are associated that describe sub-domains or host. In Windows
NT and Windows 2000, a domain is a set of network resources (applications, printers, and
so forth) for a group of users. The user need only to log in to the domain to gain access to
the resources, which may be located on a number of different servers in the network.
Domain Hijacking
Domain hijacking is an attack by which an attacker takes over a domain by first blocking
access to the domain’s DNS server and then putting his own server up in its place.
Domain Name Systems (DNS)
The way that Internet domain names are located and translated into an Internet Protocol
addresses. A domain name is a meaningful and easy-to-remember “handle” for an Internet
address.
Encryption
A method of protecting information by transforming it into code. Only those who have that
specific code can access the information. There are two types; storage and file. Storage
refers to mobile devices, electronic media, laptops, desktop, servers where sensitive data is
stored and USB drives. File refers to encrypting files and then transferring the encrypted file
by posting to web sites, ftp servers, as e-mail attachments, or on transfer media such as
CD-ROM, DVD-ROM, or USB flash-ROM devices.
Ethernet
A system for connecting a number of computer systems to form a local area network, with
protocols to control the passing of information and to avoid simultaneous transmission by
two or more systems
Fault Line Attacks
Using weaknesses between interfaces of systems to exploit gaps in coverage.
Filter
A filter is used to specify which packets will or will not be used. It can be used in sniffers to
determine which packets get displayed, or by firewalls to determine which packets get
blocked.
Firewall
A firewall is a hardware or software solution to enforce security policies. From a physical
perspective, a firewall is equivalent to a lock on a door. It permits only authorized users
such as those with a key or access card to enter. A firewall has built-in filters that block
unauthorized or potentially dangerous material from entering the system. It also logs
attempted intrusions. They manage the traffic entering and leaving a network by applying
any of four different mechanisms to restrict traffic—packet filtering, circuit-level gateway,
proxy server, and application gateway. The packet filtering allows the firewall to perform
packet inspections to ensure that the data entering your infrastructure is safe. Organizations
can develop business rules to limit what is allowed in or out. Firewalls are best utilized
either at the perimeter of the network or between the network and infrastructure and the
Internet.
Gateway
A network point that acts as an entrance to another network. GCC Government
Coordinating Council
Hacker
A person with special expertise in computer systems and software. There is no illegality
involved with being a hacker; this is the difference between a hacker and a cracker.
Hardening
Hardening is the process of identifying and fixing vulnerabilities on a system. Host Any
computer that has full two-way access to other computers on the Internet. Or a computer
with a web server that serves the pages for one or more Web sites.
Hybrid Encryption
An application of cryptography that combines two or more encryption algorithms, particularly
a combination of symmetric and asymmetric encryption.
Identitity Management
A method of validating a person’s identity when he/she tries to access a network.
Incident Handling Incident Handling is an action plan for dealing with intrusions, cyber-theft, denial of service, fire, floods, and other security-related events. It is comprised of a six step process Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned.
Incident Management
Executing a defensive response when a network’s security is threatened.
Information Technology (IT)
Hardware, software, and IT systems and services, including development, integration,
operations, communications, and security that support cyber infrastructure.
Integrity
Integrity is the need to ensure that information has not been changed accidentally or
deliberately, and that it is accurate and complete. Internet A term to describe connecting
multiple separate networks together.
Internet Protocol (IP)
The method or protocol by which data is sent from one computer to another on the Internet.
Intranet A computer network, especially one based on Internet technology, that an
organization uses for its own internal, and usually private, purposes and that is closed to
outsiders.
Intrusion
Unauthorized act of bypassing the security mechanisms of a system.
Intrusion Detection
A security management system for computers and networks. An IDS gathers and analyzes
information from various areas within a computer or a network to identify possible security
breaches, which include both intrusions (attacks from outside the organization) and misuse
(attacks from within the organization).
IP Address
A computer’s inter-network address that is assigned for use by the Internet Protocol and
other protocols. An IP version 4 address is written as a series of four 8-bit numbers
separated by periods.
IP Spoofing
The technique of supplying a false IP address.
Keylogging
a method of capturing and recording user keystrokes.
List Based Access Control
Associates a list of users and their privileges with each object.
Malware/Malicious Code
Malicious Software designed to infiltrate a computer system without the owner’s informed
consent. Any code that can be used to attack a computer by spreading viruses, crashing networks, gathering intelligence, corrupting data, distributing misinformation and interfering with military or civilian operations including navigation, transportation, logistics, communications and command and control
National Institute of Standards and Technology (NIST) A unit of the US Commerce Department. Formerly known as the National Bureau of Standards, NIST promotes and maintains measurement standards. It also has active programs for encouraging and assisting industry and science to develop and use these standards.
PAP Password Authentication Protocol is a simple, weak authentication mechanism where a user enters the password and it is then sent across the network, usually in the clear Patch An update to a system or software package as a code that is deployed into software in order to fix a bug or vulnerability. A small update released by a software manufacturer to fix bugs in existing programs.
Penetration Gaining unauthorized logical access to sensitive data by circumventing a system’s protections.
Proxy Server A server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service. A proxy server is associated with or part of a gateway server that separates the enterprise network from the outside network and a firewall server that protects the enterprise network from outside intrusion.
Risk Management Identifying vulnerabilities in a network and developing a strategy to protect against an attack.
Role Based Access Control Role based access control assigns users to roles based on their organizational functions and determines authorization based on those roles.
SCC
(1) Secretary’s Command Center; (2) Sector Coordinating Council
Secure Safe from penetration or interception by unauthorized persons
Secure Shell A program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another.
Secure Sockets Layer
A protocol developed by Netscape for transmitting private documents via the Internet. SSL
works by using a public key to encrypt data that’s transferred over the SSL connection.
Security Patch Management
Updating software to reduce the risk of compromise to applications, systems, and
computers as a result of system flaws.
Sensitive
Work, duties, or information of a highly secret or delicate nature, especially within
government
Sensitive Information
Sensitive information, as defined by the federal government, is any unclassified information
that, if compromised, could adversely affect the national interest or conduct of federal
initiatives.
Server
A computer set up to provide information on request via a network.
Session
a virtual connection between two hosts by which network traffic is passed.
Session Hijacking
Take over a session that someone else has established.
Session Key
In the context of symmetric encryption, a key that is temporary or is used for a relatively
short period of time. Usually, a session key is used for a defined period of communication
between two computers, such as for the duration of a single connection or transaction set,
or the key is used in an application that protects relatively large amounts of data and,
therefore, needs to be re-keyed frequently.
System Security Officer (SSO)
A person responsible for enforcement or administration of the security policy that applies to
the system.
Tamper
To deliberately alter a system’s logic, data, or control information to cause the system to
perform unauthorized functions or services. TCP/IP A synonym for “Internet Protocol Suite;”
in which the Transmission Control Protocol and the Internet Protocol are important parts.
TCP/IP is the basic communication language or protocol of the Internet. It can also be used
as a communications protocol in a private network (either an Intranet or an Extranet).
Threat
Any circumstance or event with the potential to adversely impact an information system
through unauthorized access, destruction, disclosure, modification of data, and/or denial of
service.
Threat Model
A threat model is used to describe a given threat and the harm it could to do a system if it
has a vulnerability.
Threat Vector
The method a threat uses to get to the target.
Trojan Horse
A code which masks itself as a useful program and when activated, it performs malicious
activity such as locating protected passwords or damaging data on a computer’s hard disk.
User Contingency Plan User contingency plan is the alternative methods of continuing business operations if IT systems are unavailable.
Virus A hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting -i.e., inserting a copy of itself into and becoming part of -another program. A virus cannot run by itself; it requires that its host program be run to make the virus active.
Vulnerability Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited.
Worm a self-replicating computer program. It uses a network to send copies of itself to other nodes (computer terminals on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.
802.11 is a specification for wireless local area networks (WLANs) developed by the Institute of Electrical and Electronics Engineers (IEEE). There are several 802.11 specifications. These specifications describe how a wireless-enabled computer or device communicates with a base station or wireless access point and with other wireless-enabled computers or devices.
Access point In a wireless local area network (WLAN), an access point is a station that transmits and receives data. An access point connects users to other users within the network and can also connect the WLAN to a wired network.
Ad hoc network A local area network in which computers and network devices are in close proximity to others on the network. These devices are connected temporarily or for specific purposes.
DSL DSL stands for digital subscriber line. This is a dedicated, high-bandwidth telecommunications line provided by a telecommunications or telephone company. DSL lines are capable of providing high-speed internet access, but are only available to subscribers who live within a designated distance of a telephone company central office.
Encryption In internet technology, encryption is the transformation or encoding of information into a
form that can only be understood by someone who has the correct “key” for decoding it.
It is an important tool for securing network traffic.
Hotspot
A hotspot is a wireless network node that provides an internet connection. More and
more hotspots are becoming available in public locations such as airports, coffee shops,
and hotels.
Piggyback Router
Piggybacking refers to illicitly accessing the internet through an unsecured wireless
network. A router is a device that processes traffic entering and exiting a network. It
examines individual bits of network traffic, known as packets, and determines where to
send the packet. Routers can attach to computers on a network (or other routers) using
cables. Wireless routers perform the same job as wired routers, only they convert
network traffic to a radio signal. Routers in a home network are most often connected to
a broadband cable or DSL modem.
VPN
VPN stands for virtual private network. VPNs are a secure way to use the internet as an
extension of a private network. They use encryption and a special internet protocol to
create a “tunnel” through the internet from one point to another. This traffic cannot be
accessed by those unable to connect to the VPN. Businesses frequently use VPNs to
secure private network traffic moving between two geographically distinct offices, or
between remote employees using laptops and the home office.
WEP
WEP stands for wired equivalent privacy, a security protocol designed to provide a
wireless network with a level of security and privacy comparable to that of a wired LAN.
In WEP, data moving between computers and access points is encrypted.
Wi-Fi
Wi-Fi is short for wireless fidelity. The term applies to wireless networks that employ
802.11-type security. An organization called the Wi-Fi Alliance coined the term. This
organization tests wireless products work together and certifies those that pass as “Wi-
Fi certified” (a registered trademark).
WPA WPA stands for Wi-Fi protected access. Like WEP, WPA is a security protocol designed to provide a wireless network with security and privacy. WPA provides stronger data encryption and better user authentication than WEP.
Council on Cybersecurity Aims to accelerate the widespread availability and adoption of effective cybersecurity measures, practice, and policy.
Controlled Access Minimum set of security functionally that enforces access control on individual users and makes them accountable for their actions through log-in procedures, auditing of security-relevant events, and resource isolation.
Crown Jewels Critical information assets that are regarded as highly sensitive, essential pieces of information to the organization.
Cyber-attack
An attack, via cyberspace, targeting an enterprise’s use of cyberspace for the purpose
of disrupting, disabling, destroying, or maliciously controlling a computing
environment/infrastructure; or destroying the integrity of the data or stealing controlled
information.
Cyber Hygiene
Refers to steps computer users take to protect and maintain systems and devices.
Cybersecurity
The ability to protect or defend the use of cyberspace from cyber-attacks.
Cybersecurity and Critical Infrastructure Working Group (CCIWG)
In June 2013 the FFIEC established this body to enhance communication among the
FFEIC member agencies and build on existing efforts to strengthen the activities of
other interagency and private sector groups.
Cybersecurity Inherent Risk
The amount of risk posed by a financial institution’s activities and connections,
notwithstanding risk-mitigating controls in place. A financial institution’s cybersecurity
inherent risk incorporates the type, volume, and complexity of operational
considerations, such as connection types, products and services offered, and
technologies used.
Data Loss
The exposure of proprietary, sensitive, or classified information through either data theft
or data leakage.
Data Security
Protection of data from unauthorized (accidental or intentional) modification, destruction,
or disclosure.
Distributed Denial of Service (DDoS)
The prevention of authorized access to resources or the delaying of time-critical
operations. (Time-critical may be milliseconds or it may be hours, depending upon the
service provided.)
Fair and Accurate Credit Transactions Act of 2003
Added sections to the federal Fair Credit Reporting Act, intended to help consumers
fight the growing crime of identity theft.
Federal Financial Institutions Examination Council (FFIEC)
A formal interagency body empowered to prescribe uniform principles, standards, and
report forms for the federal examination of financial institutions by the Board of
Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance
Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the
Comptroller of the Currency (OCC), and the Consumer Financial Protection Bureau
(CFPB), and to make recommendations to promote uniformity in the supervision of
financial institutions. In 2006, the State Liaison Committee (SLC) was added to the
Council as a voting member. The SLC includes representatives from the Conference of
State Bank Supervisors (CSBS), the American Council of State Savings Supervisors
(ACSSS), and the National Association of State Credit Union Supervisors (NASCUS).
Firewall
A hardware/software capability that limits access between networks and/or systems in
accordance with a specific security policy.
Financial Services Information Sharing and Analysis Center (FS-ISAC)
A private-sector nonprofit information-sharing firm established by financial services
industry participants in response to the federal government’s efforts to facilitate the public and private sectors’ sharing of physical and cybersecurity threat and vulnerability information.
Gramm-Leach-Bliley Act Requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.
Incident Response Plan The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of a malicious cyber-attack against an
organization’s information system(s).
Infragard
FBI Infragard is a partnership between the FBI and the private sector. It is an
association of people who represent businesses, academic institutions, state and local
law enforcement agencies and other participants dedicated to sharing information and
intelligence to prevent hostile acts against the U.S.
Intrusion Detection Prevention System (DPS)
Software that automates the process of monitoring the events occurring in a computer
system or network and analyzing them for signs of possible incidents and attempting to
stop detected possible incidents.
Intrusion Detection System (IDS)
Hardware or software product that gathers and analyzes information from various areas
within a computer or a network to identify possible security breaches, which include
both intrusions (attacks from outside the organizations) and misuse (attacks from within
the organizations).
Multi-State Information Sharing & Analysis Center
A source for cyber threat prevention, protection, response, and recovery for the nation’s
state, local, tribal, and territorial (SLTT) governments.
National Institute of Standards and Technology (NIST)
A non-regulatory federal agency within the U.S. Department of Commerce that aims to
promote U.S. innovation and industrial competitiveness by advancing measurement,
science, standards, and technology in ways that enhance economic security and
improve quality of life.
NIST’s Cybersecurity Framework
A set of industry standards and best practices to help organizations manage
cybersecurity risks.
Risk
The potential for loss, damage, or destruction of an asset as a result of a threat
exploiting vulnerability
Risk-Assessment
The process of identifying risks to organizational operations (including mission,
functions, image, or reputation), organizational assets, individuals, other organizations,
and the nation, arising through the operation of an information system. Part of risk
management, risk assessment incorporates threat and vulnerability analyses and
considers mitigations provided by security controls planned or in place. Synonymous
with risk analysis.
Symantec Corporation
An information protection company that makes security, storage, and backup software,
and offers professional services.
Threat Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability.
Top 20 Critical Security Controls A reference set of recommendations to address risks to company data and systems. Each year the Council on Cybersecurity, located in the Washington, D.C. area, releases its Top 20 Critical Security Controls. These controls are meant to establish priority of action for organizations actively managing cybersecurity risks and to keep knowledge and technology current in the face of rapidly evolving cyber threats.U.S.Computer Emergency Readiness Team (US-CERT)Established in 2003 to protect the nation’s Internet infrastructure, US-CERT coordinates defense against and responses to cyber-attacks across the nation.U.S.Secret Service Electronic Crimes Task Force (ECTF)
Brings together not only federal, state, and local law enforcement but also prosecutors, private industry, and academia in the prevention, detection, mitigation, and investigation
of attacks on the nation’s financial and critical infrastructures.
Virtual Private Network A virtual private network (VPN) extends a private network across a public network, such as the Internet.
Vulnerability Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.
access The ability and means to communicate with or otherwise interact with a system, to use system resources to handle information, to gain knowledge of the information the system contains, or to control system components and functions.
access and identity management Synonym(s): identity and access management
access control The process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities.
access control mechanism
Security measures designed to detect and deny unauthorized access and permit
authorized access to an information system or a physical facility.
active attack
An actual assault perpetrated by an intentional threat source that attempts to alter a
system, its resources, its data, or its operations.
active content
Software that is able to automatically carry out or trigger actions without the explicit
intervention of a user.
Advanced Persistent Threat
An adversary that possesses sophisticated levels of expertise and significant resources
which allow it to create opportunities to achieve its objectives by using multiple attack
vectors (e.g., cyber, physical, and deception).
adversary
An individual, group, organization, or government that conducts or has the intent to
conduct detrimental activities.
air gap
To physically separate or isolate a system from other systems or networks (verb).
Extended The physical separation or isolation of a system from other systems or
networks (noun).
alert
A notification that a specific attack has been detected or directed at an organization?s
information systems.
All Source Intelligence
In the NICE Workforce Framework, cybersecurity work where a person: Analyzes threat
information from multiple sources, disciplines, and agencies across the Intelligence
Community. Synthesizes and places intelligence information in context; draws insights
about the possible implications.
Analyze
A NICE Workforce Framework category consisting of specialty areas responsible for
highly specialized review and evaluation of incoming cybersecurity information to
determine its usefulness for intelligence.
antispyware software
A program that specializes in detecting and blocking or removing forms of spyware.
antivirus software
A program that monitors a computer or network to detect or identify major types of
malicious code and to prevent or contain malware incidents. Sometimes by removing or
neutralizing the malicious code.
asset
A person, structure, facility, information, and records, information technology systems
and resources, material, process, relationships, or reputation that has value. Extended
Anything useful that contributes to the success of something, such as an organizational
mission; assets are things of value or properties to which value can be assigned.
asymmetric cryptography
Synonym(s): public key cryptography
attack
An attempt to gain unauthorized access to system services, resources, or information,
or an attempt to compromise system integrity. Extended The intentional act of
attempting to bypass one or more security services or controls of an information system.
attack method
The manner or technique and means an adversary may use in an assault on
information or an information system.
attack mode
Synonym(s): attack method
attack path
The steps that an adversary takes or may take to plan, prepare for, and execute an
attack.
attack pattern
Similar cyber events or behaviors that may indicate an attack has occurred or is
occurring, resulting in a security violation or a potential security violation.
Extended For software, descriptions of common methods for exploiting software
systems.
attack signature
A characteristic or distinctive pattern that can be searched for or that can be used in
matching to previously identified attacks.
Extended An automated set of rules for identifying a potential threat (such as an exploit
or the presence of an attacker tool) and possible responses to that threat.
attack surface
The set of ways in which an adversary can enter a system and potentially cause
damage.
Extended An information system’s characteristics that permit an adversary to probe,
attack, or maintain presence in the information system.
attacker
An individual, group, organization, or government that executes an attack.
Extended A party acting with malicious intent to compromise an information system.
authenticate
Related Term(s): authentication
authentication
The process of verifying the identity or other attributes of an entity (user, process, or
device). Extended Also the process of verifying the source and integrity of data.
authenticity
A property achieved through cryptographic methods of being genuine and being able to
be verified and trusted, resulting in confidence in the validity of a transmission,
information or a message, or sender of information or a message.
authorization
A process of determining, by evaluating applicable access control information, whether
a subject is allowed to have the specified types of access to a particular resource.
Extended The process or act of granting access privileges or the access privileges as
granted.
availability
The property of being accessible and usable upon demand. Extended In cybersecurity,
applies to assets such as information or information systems.
behavior monitoring
Observing activities of users, information systems, and processes and measuring the
activities against organizational policies and rule, baselines of normal activity,
thresholds, and trends.
behavioral monitoring
Synonym(s): behavior monitoring
Bitcoin
A type of digital currency in which encryption techniques are used to regulate the
generation of units of currency and verify the transfer of funds, operating independently
of a central bank. Many bitcoin transactions are associated with illegal, dark web activity
but not all.
blacklist
A list of entities that are blocked or denied privileges or access.
black box
A method of penetration testing in which the hacker is given no prior information other
than a target network or computer system to hack.
black hat
A Hacker who uses their abilities for malicious or selfish purposes.
Blue Team
A group that defends an enterprise’s information systems when mock attackers (i.e., the
Red Team) attack, typically as part of an operational exercise conducted according to
rules established and monitored by a neutral group (i.e., the White Team). Extended
Also, a group that conducts operational vulnerability evaluations and recommends
mitigation techniques to customers ho need an independent technical review of their
cybersecurity posture.
bot
A computer connected to the Internet that has been surreptitiously / secretly
compromised with malicious logic to perform activities under remote the command and
control of a remote administrator. Extended A member of a larger collection of
compromised computers known as a botnet.
bot master or bot herder
The controller of a botnet that, from a remote location, provides direction to the
compromised computers in the botnet.
botnet
A collection of computers compromised by malicious code and controlled across a
network.
bug
An unexpected and relatively small defect, fault, flaw, or imperfection in an information
system or device.
Build Security In
A set of principles, practices, and tools to design, develop, and evolve information
systems and software that enhance resistance to vulnerabilities, flaws, and attacks.
capability
The means to accomplish a mission, function, or objective.
cat fishing
Common on social networking and online dating sites. Sometimes a catfish’s sole
purpose is to engage in a fantasy but sometimes the catfish’s intent is to defraud a
victim, seek revenge or commit identity theft.
cipher
Synonym(s): cryptographic algorithm
ciphertext
Data or information in its encrypted form.
cloud computing
A model for enabling on-demand network access to a shared pool of configurable
computing capabilities or resources (e.g., networks, servers, storage, applications, and
services) that can be rapidly provisioned and released with minimal management effort
or service provider interaction.
Collect & Operate
A NICE Workforce Framework category consisting of specialty areas responsible for
specialized denial and deception operations and collection of cybersecurity information
that may be used to develop intelligence.
Collection Operations
In the NICE Workforce Framework, cybersecurity work where a person: Executes
collection using appropriate strategies and within the priorities established through the
collection management process.
computer forensics
Synonym(s): digital forensics
computer network defense
The actions taken to defend against unauthorized activity within computer networks.
Computer Network Defense Analysis
In the NICE Workforce Framework, cybersecurity work where a person: Uses defensive
measures and information collected from a variety of sources to identify, analyze, and
report events that occur or might occur within the network in order to protect
information, information systems, and networks from threats.
Computer Network Defense Infrastructure Support
In the NICE Workforce Framework, cybersecurity work where a person: Tests,
implements, deploys, maintains, reviews, and administers the infrastructure hardware
and software that are required to effectively manage the computer network defense
service provider network and resources; monitors network to actively remediate
unauthorized activities.
computer security incident
Synonym(s): incident
confidentiality
A property that information is not disclosed to users, processes, or devices unless they
have been authorized to access the information. Extended Preserving authorized
restrictions on information access and disclosure, including means for protecting
personal privacy and proprietary information.
consequence
The effect of an event, incident, or occurrence. Extended In cybersecurity, the effect of
a loss of confidentiality, integrity or availability of information or an information system
on an organization’s operations, its assets, on individuals, other organizations, or on
national interests.
Continuity of Operations Plan
A document that sets forth procedures for the continued performance of core
capabilities and critical operations during any disruption or potential disruption.
critical infrastructure
The systems and assets, whether physical or virtual, so vital to society that the
incapacity or destruction of such may have a debilitating impact on the security,
economy, public health or safety, environment, or any combination of these matters.
critical infrastructure and key resources
Synonym(s): critical infrastructure
cryptanalysis
The operations performed in defeating or circumventing cryptographic protection of
information by applying mathematical techniques and without an initial knowledge of the
key employed in providing the protection. Extended The study of mathematical
techniques for attempting to defeat or circumvent cryptographic techniques and/or
information systems security.
cryptographic algorithm
A well-defined computational procedure that takes variable inputs, including a
cryptographic key, and produces an output.
cryptography
The use of mathematical techniques to provide security services, such as
confidentiality, data integrity, entity authentication, and data origin authentication.
Extended The art or science concerning the principles, means, and methods for
converting plaintext into ciphertext and for restoring encrypted ciphertext to plaintext.
cryptology
The mathematical science that deals with cryptanalysis and cryptography.
Customer Service and Technical Support
In the NICE Workforce Framework, cybersecurity work where a person: Addresses
problems, installs, configures, troubleshoots, and provides maintenance and training in
response to customer requirements or inquiries (e.g., tiered-level customer support).
cyber ecosystem
The interconnected information infrastructure of interactions among persons, processes,
data, and information and communications technologies, along with the environment
and conditions that influence those interactions.
cyber exercise
A planned event during which an organization simulates a cyber disruption to develop or
test capabilities such as preventing, detecting, mitigating, responding to or recovering
from the disruption.
cyber incident
Synonym(s): incident
cyber incident response plan
Synonym(s): incident response plan
cyber infrastructure
An electronic information and communications systems and services and the
information contained therein. Extended The information and communications systems
and services composed of all hardware and software that process, store, and
communicate information, or any combination of all of these elements: ? Processing
includes the creation, access, modification, and destruction of information. Storage
includes paper, magnetic, electronic, and all other media types. ? Communications
include sharing and distribution of information.
Cyber Operations
In the NICE Workforce Framework, cybersecurity work where a person: Performs
activities to gather evidence on criminal or foreign intelligence entities in order to
mitigate possible or real-time threats, protect against espionage or insider threats,
foreign sabotage, international terrorist activities, or to support other intelligence
activities.
Cyber Operations Planning
in the NICE Workforce Framework, cybersecurity work where a person: Performs in-
depth joint targeting and cyber planning process. Gathers information and develops
detailed Operational Plans and Orders supporting requirements. Conducts strategic and
operational-level planning across the full range of operations for integrated information
and cyberspace operations
cybersecurity
The activity or process, ability or capability, or state whereby information and
communications systems and the information contained therein are protected from
and/or defended against damage, unauthorized use or modification, or exploitation.
Extended Strategy, policy, and standards regarding the security of and operations in
cyberspace, and encompass[ing] the full range of threat reduction, vulnerability
reduction, deterrence, international engagement, incident response, resiliency, and
recovery policies and activities, including computer network operations, information
assurance, law enforcement, diplomacy, military, and intelligence missions as they
relate to the security and stability of the global information and communications
infrastructure.
cyberspace
The interdependent network of information technology infrastructures, that includes the
Internet, telecommunications networks, computer systems, and embedded processors
and controllers.
dark web
The portion of World Wide Web content that is not indexed by standard search engine
generally attributed to hacking and illegal cyber activities.
Data Administration
In the NICE Workforce Framework, cybersecurity work where a person: Develops and
administers databases and/or data management systems that allow for the storage,
query, and utilization of data.
data aggregation
The process of gathering and combining data from different sources, so that the
combined data reveals new information.
Extended The new information is more sensitive than the individual data elements
themselves and the person who aggregates the data was not granted access to the
totality of the information.
data breach
The unauthorized movement or disclosure of sensitive information to a party, usually
outside the organization, that is not authorized to have or see the information.
data integrity
The property that data is complete, intact, and trusted and has not been modified or
destroyed in an unauthorized or accidental manner.
data leakage
Synonym(s): data breach
data loss
The result of unintentionally or accidentally deleting data, forgetting where it is stored, or
exposure to an unauthorized party.
data loss prevention
A set of procedures and mechanisms to stop sensitive data from leaving a security
boundary.
data mining
The process or techniques used to analyze large sets of existing information to discover
previously unrevealed patterns or correlations.
data spill
Synonym(s): data breach
data theft
The deliberate or intentional act of stealing of information.
DDoS
An attack that prevents or impairs the authorized use of information system resources
or services.
decipher
To convert enciphered text to plain text by means of a cryptographic system.
decode
To convert encoded text to plain text by means of a code.
decrypt
A generic term encompassing decode and decipher.
decryption
The process of transforming ciphertext into its original plaintext. Extended The process
of converting encrypted data back into its original form, so it can be understood.
deep web
The portion of World Wide Web content that is not indexed by standard search engine
generally attributed to hacking and illegal cyber activities.
denial of service
An attack that prevents or impairs the authorized use of information system resources
or services.
designed-in security
Synonym(s): Build Security In
digital forensics
The processes and specialized techniques for gathering, retaining, and analyzing
system-related data (digital evidence) for investigative purposes. Extended In the NICE
Workforce Framework, cybersecurity work where a person: Collects, processes,
preserves, analyzes, and presents computer-related evidence in support of network
vulnerability, mitigation, and/or criminal, fraud, counterintelligence or law enforcement
investigations.
digital rights management
A form of access control technology to protect and manage use of digital content or
devices in accordance with the content or device provider’s intentions.
digital signature
A value computed with a cryptographic process using a private key and then appended
to a data object, thereby digitally signing the data.
disruption
An event which causes unplanned interruption in operations or functions for an
unacceptable length of time.
distributed denial of service
A denial of service technique that uses numerous systems to perform the attack
simultaneously.
dynamic attack surface
The automated, on-the-fly changes of an information system’s characteristics to thwart
actions of an adversary.
Education and Training
In the NICE Workforce Framework, cybersecurity work where a person: Conducts
training of personnel within pertinent subject domain; develop, plan, coordinate, deliver,
and/or evaluate training courses, methods, and techniques as appropriate.
electronic signature
Any mark in electronic form associated with an electronic document, applied with the
intent to sign the document.
encipher
To convert plaintext to ciphertext by means of a cryptographic system.
encode
To convert plaintext to ciphertext by means of a code.
encrypt
The generic term encompassing encipher and encode.
encryption
The process of transforming plaintext into ciphertext. Extended Converting data into a
form that cannot be easily understood by unauthorized people.
enterprise risk management
A comprehensive approach to risk management that engages people, processes, and
systems across an organization to improve the quality of decision making for managing
risks that may hinder an organization?s ability to achieve its objectives. Extended
Involves identifying mission dependencies on enterprise capabilities, identifying and
prioritizing risks due to defined threats, implementing countermeasures to provide both
a static risk posture and an effective dynamic response to active threats; and assessing
enterprise performance against threats and adjusts countermeasures as necessary.
event
An observable occurrence in an information system or network. Extended Sometimes
provides an indication that an incident is occurring or at least raise the suspicion that an
incident may be occurring.
exfiltration
The unauthorized transfer of information from an information system.
exploit
A technique to breach the security of a network or information system in violation of
security policy.
Exploitation Analysis
In the NICE Workforce Framework, cybersecurity work where a person: Analyzes
collected information to identify vulnerabilities and potential for exploitation.
exposure
The condition of being unprotected, thereby allowing access to information or access to
capabilities that an attacker can use to enter a system or network.
Failure
The inability of a system or component to perform its required functions within specified
performance requirements.
firewall
A capability to limit network traffic between networks and/or information systems.
Extended A hardware/software device or a software program that limits network traffic
according to a set of rules of what access is and is not allowed or authorized.
forensics
Synonym(s): digital forensics
gray box
A method of penetration testing in which the hacker is given some information about the
internal details of the target network in order to provide a quick summary of some
specific strengths and weaknesses in that netowrk’s security.
hack
An unauthorized attempt to gain access to an information system.
hacker
An unauthorized user who attempts to or gains access to an information system.
hacktivist
A computer hacker whose activity is aimed at promoting a social or political cause.
hash value
A numeric value resulting from applying a mathematical algorithm against a set of data
such as a file.
hashing
A process of applying a mathematical algorithm against a set of data to produce a
numeric value (a ‘hash value’) that represents the data. Extended Mapping a bit string
of arbitrary length to a fixed length bit string to produce the hash value.
hazard
A natural or man-made source or cause of harm or difficulty.
ICT supply chain threat
A man-made threat achieved through exploitation of the information and
communications technology (ICT) system?s supply chain, including acquisition
processes.
identity and access management
The methods and processes used to manage subjects and their authentication and
authorizations to access specific objects.
impact
Synonym(s): consequence
incident
An occurrence that actually or potentially results in adverse consequences to (adverse
effects on) (poses a threat to) an information system or the information that the system
processes, stores, or transmits and that may require a response action to mitigate the
consequences. Extended An occurrence that constitutes a violation or imminent threat
of violation of security policies, security procedures, or acceptable use policies.
incident management
The management and coordination of activities associated with an actual or potential
occurrence of an event that may result in adverse consequences to information or
information systems.
incident response
The activities that address the short-term, direct effects of an incident and may also
support short-term recovery. Extended In the Workforce framework, cybersecurity work
where a person: Responds to crisis or urgent situations within the pertinent domain to
mitigate immediate and potential threats; uses mitigation, preparedness, and response
and recovery approaches, as needed, to maximize survival of life, preservation of
property, and information security. Investigates and analyzes all relevant response
activities.
incident response plan
A set of predetermined and documented procedures to detect and respond to a cyber
incident.
indicator
An occurrence or sign that an incident may have occurred or may be in progress.
Industrial Control System
An information system used to control industrial processes such as manufacturing,
product handling, production, and distribution or to control infrastructure assets.
information and communication(s) technology
Any information technology, equipment, or interconnected system or subsystem of
equipment that processes, transmits, receives, or interchanges data or information.
information assurance
The measures that protect and defend information and information systems by ensuring
their availability, integrity, and confidentiality.
Information Assurance Compliance
In the NICE Workforce Framework, cybersecurity work where a person: Oversees,
evaluates, and supports the documentation, validation, and accreditation processes
necessary to assure that new IT systems meet the organization’s information assurance
and security requirements; ensures appropriate treatment of risk, compliance, and
assurance from internal and external perspectives.
information security policy
An aggregate of directives, regulations, rules, and practices that prescribe how an
organization manages, protects, and distributes information.
information sharing
An exchange of data, information, and/or knowledge to manage risks or respond to
incidents.
information system resilience
The ability of an information system to: (1) continue to operate under adverse conditions
or stress, even if in a degraded or debilitated state, while maintaining essential
operational capabilities; and (2) recover effectively in a timely manner.
Information Systems Security Operations
In the NICE Workforce Framework, cybersecurity work where a person: Oversees the
information assurance program of an information system in or outside the network
environment; may include procurement duties (e.g., Information Systems Security
Officer).
information technology
Any equipment or interconnected system or subsystem of equipment that processes,
transmits, receives, or interchanges data or information.
inside( r) threat
A person or group of persons within an organization who pose a potential risk through
violating security policies. Extended One or more individuals with the access and/or
inside knowledge of a company, organization, or enterprise that would allow them to
exploit the vulnerabilities of that entity’s security, systems, services, products, or
facilities with the intent to cause harm.
integrated risk management
The structured approach that enables an enterprise or organization to share risk
information and risk analysis and to synchronize independent yet complementary risk
management strategies to unify efforts across the enterprise.
integrity
The property whereby information, an information system, or a component of a system
has not been modified or destroyed in an unauthorized manner.
Extended A state in which information has remained unaltered from the point it was
produced by a source, during transmission, storage, and eventual receipt by the
destination.
intent
A state of mind or desire to achieve an objective.
interoperability
The ability of two or more systems or components to exchange information and to use
the information that has been exchanged.
intrusion
An unauthorized act of bypassing the security mechanisms of a network or information
system.
intrusion detection
The process and methods for analyzing information from networks and information
systems to determine if a security breach or security violation has occurred.
Investigate
a NICE Workforce Framework category consisting of specialty areas responsible for the
investigation of cyber events and/or crimes of IT systems, networks, and digital
evidence
investigation
A systematic and formal inquiry into a qualified threat or incident using digital forensics
and perhaps other traditional criminal inquiry techniques to determine the events that
transpired and to collect evidence. Extended In the NICE Workforce Framework,
cybersecurity work where a person: Applies tactics, techniques, and procedures for a
full range of investigative tools and processes to include but not limited to interview and
interrogation techniques, surveillance, counter surveillance, and surveillance detection,
and appropriately balances the benefits of prosecution versus intelligence gathering.
key
The numerical value used to control cryptographic operations, such as decryption,
encryption, signature generation, or signature verification.
key pair
A public key and its corresponding private key. Extended Two mathematically related
keys having the property that one key can be used to encrypt a message that can only
be decrypted using the other key.
key resource
A publicly or privately controlled asset necessary to sustain continuity of government
and/or economic operations, or an asset that is of great historical significance.
keylogger
Software or hardware that tracks keystrokes and keyboard events, usually
surreptitiously / secretly, to monitor actions by the user of an information system.
Knowledge Management
In the NICE Workforce Framework, cybersecurity work where a person: Manages and
administers processes and tools that enable the organization to identify, document, and
access intellectual capital and information content.
Legal Advice and Advocacy
In the NICE Workforce Framework, cybersecurity work where a person: Provides legally
sound advice and recommendations to leadership and staff on a variety of relevant
topics within the pertinent subject domain; advocates legal and policy changes and
makes a case on behalf of client via a wide range of written and oral work products,
including legal briefs and proceedings.
machine learning and evolution
A field concerned with designing and developing artificial intelligence algorithms for
automated knowledge discovery and innovation by information systems.
macro virus
A type of malicious code that attaches itself to documents and uses the macro
programming capabilities of the document?s application to execute, replicate, and
spread or propagate itself.
malicious applet
A small application program that is automatically downloaded and executed and that
performs an unauthorized function on an information system.
malicious code
Program code intended to perform an unauthorized function or process that will have
adverse impact on the confidentiality, integrity, or availability of an information system.
Extended Includes software, firmware, and scripts.
malicious logic
Hardware, firmware, or software that is intentionally included or inserted in a system to
perform an unauthorized function or process that will have adverse impact on the
confidentiality, integrity, or availability of an information system.
malware
Software that compromises the operation of a system by performing an unauthorized
function or process.
man in the middle (MITM)
Using false digital credentials or certificates to fool a device or user into thinking it is
communicating directly with the original site they intended to connect with by rerouting
internet traffic through another server.
mitigation
The application of one or more measures to reduce the likelihood of an unwanted
occurrence and/or lessen its consequences. Extended Implementing appropriate risk-
reduction controls based on risk management priorities and analysis of alternatives.
moving target defense
The presentation of a dynamic attack surface, increasing an adversary’s work factor
necessary to probe, attack, or maintain presence in a cyber target.
network resilience
The ability of a network to: (1) provide continuous operation (i.e., highly resistant to
disruption and able to operate in a degraded mode if damaged); (2) recover effectively if
failure does occur; and (3) scale to meet rapid or unpredictable demands.
Network Services
In the NICE Workforce Framework, cybersecurity work where a person: Installs,
configures, tests, operates, maintains, and manages networks and their firewalls,
including hardware (e.g., hubs, bridges, switches, multiplexers, routers, cables, proxy
servers, and protective distributor systems) and software that permit the sharing and
transmission of all spectrum transmissions of information to support the security of
information and information systems.
NFC or Near Field Communication
Near-field (or nearfield) communication (NFC) is a form of short-range wireless
communication where the antenna used is much smaller than the wavelength of the
carrier signal. Although the communication range of NFC is limited to a few centimeters,
NFC alone does not ensure secure communications, they are susceptible to relay
attacks.
non-repudiation
A property achieved through cryptographic methods to protect against an individual or
entity falsely denying having performed a particular action related to data. Extended
Provides the capability to determine whether a given individual took a particular action
such as creating information, sending a message, approving information, and receiving
a message.
object
A passive information system-related entity containing or receiving information.
Operate & Maintain
A NICE Workforce Framework category consisting of specialty areas responsible for
providing the support, administration, and maintenance necessary to ensure effective
and efficient IT system performance and security.
operational exercise
An action-based exercise where personnel rehearse reactions to an incident scenario,
drawing on their understanding of plans and procedures, roles, and responsibilities.
Extended Also referred to as operations-based exercise.
Operations Technology
The hardware and software systems used to operate industrial control devices.
outside( r) threat
A person or group of persons external to an organization who are not authorized to
access its assets and pose a potential risk to the organization and its assets.
Oversight & Development
A NICE Workforce Framework category consisting of specialty areas providing
leadership, management, direction, and/or development and advocacy so that all
individuals and the organization may effectively conduct cybersecurity work.
passive attack
An actual assault perpetrated by an intentional threat source that attempts to learn or
make use of information from a system, but does not attempt to alter the system, its
resources, its data, or its operations.
password
A string of characters (letters, numbers, and other symbols) used to authenticate an
identity or to verify access authorization.
pen test
A colloquial term for penetration test or penetration testing.
penetration
Synonym(s): intrusion
penetration testing
An evaluation methodology whereby assessors search for vulnerabilities and attempt to
circumvent the security features of a network and/or information system.
Personal Identifying Information / Personally Identifiable Information
The information that permits the identity of an individual to be directly or indirectly
inferred.
phishing
A digital form of social engineering to deceive individuals into providing sensitive
information.
plaintext
Unencrypted information.
precursor
An observable occurrence or sign that an attacker may be preparing to cause an
incident.
Preparedness
The activities to build, sustain, and improve readiness capabilities to prevent, protect
against, respond to, and recover from natural or manmade incidents.
privacy
The assurance that the confidentiality of, and access to, certain information about an
entity is protected. Extended The ability of individuals to understand and exercise
control over how information about themselves may be used by others.
private key
A cryptographic key that must be kept confidential and is used to enable the operation of an asymmetric (public key) cryptographic algorithm. Extended The secret part of an asymmetric key pair that is uniquely associated with an entity.
Protect & Defend A NICE Workforce Framework category consisting of specialty areas responsible for the identification, analysis, and mitigation of threats to internal IT systems or networks.
public key A cryptographic key that may be widely published and is used to enable the operation of an asymmetric (public key) cryptographic algorithm. Extended The public part of an asymmetric key pair that is uniquely associated with an entity and that may be made public.
public key cryptography A branch of cryptography in which a cryptographic system or algorithms use two uniquely linked keys: a public key and a private key (a key pair).
public key encryption Synonym(s): public key cryptography
Public Key Infrastructure A framework consisting of standards and services to enable secure, encrypted communication and authentication over potentially insecure networks such as the Internet. Extended A framework and services for generating, producing, distributing, controlling, accounting for, and revoking (destroying) public key certificates.
ransomware Type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed.
Recovery The activities after an incident or event to restore essential services and operations in the short and medium term and fully restore all capabilities in the longer term.
Red Team A group authorized and organized to emulate a potential adversary?s attack or exploitation capabilities against an enterprise?s cybersecurity posture.
Red Team exercise An exercise, reflecting real-world conditions, that is conducted as a simulated attempt by an adversary to attack or exploit vulnerabilities in an enterprise’s information systems.
redundancy
Additional or alternative systems, sub-systems, assets, or processes that maintain a
degree of overall functionality in case of loss or failure of another system, sub-system,
asset, or process.
relay attack
An attack in which the adversary has to forward the request of the card reader, for
example, to the victim and relay back its answer to the card reader in real time, in order
to carry out a task pretending to be the owner of the victim’s smart card, for example.
resilience
The ability to adapt to changing conditions and prepare for, withstand, and rapidly
recover from disruption.
response
The activities that address the short-term, direct effects of an incident and may also
support short-term recovery. Extended In cybersecurity, response encompasses both
automated and manual activities.
response plan
Synonym(s): incident response plan
risk
The potential for an unwanted or adverse outcome resulting from an incident, event, or
occurrence, as determined by the likelihood that a particular threat will exploit a
particular vulnerability, with the associated consequences.
risk analysis
The systematic examination of the components and characteristics of risk.
risk assessment
The product or process which collects information and assigns values to risks for the
purpose of informing priorities, developing or comparing courses of action, and
informing decision making. Extended The appraisal of the risks facing an entity, asset,
system, or network, organizational operations, individuals, geographic area, other
organizations, or society, and includes determining the extent to which adverse
circumstances or events could result in harmful consequences.
risk management
The process of identifying, analyzing, assessing, and communicating risk and
accepting, avoiding, transferring or controlling it to an acceptable level considering
associated costs and benefits of any actions taken. Extended Includes: 1) conducting a
risk assessment; 2) implementing strategies to mitigate risks; 3) continuous monitoring
of risk over time; and 4) documenting the overall risk management program.
risk mitigation
Synonym(s): mitigation
risk-based data management
A structured approach to managing risks to data and information by which an
organization selects and applies appropriate security controls in compliance with policy
and commensurate with the sensitivity and value of the data.
rootkit
A set of software tools with administrator-level access privileges installed on an
information system and designed to hide the presence of the tools, maintain the access
privileges, and conceal the activities conducted by the tools.
secret key
A cryptographic key that is used for both encryption and decryption, enabling the
operation of a symmetric key cryptography scheme. Extended Also, a cryptographic
algorithm that uses a single key (i.e., a secret key) for both encryption of plaintext and
decryption of ciphertext.
Securely Provision
A NICE Workforce Framework category consisting of specialty areas concerned with
conceptualizing, designing, and building secure IT systems, with responsibility for some
aspect of the systems’ development.
security automation
The use of information technology in place of manual processes for cyber incident
response and management.
security incident
Synonym(s): incident
security policy
A rule or set of rules that govern the acceptable use of an organization’s information
and services to a level of acceptable risk and the means for protecting the
organization’s information assets. Extended A rule or set of rules applied to an
information system to provide security services.
Security Program Management
In the NICE Workforce Framework, cybersecurity work where a person: Manages
information security (e.g., information security) implications within the organization,
specific program, or other area of responsibility, to include strategic, personnel,
infrastructure, policy enforcement, emergency planning, security awareness, and other
resources (e.g., the role of a Chief Information Security Officer).
signature
A recognizable, distinguishing pattern. Extended Types of signatures: attack signature,
digital signature, electronic signature.
situational awareness
Comprehending information about the current and developing security posture and risks, based on information gathered, observation and analysis, and knowledge or experience. Extended In cybersecurity, comprehending the current status and security posture with respect to availability, confidentiality, and integrity of networks, systems, users, and data, as well as projecting future states of these.
software assurance The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner.
Software Assurance and Security Engineering In the NICE Workforce Framework, cybersecurity work where a person: Develops and writes/codes new (or modifies existing) computer applications, software, or specialized utility programs following software assurance best practices.
spam The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.
Spear Phishing An e-mail spoofing fraud attempt that targets a specific organization or individual, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by “random hackers” but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information. These attacks are more targeted than common phishing or spam attacks.
spillage Synonym(s): data spill, data breach
Spoofing Faking the sending address of a transmission to gain illegal [unauthorized] entry into a secure system. Extended The deliberate inducement of a user or resource to take incorrect action. Note: Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing.
spyware Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.
Strategic Planning and Policy Development In the NICE Workforce Framework, cybersecurity work where a person: Applies knowledge of priorities to define an entity.
subject
An individual, process, or device causing information to flow among objects or a change
to the system state. Extended An active entity.
Supervisory Control and Data Acquisition
A generic name for a computerized system that is capable of gathering and processing
data and applying operational controls to geographically dispersed assets over long
distances.
supply chain
A system of organizations, people, activities, information and resources, for creating
and moving products including product components and/or services from suppliers
through to their customers.
Supply Chain Risk Management
The process of identifying, analyzing, and assessing supply chain risk and accepting,
avoiding, transferring or controlling it to an acceptable level considering associated
costs and benefits of any actions taken.
symmetric cryptography
A branch of cryptography in which a cryptographic system or algorithms use the same
secret key (a shared secret key).
symmetric encryption algorithm
Synonym(s): symmetric cryptography
symmetric key
A cryptographic key that is used to perform both the cryptographic operation and its
inverse, for example to encrypt plaintext and decrypt ciphertext, or create a message
authentication code and to verify the code. Extended Also, a cryptographic algorithm
that uses a single key (i.e., a secret key) for both encryption of plaintext and decryption
of ciphertext.
System Administration
In the NICE Workforce Framework, cybersecurity work where a person: Installs,
configures, troubleshoots, and maintains server configurations (hardware and software)
to ensure their confidentiality, integrity, and availability; also manages accounts,
firewalls, and patches; responsible for access control, passwords, and account creation
and administration.
system integrity
The attribute of an information system when it performs its intended function in an
unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of
the system.
Systems Development
In the NICE Workforce Framework, cybersecurity work where a person: Works on the
development phases of the systems development lifecycle.
Systems Requirements Planning
In the NICE Workforce Framework, cybersecurity work where a person: Consults with
customers to gather and evaluate functional requirements and translates these
requirements into technical solutions; provides guidance to customers about
applicability of information systems to meet business needs.
Systems Security Analysis
In the NICE Workforce Framework, cybersecurity work where a person: Conducts the
integration/testing, operations, and maintenance of systems security.
Systems Security Architecture
In the NICE Workforce Framework, cybersecurity work where a person: Develops
system concepts and works on the capabilities phases of the systems development
lifecycle; translates technology and environmental conditions (e.g., law and regulation)
into system and security designs and processes.
tabletop exercise
A discussion-based exercise where personnel meet in a classroom setting or breakout
groups and are presented with a scenario to validate the content of plans, procedures,
policies, cooperative agreements or other information for managing an incident.
tailored trustworthy space
A cyberspace environment that provides a user with confidence in its security, using
automated mechanisms to ascertain security conditions and adjust the level of security
based on the user’s context and in the face of an evolving range of threats.
Targets
In the NICE Workforce Framework, cybersecurity work where a person: Applies current
knowledge of one or more regions, countries, non-state entities, and/or technologies.
Technology Research and Development
In the NICE Workforce Framework, cybersecurity work where a person: Conducts
technology assessment and integration processes; provides and supports a prototype
capability and/or evaluates its utility.
Test and Evaluation
In the NICE Workforce Framework, cybersecurity work where a person: Develops and
conducts tests of systems to evaluate compliance with specifications and requirements
by applying principles and methods for cost-effective planning, evaluating, verifying, and
validating of technical, functional, and performance characteristics (including
interoperability) of systems or elements of systems incorporating information
technology.
threat
A circumstance or event that has or indicates the potential to exploit vulnerabilities and
to adversely impact (create adverse consequences for) organizational operations,
organizational assets (including information and information systems), individuals, other
organizations, or society. Extended Includes an individual or group of individuals, entity
such as an organization or a nation), action, or occurrence.
threat actor
Synonym(s): threat agent
threat agent
An individual, group, organization, or government that conducts or has the intent to
conduct detrimental activities.
threat analysis
The detailed evaluation of the characteristics of individual threats. Extended In the NICE
Workforce Framework, cybersecurity work where a person: Identifies and assesses the
capabilities and activities of cyber criminals or foreign intelligence entities; produces
findings to help initialize or support law enforcement and counterintelligence
investigations or activities.
threat assessment
The product or process of identifying or evaluating entities, actions, or occurrences,
whether natural or man-made, that have or indicate the potential to harm life,
information, operations, and/or property.
ticket
In access control, data that authenticates the identity of a client or a service and,
together with a temporary encryption key (a session key), forms a credential.
TOR (The Onion Router)
Free software designed to make it possible for users to surf the Internet anonymously,
so their activities and location cannot be discovered by government agencies,
corporations, or anyone else.
traffic light protocol
A set of designations employing four colors (RED, AMBER, GREEN, and WHITE) used
to ensure that sensitive information is shared with the correct audience.
Trojan horse
A computer program that appears to have a useful function, but also has a hidden and
potentially malicious function that evades security mechanisms, sometimes by
exploiting legitimate authorizations of a system entity that invokes the program.
two-factor authentication
An extra layer of security that is known as “multi factor authentication” that requires not
only a password and username but also something that only that user has on them or
immediate accessabiltiy to.
unauthorized access
Any access that violates the stated security policy.
unencrypted
(of information or data) not converted into a code that would prevent unauthorized
access.
virus
A computer program that can replicate itself, infect a computer without permission or
knowledge of the user, and then spread or propagate to another computer.
vulnerability
A characteristic or specific weakness that renders an organization or asset (such as
information or an information system) open to exploitation by a given threat or
susceptible to a given hazard. Extended Characteristic of location or security posture or
of design, security procedures, internal controls, or the implementation of any of these
that permit a threat or hazard to occur. Vulnerability (expressing degree of vulnerability):
qualitative or quantitative expression of the level of susceptibility to harm when a threat
or hazard is realized.
Vulnerability Assessment and Management
In the NICE Workforce Framework, cybersecurity work where a person: Conducts
assessments of threats and vulnerabilities, determines deviations from acceptable
configurations, enterprise or local policy, assesses the level of risk, and develops and/or
recommends appropriate mitigation countermeasures in operational and non-
operational situations.
weakness
A shortcoming or imperfection in software code, design, architecture, or deployment
that, under proper conditions, could become a vulnerability or contribute to the
introduction of vulnerabilities.
weakness
Whaling is a specific kind of malicious hacking within the more general category of
phishing, which involves hunting for data that can be used by the hacker. Whaling
targets are generally high-ranking bankers, executives or others in powerful positions or
job titles while phishing efforts are focused on collecting personal data about users.
white box
A method of penetration testing in which the hacker is given access to information about
the internal details of the target network in order to provide a comprehensive test of the
network’s security strengths and weaknesses.
white hat
A Hacker who uses their abilities to identify security weaknesses in systems in a way
that will allow the system’s owners to fix the weakness.
White Team
A group responsible for refereeing an engagement between a Red Team of mock
attackers and a Blue Team of actual defenders of information systems.
whitelist
A list of entities that are considered trustworthy and are granted access or privileges.
work factor
An estimate of the effort or time needed by a potential adversary, with specified
expertise and resources, to overcome a protective measure.
work
A self-replicating, self-propagating, self-contained program that uses networking
mechanisms to spread itself.
zombie
Synonym(s): bot
