Omni Dimensions - Cybersecurity Experts!

33411
33463
33414
33458
33467
33415
33461
33436
33076
33418
33433
33428
33437
33462
33409
33410
33435
33407
33445
33460
33404
33417
33406
33401
33426
33484
33446
33470
33472
33440
33496
33444
33431
33486
33434
33432
33430
33487
33405
33413
33408
33478
33498
33412
33469
33483
33403
33477
33449
33480
33473
33476
33493
33438
33416
33439
33447
33402
33420
33419
33422
33421
33425
33424
33427
33429
33454
33448
33459
33464
33466
33465
33468
33474
33481
33482
33488
33497
33499

Information technology
IT company
Technical support
IT services
IT support
Network security
Cybersecurity
Cloud services

West Palm Beach
Palm Beach Gardens
Jupiter
Wellington
Boynton Beach
Delray Beach
Boca Raton
Palm Beach Gardens
North Palm Beach
Palm Beach
Lake Worth
Greenacres
Palm Beach Shores
Palm Springs
Riviera Beach
Royal Palm Beach
Juno Beach
South Palm Beach
Jupiter
Tequesta
Jupiter Inlet Colony
Wellington
Lake Worth Beach

Business Services
Managed IT & Support
IT Services
Network & WiFi
Cyber Security
Computers
System Upgrades
On-Site System Repair
End Point Protection & Backup
Security Camera Systems

Cloud technology
Cloud storage solutions
Hybrid cloud
Cloud storage providers
Service cloud
Cloud architecture
Cloud server
Cloud hosting
Cloud computing
Cybersecurity
Network security
IT security
Cybersecurity attack
Computer security software
Cybersecurity analyst
Cybersecurity companies
Cybersecurity engineer
IT services
Information technology specialist
IT manager
Infrastructure as a service
Managed IT services
Technology consulting
Tech solutions
IT service management
Network infrastructure
Programming
Software developer
Computer programming
Dynamic programming
Computer programmer
Web designer
Website creation
Code developer
App developer

Service Industries
Automotive & Towing
Construction & Trades
Entertainment Facilities
Healthcare
Law Offices
Real Estate & HOA
Retail
Restaurant

We believe there are serious cyber-security threats

computer security
internet security
IT security
network security

cybersecurity
cyber safety
cyber-safety
electronic information security
firewall
practice of defending computers
practice of defending data
practice of defending electronic systems
practice of defending mobile devices
practice of defending networks
practice of defending servers
practice of reducing cyber risk
preventative methods
protection from cyber attack
protection from unauthorized access
state of being safe from electronic crime
techniques of protecting computers
techniques of protecting data
techniques of protecting networks
techniques of protecting programs
ways of protecting computer systems
cybernetics

attempt to damage computer network
attempt to damage computer system
attempt to damage data
attempt to disrupt a computer network
attempt to disrupt a computer system
attempt to disrupt digital life
attempt to steal data
computer virus
computer vulnerability
cyber attack
cyber threat
cybersecurity threat
data breaches
flaw in a network
flaw in a system
malware
weakness in a network
weakness in a system

When it comes to being a cybersecurity professional, you not only have to have the knowledge to do the job but also the appropriate vocabulary. This is hardly a surprise since whenever a new field of expertise arrives on the scene, it inevitably spawns new words, acronyms, and phrases.

By being able to converse in the language of cybersecurity, you project an image of experience and competency, which can be reassuring to customers. After all, explaining that “the system is experiencing a data breach thanks to spyware uploaded by a Black Hat hacker” sounds like you know what you’re talking about, and also implies that you can handle the problem. Explaining that the “computer-thingy’s not working good because a bad guy who doesn’t work for the company has put something bad in it” won’t foster much confidence.

Top Cybersecurity Terms to Learn

    Authentication
    The process of identifying a user’s identity, making sure that they can have access to the system and/or files. This can be accomplished either by a password, retina scan, or fingerprint scan, sometimes even a combination of the above.
    Botnet
    A combination of the words “robot” and “network”, a botnet is a network of computers that have been infected with a virus, and now are working continuously in order to create security breaches. These attacks come in the form of Bitcoin mining, sending spam e-mails, and DDoS attacks (see below).
    Data Breach
    The result of a hacker successfully breaking into a system, gaining control of its network and exposing its data, usually personal data covering items such as credit card numbers, bank account numbers, Social Security numbers, and more.
    DDoS
    The acronym stands for Distributed Denial of Service and is a favorite Black Hat tool. Using multiple hosts and users, hackers bombard a website with a tidal wave of requests to such an extent that it locks up the system and forces it to temporarily shut down.
    Domain
    A series of computers and associated peripherals (routers, printers, scanners), that are all connected as one entity.
    Encryption
    Coding used to protect your information from hackers. Think of it like the code cipher used to send a top-secret coded spy message.
    Exploit
    A means of attack on a computer system, either a series of commands, malicious software, or piece of infected data. Note that in this context, “exploit” is a noun, not a verb, as in “The hacker used a malware exploit to gain access to the credit card’s server.”
    Firewall
    Any technology, be it software or hardware, used to keep intruders out.
    Hacker, Black Hat
    Any hacker who attempts to gain unauthorized access to a system with the intent to cause mischief, damage, or theft. They can be motivated by greed, a political agenda, or simply boredom.
    Hacker, White Hat
    A hacker who is invited to test out computer systems and servers, looking for vulnerabilities, for the purposes of informing the host of where security needs to be buffed up. They are benign hackers, personifying the old axiom “It takes a thief to catch a thief”. Sometimes called “ethical hackers.”

    CEH V10 View Course
    Malware
    A portmanteau of “malicious” and “software”, describing a wide variety of bad software used to infect and/or damage a system. Ransomware, worms, viruses, and trojans are all considered malware. It most often delivered via spam emails.
    Man in the Middle Attack
    An attack on the “middleman”, in this case, defined as the Wi-Fi system that connects users to the Internet. Hackers who commit Man in the Middle Attacks can break the Wi-Fi’s encryption and use this as a means of stealing your personal data because they’re now in the system.
    Phishing
    A scam where a hacker poses as a legitimate business or organization (especially credit card companies, banks, charities, Internet providers, other utilities) in order to fool the victim into giving them sensitive personal information or inducing them to click a link or attachment that ends up delivering malware. Some of these schemes are extremely well done, others are sloppy and amateurish and can be spotted with just a little extra vigilance.
    Ransomware
    A form of malware that hijacks your system and encrypts your files, denying you access to them until you send money to unlock everything. In other words, it kidnaps your computer and holds it for ransom, hence the clever name.
    Spoofing
    Sadly, this has nothing to do with Weird Al Yankovic doing a parody version of a popular song. Rather, it’s when a hacker changes the IP address of an email so that it seems to come from a trusted source.
    Spyware
    A form of malware used by hackers to spy on you and your computer activities. If a mobile device such as a smartphone is infected with spyware, a hacker can read your text messages, redirect your phone calls, and even track down where you are physically located!
    Trojan Horse
    Yet another form of malware, this one a misleading computer program that looks innocent, but in fact allows the hacker into your system via a back door, allowing them to control your computer.
    Virus
    Malware which changes, corrupts, or destroys information, and is then passed on to other systems, usually by otherwise benign means (e.g. sending an email). In some cases, a virus can actually cause physical damage.
    VPN
    An acronym standing for Virtual Private Network, a VPN is a method of connecting a series of computers and devices in a private encrypted network, with each user’s IP address being replaced by the VPN’s IP address. Users get Internet anonymity, making it difficult for hackers to attack.
    Worm
    Malware that can reproduce itself for the purposes of spreading itself to other computers in the network. Particularly nasty, worms can either be simply a means of slowing down a system by eating up resources, or by committing exploits such as installing back doors or stealing data.
    Cloud

    You already utilize cloud computing if you use Gmail for email, Google Drive for document storage, or Netflix to stream your favorite movies. These services are all built on the cloud. cloud computing is providing on-demand services over the internet.If you want to run a business and you need to keep user data and you decide to do it on a hard drive, you will need a lot of storage space and a tech staff for it.Cloud service providers like Microsoft Azure, AWS, and Google Cloud, which offer on-demand services and are both cost-effective and low-risk in terms of security, make this procedure simple.
    Software

    It is a group of applications that instruct a computer to carry out a task. In which Users can download and use a package that contains these instructions.A hard drive or magnetic diskette are common examples of external long-term memory devices where software is often kept. When it is in use the computer reads the program from the storage device and temporarily stores the instructions in random access memory (RAM). Google Chrome is one such example of application software.
    IP Address

    The world IP stands for Internet Protocol. An IP address is a series of numbers allocated to computers routers servers, and pretty much anything connected to the Internet, including websites. It functions very similarly to a standard address, allowing users to find any system or device on the global network by specifying its location
    Rootkit

    A rootkit is a collection of programs or software tools that allow hackers to remotely access and control a computer or network. Although rootkits do not directly damage users, they have been used for other purposes that are legal, such as remote end-user support. However, the majority of rootkits either leverage the system for additional network security attacks or open a backdoor on the targeted systems for the introduction of malware, viruses, and ransomware. Typically, a rootkit is installed without the victim's knowledge via a stolen password or by taking advantage of system flaws. In order to avoid being picked up by endpoint antivirus software, rootkits are typically employed in conjunction with other malware.
    BYOD (Bring Your Own Device)

    Bring Your Own Device (BYOD) is a company policy that permits, encourages, or mandates employees to access enterprise systems and data using their own personal devices, such as laptops, tablets, and smartphones, for work-related activities.
    Pen-testing

    An approach to security evaluation where manual exploitations and automated techniques are used by attack and security professionals. Only environments with a solid security infrastructure should employ this advanced kind of security evaluation with a mature security infrastructure. Penetration tests can disrupt operations and harm systems because they employ the same equipment, procedures, and methodology as malicious hackers
    Social Engineering

    Instead of breaking in or utilizing technical hacking techniques, social engineering is a growingly popular way to access restricted resources. This strategy relies on user manipulation and human psychology. An employee might get an email from a social engineer purporting to be from the IT department in order to deceive him into disclosing private information rather than trying to uncover a software weakness in a company system. Spear phishing assaults are built on a foundation of social engineering.
    Clickjacking

    While someone is tricked into clicking on one object on a web page when they want to click on another, this practice is known as clickjacking. In this manner, the attacker is able to use the victim's click against them. Clickjacking can be used to enable the victim's webcam, install malware, or access one of their online accounts.
    Deepfake

    A piece of audio or video that has been altered and changed to make it seem authentic or credible. The most perilous aspect of the prevalence of deepfakes is that they can easily convince individuals into believing a particular tale or idea, which may lead to user behavior that has a greater impact on society at large, such as in the political or financial spheres.
    Build Your Cybersecurity Skills from the Ground Up
    Cyber Security Expert Master's ProgramExplore Program
    Build Your Cybersecurity Skills from the Ground Up
    Multi-Factor Authentication

    Multi-factor authentication (MFA), also referred to as two-factor authentication, makes it more difficult for hackers to access your account by requiring you to provide at least two different credentials. MFA requires a second factor to confirm your identity in addition to your username and password, such as a one-time security code, a fingerprint scan, or a face recognition scan.
    User Authentication

    A technique to prevent unauthorized users from accessing sensitive data is user authentication. For instance, User A can only see data that is relevant and cannot view User B's sensitive information.
    Antivirus

    The newest virus detection technology is integrated into anti-virus systems to shield users against viruses, spyware, trojans, and worms that can damage computer hardware through email or web browsing.
    Ethical Hacking

    With the owner's permission, breaches the network to obtain sensitive information—completely legal. Typically, this technique is used to check for infrastructure weaknesses.
    Cyber Attack

    Any attempt to breach a logical environment's security boundary. An attack may concentrate on intelligence gathering, disrupting company operations, exploiting weaknesses, keeping track of targets, stopping work, obtaining value, harming logical or physical assets, or leveraging system resources to enable assaults against other targets.
    Network

    Two or more computers connected together to share resources (such printers and CDs), exchange files, or enable electronic communications make up a network. A network's connections to its computers can be made by cables, phone lines, radio waves, satellites, or infrared laser beams.
    Internet of Things

    The phrase "Internet of Things" (IoT) refers to commonplace items that are connected to the internet and are capable of autonomously collecting and transferring data without requiring human input. Any physical thing that can be given an IP address and can transport data is considered to be a part of the Internet of Things, which also includes traditional computers, vehicles, CCTV cameras, household appliances, and even people.
    Penetration Test

    A penetration test, commonly referred to as a pen test, simulates a cyberattack on your computer system to look for weaknesses that could be exploited.Pen testing involves attempting to get into any number of application systems (such as frontend/backend servers, APIs, etc.) in order to find security holes like unsanitized inputs that are vulnerable to code injection attacks.

Advanced Persistent Threat (APT)

In an APT attack a threat actor uses the most sophisticated tactics and technologies to penetrate a high profile network. APTs aim to stay ‘under the radar’ and explore the network while remaining undetected for weeks, months and even years. APTs are most often used by nation-state threat actors wishing to cause severe disruption and damage to the economic and political stability of a country. They can be considered the cyber equivalent of espionage ‘sleeper cells’.
Advanced Threat Protection (ATP)

Advanced Threat Protection (ATP) are security solutions that defend against sophisticated malware or hacking attacks targeting sensitive data. Advanced Threat Protection includes both software and managed security services.
Adware

Adware bombards users with endless ads and pop-up windows and cause a nuisance to user experience. Adware can also pose a real danger to devices and the unwanted ads can included malware or redirect user searches to malicious websites that collect personal data about users. Adware programs are often built into freeware or shareware programs, where the adware operator collects an indirect fee for using the program. Adware programs usually do not show themselves in the system in any way. Adware programs seldom include a de-installation procedure, and attempts to remove them manually may cause the original carrier program to malfunction. Read more
Anti-Botnet

Anti-Botnet tools automatically generate botnet checks when a user browses to a website. If a risk is detected, it sends back a warning message to the device. The most common anti-botnet solution is, CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart). Read more on Allot’s solutions for Home Security.
Anti-Malware

Anti-Malware is a program designed to protect computers and networks against any threats or attacks from viruses such as adware, spyware, and any such other malicious programs
Anti-Phishing

Anti-Phishing protects users from fraudulent websites, often perfect replicas of legitimate websites, undetectable to the human eye. Protection is enforced by detecting fraudulent emails, and by blocking phishing websites. Read more
Anti-Virus

Anti-Virus solutions integrate the latest generation of virus detection technology to protect users from viruses, spyware, trojans, and worms that can infect equipment through email or internet browsing.
Attack Vector

An Attack Vector is the collection of all vulnerable points by which an attacker can gain entry into the target system. Attack vectors include vulnerable points in technology as well as human behavior, skillfully exploited by attackers to gain access to networks. The growth of IoT devices and (Work from Home) have greatly increased the attack vector, making networks increasingly difficult to defend.
Authentication

Authentication is the process of verifying the identity of a user or piece of information and the veracity of information provided. In computing, it is the process of identifying a person or system with the username, password, etc. Authentication helps individuals and systems gain authorization based on their identity and prevent unauthorized access.
Backdoor

A Backdoor is used by attackers to gain access to a computer or a network. A programmer may bypass security steps and gain access to a computer by trapdoor programs, in the event of an attack on the computer system or networks. Attackers may also use such mechanisms to enter computers or networks without proper permission.
Banker Trojan

A Banker Trojan is a malicious computer program that intercepts sensitive personal information and credentials for accessing online bank or payment accounts. Read more
Blacklist, Blocklist, Denylist

Blacklist, Blocklist or Denylist is a basic access control mechanism that allows elements such as email addresses, users, passwords, URLs, IP addresses, domain names, file hashes, etc. through the system, except those explicitly mentioned which are denied access.

Bot A Bot is a program that automates actions on behalf of an agent for some other program or person, and is used to carry out routine tasks. Their use for malicious purposes includes spam distribution, credentials harvesting, and the launching of DDoS attacks.
Botnet

A Botnet is a collection of compromised computers running malicious programs that are controlled remotely by a C&C (command & control) server operated by a cyber-criminal. Cybercriminals exercise remote control through automated processes (bots) in public IRC channels or web sites. (Such web sites may either be run directly by the ‘bot herder,’ or they may be legitimate web sites that have been subverted for this purpose.) Read more on Allot’s solutions for Home Security.
Brute Force Attack

This is a method for guessing a password (or the key used to encrypt a message) that involves systematically trying a high volume of possible combinations of characters until the correct one is found. One way to reduce the susceptibility to a Brute Force Attack is to limit the number of permitted attempts to enter a password – for example, by allowing only three failed attempts and then permitting further attempts only after 15 minutes.
Business Continuity Plan

A Business Continuity Plan is an organization’s playbook for how to operate in am emergency situation, like a massive cyberattack. The business continuity plan provides safeguards against a disaster, and outlines the strategies and action plan on how to continue business as usual in the event of any large-scale cyber event. Read more on Allot’s solutions for Business Security.
Business Disruption

The term Business Disruption refers to any interruption in the usual way that a system, process, or event works. Cyberattacks cause disruption to business operations and the associated risk of losses to the organization. Read more on Allot’s solutions for Business Security.
BYOC

Bring Your Own Computer (BYOC) is a fairly recent enterprise computing trend by which employees are encouraged or allowed to bring and use their own personal computing devices to perform some or part of their job roles, specifically personal laptop computers.
BYOD

Bring Your Own Device (BYOD) is a policy of the organization allowing, encouraging or requiring its employees to use their personal devices such as smartphones, Tablet PCs, and laptops for official business purposes and accessing enterprise systems and data.
BYOL

Bring Your Own Laptop (BYOL) is a specific type of BYOC by which employees are encouraged or allowed to bring and use their own laptops to perform some or part of their job roles, including possible access to enterprise systems and data.
CAPTCHA

A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a challengeresponse test commonly used by websites to verify the user is a real human and not a bot. They can include simple arithmetic and questions about images, that bots have difficulty answering.
Clickjacking

Clickjacking involves tricking someone into clicking on one object on a web page while they think they are clicking on another. The attacker loads a transparent page over the legitimate content on the web page, so that the victim thinks they are clicking on a legitimate item when they are really clicking on something on the attacker’s invisible page. This way, the attacker can hijack the victim’s click for their own purposes. Clickjacking could be used to install malware, to gain access to one of the victim’s online accounts, or to enable the victim’s webcam.
Clientless

Clientless refers to a program that is run entirely from the network, without requiring any installation of software on the endpoint device running the program. Code Injection Code Injection is commonly used by malware to evade detection by antivirus and anti-malware programs by injecting a malicious code into a legitimate process. This way the legitimate process serves as camouflage so all anti-malware tools can see running is the legitimate process and thus obfuscates the malicious code execution.
COTS (Commercial off-the Shelf)

Commercial off-the Shelf or Commercially Available offthe Shelf (COTS) products are packaged solutions which are then adapted to satisfy the needs of the purchasing organization, rather than the commissioning of custommade, or bespoke, solutions.
Critical Infrastructure

Critical Infrastructure represents the fundamental systems of an organization that are important for its survival and where any threat to such basic systems would endanger the entire organization.
Cryptojacking

Cryptojacking consists of hackers using the computing power of a compromised device to generate or “mine” cryptocurrency without the owner’s knowledge. Mining can be performed either by installing a malicious program on the target computer or through various kinds of fileless malware. Sometimes attackers take over part of the computer’s processing power when a page containing a special mining script is opened. Cryptojacking has been known to occur when viewing online ads or solving a CAPTCHA.
Cyberbullying

Cyberbullying is the use of electronic means, primarily messaging and social media platforms, to bully and harass a victim. Cyberbullying has become a major problem, especially affecting young people, as it allows bullies to magnify their aggressive behavior, publicly ridicule victims on a large scale, and carry out damaging activities in a way that is difficult for parents and teachers to detect.
Cybersecurity

Cybersecurity relates to processes employed to safeguard and secure assets used to carry information of an organization from being stolen or attacked. It requires extensive knowledge of the possible threats such as virus or such other malicious objects. Identity management, risk management and incident management form the crux of cybersecurity strategies of an organization. Read more
Dark Web

The Dark Web is encrypted parts of the internet that are not indexed by search engines, most notoriously used by all types of criminals including; pedophiles, illicit human and contraband traffickers, and cybercriminals, to communicate and share information without being detected or identified by law enforcement. Malware of all types can be purchased on the dark web. A subset of the deep web, which can be accessed by anyone with the correct URL, dark web pages need special software (ex. Tor) with the correct decryption key and access rights and knowledge to find content. Users of the dark web remain almost completely anonymous due to its P2P network connections which makes network activity very difficult to trace.
Data Breach

A Data Breach is the event of a hacker successfully exploiting a network or device vulnerability and gains access to its files and data.
Data Integrity

Data Integrity is a broad term that refers to the maintenance and assurance of data quality. This includes the accuracy and consistency of data over its entire lifecycle. Data Integrity is an important part of the design, implementation and use of any data system which stores, processes, or retrieves information. The term is broad in scope and may have widely different meanings depending on the specific context
Data LossPrevention (DLP)

Data Loss Prevention (DLP) is an umbrella term for a collection of security tools, processes and procedures that aim to prevent sensitive data from falling into unauthorized or malicious hands. DLP aims at preventing such occurrences through various techniques such as strict access controls on resources, blocking or monitoring email attachments, preventing network file exchange to external systems, blocking cut-and-paste, disabling use of social networks and encrypting stored data.
Data Theft

Data Theft is the deliberate theft of sensitive data by nefarious actors.
DDoS

A Denial of Service (DoS) or Distributed Denial of Service (DDoS) attack is when one or more compromised systems launch a flooding attack on a remote target(s), in an attempt to overload network resources and disrupt service. Some DDoS attacks have caused prolonged, complete service shutdowns of major online operators. Learn more about DDoS attack types.
Decryption

Decryption is the process of decoding cipher text to plain text, so it is readable by humans. It is the reverse of encryption, the process of converting plain text to cipher text. Cybercriminals use decryption software and techniques to ‘break’ security encryption and gain access to protected information.
Detection and Response

Network Detection and Response is a security solution category used by organizations to detect malicious network activity, perform forensic investigation to determine root cause, and then respond and mitigate the threat.
Digital Forensics

Digital Forensics is the process of procuring, analyzing, and interpreting electronic data for the purpose of presenting it in as legal evidence in a court of law.
Digital Transformation

Digital Transformation is the process of using digital technologies to create or modify business processes and customer experiences to keep up-to-date with current business and market requirements.
Domain Name Systems (DNS) Exfiltration

Domain Name System (DNS) Exfiltration is a lower level attack on DNS servers to gain unauthorized access. Such attacks are difficult to detect and can lead to loss of data. Read more on Allot’s DNS solutions.
Drive By Download Attack

Drive-by Downloads or attacks are a common method of spreading malware. Cybercriminals look for insecure web sites and plant a malicious script into HTTP or PHP code on one of the pages. This script may install malware directly onto the computer of someone who visits the site, or it may take the form of an IFRAME that re-directs the victim to a site controlled by the cybercriminals. Such attacks are called ‘drive-by downloads’ because they require no action on the part of the victim — beyond simply visiting the compromised web site: they are infected automatically (and silently) if their computer is vulnerable in some way (e.g., if they have failed to apply a security update to one of their applications).
Encryption

Encryption is a process of maintaining data confidentiality by converting plain data into a secret code with the help of an encryption algorithm. Only users with the appropriate decryption key can unscramble and access encrypted data or cipher text.
Endpoint Protection

Endpoint Protection refers to a system for network security management that monitors network endpoints, hardware devices such as workstations and mobile devices from which a network is accessed. Read more on Allot’s Endpoint Protection solutions.
Endpoint Detection and Response (EDR)

Endpoint Detection and Response (EDR) are tools for protecting computer endpoints from potential threats. EDR platforms comprise software and networking tools for detecting suspicious endpoint activities, usually via continuous monitoring.
Exploit

An exploit is taking advantage of a vulnerability or flaw in a network system to penetrate or attack it.
Fast Identity Online (FIDO)

Fast Identity Online (FIDO) is a set of open authentication standards that enable a service provider to leverage existing technologies for passwordless authentication.
Fileless Malware

Fileless Malware (FM), aka “non-malware,” or “fileless infection,” is a form of malicious computer attack that exists exclusively within the realm of volatile data storage components such as RAM, inmemory processes, and service areas. This differentiates this form of malware from the classic memory-resident virus which requires some contact with non-volatile storage media, such as a hard disk drive or a thumb drive. Normally picked up following visits to malicious websites, fileless malware does not exist as a file that can be detected by standard antivirus programs. It lurks within a computer’s working memory and is exceptionally difficult to identify. However, this type of malware rarely survives a computer reboot, after which the computer should work as it did prior to infection.
Firewall

A Firewall is a security system that forms a virtual perimeter around a network of workstations preventing viruses, worms, and hackers from penetrating.
Greylist

A Greylist contains items that are temporarily blocked (or temporarily allowed) until an additional step is performed.
Hacker

A Hacker is a term commonly used to describe a person who tries to gain unauthorized access into a network or computer system.
Honeypot

Honeypots are computer security programs that simulate network resources that hackers are likely to look for to lure them in and trap them. An attacker may assume that you’re running weak services that can be used to break into the machine. A honeypot provides you advanced warning of a more concerted attack. Two or more honeypots on a network form a honeynet.
Identity and Access Management (IAM)

Identity and Access Management (IAM) is the process used by an organization to grant or deny access to a secure system. IAM is an integration of work flow systems that involves organizational think tanks who analyze and make security systems work effectively.
Identity

Theft Identity Theft occurs when a malicious actor gathers enough personal information from the victim (name, address, date of birth, etc.) to enable him to commit identity fraud – i.e., the use of stolen credentials to obtain goods or services by deception. Stolen data can be used to create a new account in the victim’s name (e.g., a bank account), to take over an existing account held by the victim (e.g., a social network account), or to masquerade as the victim while carrying out criminal activities.
Indicators of Compromise (IOC)

Indicators of Compromise (IoC) are bits of forensic data from system log entries or files that identify potentially malicious activity on a system or network. Indicators of Compromise aid information security and IT professionals in detecting data breaches, malware infections, or other threat activity.
In-line Network Device

An In-line Network Device is one that receives packets and forwards them to their intended destination. In-line network devices include routers, switches, firewalls, and intrusion detection and intrusion prevention systems, web application firewalls, anti-malware and network taps. Allot NetworkSecure delivers comprehensive in-line cybersecurity protection to CSP subscribers.
Insider Threat

An Insider Threat is when an authorized system user, usually an employee or contractor, poses a threat to an organization because they have authorized access to inside information and therefore bypass most perimeterbased security solutions.
Intrusion Prevention System (IPS)

An Intrusion Prevention System (IPS) is a network security system designed to prevent network penetration by malicious actors.
IoT

The term Internet of Things (IoT) is used to describe everyday objects that are connected to the internet and are able to collect and transfer data automatically, without the need for human interaction. The Internet of Things encompasses any physical object (not just traditional computers) that can be assigned an IP address and can transfer data: this includes household appliances, utility meters, cars, CCTV cameras, and even people (e.g., heart implants). Read more on Allot’s solutions for IoT Security.
Keylogger

A Keylogger is a kind of spyware software that records every keystroke made on a computer’s keyboard. It can record everything a user types including instant messages, email, usernames and passwords.
Malvertising

Malvertising is the use of online ads to distribute malicious programs. Cybercriminals embed a special script in a banner, or redirect users who click on an ad to a special page containing code for downloading malware. Special methods are used to bypass large ad network filters and place malicious content on trusted sites. In some cases, visitors do not even need to click on a fake ad — the code executes when the ad is displayed.
Malware

Malware is a general term for any type of intrusive computer software with malicious intent against the user.
Man-in-theMiddle Attack

A man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other. For example, a victim believes he’s connected to his bank’s web site and the flow of traffic to and from the real bank site remains unchanged, so the victim sees nothing suspicious. However, the traffic is re-directed through the attacker’s site, allowing the attacker to gather any personal data entered by the victim (login, password, PIN, etc.).
MITRE ATT&CK™ Framework

The MITRE ATT&CK™ framework is a comprehensive matrix of tactics and techniques used by threat hunters, red teamers, and defenders to better classify attacks and assess an organization’s risk. The aim of the framework is to improve post-compromise detection of adversaries in enterprises by illustrating the actions an attacker may have taken.
Network-based (cyber) Security

Mass-market cybersecurity services (e.g., anti-malware, anti-phishing) that operate from within a CSP’s network and not at the endpoint, such as a PC or a mobile device. Network-based services can protect any connected device regardless of model or operating system. This type of service, however, cannot be bypassed like other cybersecurity solutions and they can be implemented with no software installation, upgrades or configuration required on the part of the end user, leading to high rates of service adoption. Read more on Allot’s solutions for Network Security.
Parental Controls

Parental Controls are features which may be included in digital television services, computer and video games, mobile devices and software that allow parents to restrict the access of content to their children. These controls were created to help parents control which types of content can be viewed by their children. Read more on Allot’s solutions for Network Security.
Patch

A Patch provides additional, revised or updated code for an operating system or application. Except for open source software, most software vendors do not publish their source code. So, patches are typically pieces of binary code that are patched into an existing program (using an install program).
Pen Testing

Pen (Penetration) Testing is the practice of intentionally challenging the security of a computer system, network or web application to discover vulnerabilities that an attacker or hacker could exploit.
Phishing

Phishing is a type of internet fraud that seeks to acquire a user’s credentials by deception. It includes theft of passwords, credit card numbers, bank account details, and other confidential information. Phishing messages usually take the form of fake notifications from banks, providers, e-pay systems, and other organizations. The phishing attempt will try to encourage a recipient, for one reason or another, to enter/update personal data. Common reasons given can include “suspicious login to the account,” or “expiration of the password.” Read more on Allot’s solutions for Network Security.
PII

Personal Identifiable Information (PII or pii) is a type of data that identifies the unique identity of an individual.
Process Hollowing

Process Hollowing is a security exploit in which an attacker removes code in an executable file and replaces it with malicious code. The process hollowing attack is used by hackers to cause an otherwise legitimate process to execute malicious code. This attack can be done while evading potential defenses, such as detection analysis software.
Ransomware

Ransomware is the name given to malicious programs designed to extort money from victims by blocking access to the computer or encrypting stored data. The malware displays a message offering to restore the system/data in return for payment. Sometimes, cybercriminals behind the scam try to lend credibility to their operation by masquerading as law enforcement officials. Their ransom message asserts that the system has been blocked, or the data encrypted, because the victim is running unlicensed software or has accessed illegal content, and that the victim must pay a fine. Read more on Allot’s solutions for Business Security.
Remote Desktop Protocol (RDP)

RDP is a protocol for remotely connecting to computers running Windows. It enables interaction with desktop elements as well as access to other device resources. RDP was conceived as a remote administration tool. However, it is often used by intruders to penetrate targeted computers. By exploiting incorrectly configured RDP settings or system software vulnerabilities, cybercriminals can intercept an RDP session and log into the system with the victim’s permissions.
Risktool

Risktool programs have various functions, such as concealing files in the system, hiding the windows of running applications, or terminating active processes. They are not malicious in themselves, but include cryptocurrency miners that generate coins using the target device’s resources. Cybercriminals usually use them in stealth mode. Unlike NetTool, such programs are designed to operate locally.
Rootkit

A Rootkit is a collection of software tools or a program that gives a hacker remote access to, and control over, a computer or network. Rootkits themselves do not cause direct harm - and there have been legitimate uses for this type of software, such as to provide remote enduser support. However, most rootkits open a backdoor on targeted computers for the introduction of malware, viruses, and ransomware, or use the system for further network security attacks. A rootkit is typically installed through a stolen password, or by exploiting system vulnerabilities without the victim’s knowledge. In most cases, rootkits are used in conjunction with other malware to prevent detection by endpoint antivirus software.
Sandbox(ing)

In cybersecurity, a sandbox is an isolated environment on a network that mimics end-user operating environments. Sandboxes are used to safely execute suspicious code without risking harm to the host device or network.
Scareware

Scareware is malware that uses scare tactics, often in the form of pop-ups that falsely warn users they have been infected with a virus, to trick users into visiting malware containing websites.
SECaaS

Security as a Service (SECaaS) is a type of cloud computing service where the provider offers the customer the ability to use a provided application. Examples of a SECaaS include online e-mail services or online document editing systems. A user of a SECaaS solution is only able to use the offered application and make minor configuration tweaks. The SECaaS provider is responsible for maintaining the application. Allot Secure is the first solution to offer SECaaS en mass to network service subscribers. Read more on Allot’s solutions for Network Security.
Secure Socket Layer (SSL)

A Secure Sockets Layer (SSL) is the standard security technology for establishing an encrypted link between a web server and a browser. SSL was originally developed by Netscape to allow the private transmission of documents via the Internet.
Security Incident Response

Incident response is a planned approach to addressing and managing the reaction after a cyber attack or network security breach. The goal is to have clear procedures defined before an attack occurs to minimize damage, reduce disaster recovery time, and mitigate breach-related expenses.
Security Operations Center (SOC)

An Information Security Operations Center ( ISOC or SOC) is a facility where enterprise information systems (web sites, applications, databases, data centers and servers, networks, desktops and other endpoints) are monitored, assessed, and defended by SOC analysts.
Security Perimeter

A Security Perimeter is a digital boundary that is defined for a system or domain within which a specified security policy or security architecture is applied.
SIEM (Security Information and Event Management)

Security Information and Event Management (SIEM) is a formal process by which the security of an organization is monitored and evaluated on a constant basis. SIEM helps to automatically identify systems that are out of compliance with the security policy as well as to notify the IRT (Incident Response Team) of any security violating events.
SIM Swapping

SIM Swapping is a scam used to intercept online banking SMS verification codes. To get hold of one-time passwords for financial transactions, cybercriminals create or fraudulently obtain a copy of the victim’s SIM card — for example, pretending to be the victim, the attacker might claim to have lost the SIM card and request a new one from the mobile operator. To protect clients from such schemes, most banks require that a replacement SIM card be re-linked to the account.
Sniffing

Packet sniffing allows the capture of data as it is being transmitted over a network. Packet sniffer programs are used by network professionals to diagnose network issues. Malicious actors can use sniffers to capture unencrypted data like passwords and usernames in network traffic. Once this information is captured, the bad actor can then gain access to the system or network.
SOAR (Security Orchestration, Automation and Response)

SOAR (Security Orchestration, Automation and Response) is a solution stack of compatible software programs that organizations use to collect data about security threats from across the network and respond to low-level security events without human assistance.
Social Engineering

Social Engineering is an increasingly popular method of gaining access to unauthorized resources by exploiting human psychology and manipulating users - rather than by breaking in or using technical hacking techniques. Instead of trying to find a software vulnerability in a corporate system, a social engineer might send an email to an employee pretending to be from the IT department, trying to trick him into revealing sensitive information. Social engineering is the foundation of spear phishing attacks.
Spam

Spam is the name commonly given to unsolicited email. Essentially unwanted advertising, it’s the email equivalent of physical junk mail delivered through the post.
Spear Phishing

Spear Phishing is a phishing scam that targets a specific individual or organization, usually via a personalized email, SMS or other electronic communication to defraud them under the guise of a legitimate transaction.
Spoofing

A Spoof is an attack attempt by an unauthorized entity or attacker to gain illegitimate access to a system by posing as an authorized user. Spoofing includes any act of disguising a communication from an unknown source as being from a known, trusted source. Spoofing can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address.
Spyware

Spyware is software that is secretly installed on a user’s device to gather sensitive data. Spyware quietly collects information such as credentials and sends it outside the network to bad actors. Spyware often comes in the form of a free download and is installed automatically, with or without user consent.
Threat Assessment

Threat Assessment is a structured process used to identify and evaluate various risks or threats that an organization might be exposed to. Cyber threat assessment is a crucial part of any organization’s risk management strategy and data protection efforts.
Threat Hunting

Cyber Threat Hunting is an active cyber defense activity where cybersecurity professionals actively search networks to detect and mitigate advanced threats that evade existing security solutions.
Threat Intelligence

Threat Intelligence, or cyber threat intelligence, is intelligence proactively obtained and used to understand the threats that are targeting the organization. Trojan Trojans are malicious programs that perform actions that are not authorized by the user: they delete, block, modify or copy data, and they disrupt the performance of computers or computer networks. Unlike viruses and worms, Trojans are unable to make copies of themselves or self-replicate.
Two-factor Authentification (2FA)

Two-factor Authentification combines a static password with an external authentication device such as a hardware token that generates a randomly-generated one-time password, a smart card, an SMS message (where a mobile phone is the token), or a unique physical attribute like a fingerprint.
Two-step Authentification

Two-step Authentification is commonly used on websites and is an improvement over single factor authentication. This form of authentication requires the visitor to provide their username (i.e. claim an identity) and password (i.e. the single factor authentication) before performing an additional step. The additional step could be receiving a text message with a code, then typing that code back into the website for confirmation. Alternatives include receiving an email and needing to click on a link in the message for confirmation, or viewing a pre-selected image and statement before typing in another password or PIN.
Virus

A Virus is a malicious computer program that is often sent as an email attachment or a download with the intent of infecting that device. Once the device is infected, a virus can hijack the web browser, display unwanted ads, send spam, provide criminals with access to the device and contact list, disable security settings, scan, and find personal information like passwords.
VPN

A Virtual Private Network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. It essentially a virtual, secure corridor.
Vulnerability

Vulnerabilities are weaknesses in software programs that can be exploited by hackers to compromise computers.
WAF

A Web Application Firewall (WAF) is a specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service. By inspecting HTTP traffic, it can prevent attacks exploiting a web application’s known vulnerabilities, such as SQL injection, cross-site scripting (XSS), file inclusion, and improper system configuration.
White Hat - Black Hat

White hat - Black Hat are terms to describe the ‘good guys’ and ‘bad guys’ in the world of cybercrime. Blackhats are hackers with criminal intentions. White-hats are hackers who use their skills and talents for good and work to keep data safe from other hackers by finding system vulnerabilities that can be fixed.
Whitelist, Allowlist

A Whitelist, allowlist, passlist is a list of permitted items that are automatically let through whatever gate is being used. Worm A Worm is a computer program that installs itself on a victim’s device and then looks for a way to spread to other computers, causing damage by shutting down parts of the network. Read more on Allot’s solutions for Whitelist/Allowlist.
Zero-day Exploit

This term is used to describe exploit code that has been written to take advantage of a vulnerability before the software vendor knows about it and can publish a patch for it. The result is that would-be attackers are free to exploit the vulnerability, unless proactive exploit prevention technologies have been implemented to defend the computer being targeted by the attacker.
Zero-touch Provisioning or Deployment

Zero-Touch Provisioning (ZTP) is an automatic device configuration process that frees IT administrators for more important tasks. The automated process reduces the possibility of errors when manually configuring devices and slashes the time it takes to set up devices for employee use, often without requiring IT intervention. Users can set up their devices with a few clicks, eliminating the need for administrators to create and track system images or manage the infrastructure required to push those images to new or repurposed devices.

Information technology
IT company
Technical support
IT services
IT support
Network security
Cybersecurity
Cloud services

West Palm Beach
Palm Beach Gardens
Jupiter
Wellington
Boynton Beach
Delray Beach
Boca Raton
Palm Beach Gardens
North Palm Beach
Palm Beach
Lake Worth
Greenacres
Palm Beach Shores
Palm Springs
Riviera Beach
Royal Palm Beach
Juno Beach
South Palm Beach
Jupiter
Tequesta
Jupiter Inlet Colony
Wellington
Lake Worth Beach

Business Services
Managed IT & Support
IT Services
Network & WiFi
Cyber Security
Computers
System Upgrades
On-Site System Repair
End Point Protection & Backup
Security Camera Systems

Cloud technology
Cloud storage solutions
Hybrid cloud
Cloud storage providers
Service cloud
Cloud architecture
Cloud server
Cloud hosting
Cloud computing
Cybersecurity
Network security
IT security
Cybersecurity attack
Computer security software
Cybersecurity analyst
Cybersecurity companies
Cybersecurity engineer
IT services
Information technology specialist
IT manager
Infrastructure as a service
Managed IT services
Technology consulting
Tech solutions
IT service management
Network infrastructure
Programming
Software developer
Computer programming
Dynamic programming
Computer programmer
Web designer
Website creation
Code developer
App developer

Service Industries
Automotive & Towing
Construction & Trades
Entertainment Facilities
Healthcare
Law Offices
Real Estate & HOA
Retail
Restaurant

33411
33463
33414
33458
33467
33415
33461
33436
33076
33418
33433
33428
33437
33462
33409
33410
33435
33407
33445
33460
33404
33417
33406
33401
33426
33484
33446
33470
33472
33440
33496
33444
33431
33486
33434
33432
33430
33487
33405
33413
33408
33478
33498
33412
33469
33483
33403
33477
33449
33480
33473
33476
33493
33438
33416
33439
33447
33402
33420
33419
33422
33421
33425
33424
33427
33429
33454
33448
33459
33464
33466
33465
33468
33474
33481
33482
33488
33497
33499

Regardless of your role in an organization, this glossary of cybersecurity terms was compiled for everyone from the security professional to the general end-user. Here, you’ll find definitions of terms commonly used in the security industry. Uncover knowledge areas in which you excel and where you want to expand.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A

Top

access control — The means and mechanisms of managing access to and use of resources by users. There are three primary forms of access control: DAC, MAC, and RBAC. DAC (Discretionary Access Control) manages access through the use of on-object ACLs (Access Control Lists), which indicate which users have been granted (or denied) specific privileges or permissions on that object. MAC (Mandatory Access Control) restricts access by assigning each subject and object a classification or clearance level label; resource use is then controlled by limiting access to those subjects with equal or superior labels to that of the object. RBAC (Role Base Access Control) controls access through the use of job labels, which have been assigned the permissions and privilege needed to accomplish the related job tasks. (Also known as authorization.)

anti-virus (anti-malware) — A security program designed to monitor a system for malicious software. Once malware is detected, the AV program will attempt to remove the offending item from the system or may simply quarantine the file for further analysis by an administrator. It is important to keep AV software detection databases current in order to have the best chance of detecting known forms of malware.

antivirus software — A software program that monitors a computer system or network communications for known examples of malicious code and then attempts to remove or quarantine the offending items. (Also known as Malware Scanner.) Most anti-virus (AV) products use a pattern recognition or signature matching system to detect the presence of known malicious code. Some AV products have adopted technologies to potentially detect new and unknown malware. These technologies include anomaly detection (i.e. watch for programs which violate specific rules), behavioral detection (i.e. watch for programs that have behaviors that are different from the normal baseline of behavior of the system), and heuristic detection (i.e. watch for programs that exhibit actions which are known to be those of confirmed malware; it is a type of technological profiling).

APT (Advanced Persistent Threat) — A security breach that enables an attacker to gain access or control over a system for an extended period of time usually without the owner of the system being aware of the violation. Often an APT takes advantage of numerous unknown vulnerabilities or zero day attacks, which allow the attacker to maintain access to the target even as some attack vectors are blocked.

asset — Anything that is used in and is necessary to the completion of a business task. Assets include both tangible and intangible items such as equipment, software code, data, facilities, personnel, market value and public opinion.

authentication — The process of proving an individual is a claimed identity. Authentication is the first element of the AAA services concept, which includes Authentication, Authorization, and Accounting. Authentication occurs after the initial step of identification (i.e. claiming an identity). Authentication is accomplished by providing one or more authentication factors—Type 1: something you know (e.g. password, PIN, or combination), Type 2: something you have (e.g. smart card, RSA SecureID FOB, or USB drive), and Type 3: something you are (e.g. biometrics—fingerprint, iris scan, retina scan, hand geometry, signature verification, voice recognition, and keystroke dynamics).

authorization — The security mechanism determining and enforcing what authenticated users are authorized to do within a computer system. The dominant forms of authorization are DAC, MAC and RBAC. DAC (Discretionary Access Control) manages access using ACL (Access Control Lists) on each resource object where users are listed along with the permissions or privileges granted or denied them. MAC (Mandatory Access Control) manages access using labels of classification or clearance on both subjects and objects, and only those subjects with equal or superior clearance are allowed to access resources. RBAC (Role Based Access Control) manages access using labels of a job role that has been granted the permissions and privileges needed to accomplish a specific job or role.

B

Top

backing up — Creating a duplicate copy of data onto a separate physical storage device or online/cloud storage solution. A backup is the only insurance against data loss. With a backup, damaged or lost data files can be restored. Backups should be created on a regular, periodic basis such as daily. A common strategy is based on the 3-2-1 rule: you should have three copies of your data - the original and 2 backups; you should use 2 different types of media (such as a physical media (such as a hard drive or tape) and a cloud storage solution); and do not store the three copies of data in 1 plane (i.e. backups should be stored offsite). It is important to store backups for disaster recovery at an offsite location in order to insure they are not damaged by the same event that would damage the primary production location. However, additional onsite backups can be retained for resolving minor issues such as accidental file deletion or hard drive failure.

BCP (Business Continuity Planning) — A business management plan used to resolve issues that threaten core business tasks. (Also known as Business Continuity Management.) The goal of BCP is to prevent the failure of mission critical processes when they have be harmed by a breach or accident. Once core business tasks have been stabilized, BCP dictates the procedure to return the environment back to normal conditions. BCP is used when the normal security policy has failed to prevent harm from occurring, but before the harm has reached the level of fully interrupting mission critical processes, which would trigger the Disaster Recovery Process (DRP).

behavior monitoring — Recording the events and activities of a system and its users. The recorded events are compared against security policy and behavioral baselines to evaluate compliance and/or discover violations. Behavioral monitoring can include the tracking of trends, setting of thresholds and defining responses. Trend tracking can reveal when errors are increasing requiring technical support services, when abnormal load levels occur indicating the presence of malicious code, or when production work levels increase indicating a need to expand capacity. Thresholds are used to define the levels of activity or events above which are of concern and require a response. The levels below the threshold are recorded but do not trigger a response. Responses can be to resolve conflicts, handle violations, prevent downtime or improve capabilities.

blacklist — A security mechanism prohibiting the execution of those programs on a known malicious or undesired list of software. The blacklist is a list of specific files known to be malicious or otherwise are unwanted. Any program on the list is prohibited from executing while any other program, whether benign or malicious, is allowed to execute by default. (See whitelist.)

block cipher — A type of symmetric encryption algorithm that divides data into fixed length sections and then performs the encryption or decryption operation on each block. The action of dividing a data set into blocks enables the algorithm to encrypt data of any size.

botnet — A collection of innocent computers which have been compromised by malicious code in order to run a remote control agent granting an attacker the ability to remotely take advantage of the system's resources in order to perform illicit or criminal actions. These actions include DoS flooding attacks, hosting false Web services, spoofing DNS, transmitting SPAM, eavesdropping on network communications, recording VOIP communications and attempting to crack encryption or password hashes. Botnets can be comprised of dozens to over a million individual computers. The term botnet is a shortened form of robotic network.

bug — An error or mistake in software coding or hardware design or construction. A bug represents a flaw or vulnerability in a system discoverable by attackers and used as point of compromise. Attacks often use fuzzing technique (i.e. randomize testing tools) to locate previously unknown bugs in order to craft new exploits.

BYOD (Bring Your Own Device) — A company’s security policy dictating whether or not workers can bring in their own devices into the work environment, whether or not such devices can be connected to the company network and to what extent that connection allows interaction with company resources. A BYOD policy can range from complete prohibition of personal devices being brought into the facility to allowing any device to be connected to the company network with full access to all company resources. Generally, a BYOD policy puts reasonable security limitations on which devices can be used on company property and severely limits access to sensitive company network resources. BYOD should address concerns such as data ownership, asset tracking, geo location, patching and upgrades, security applications (such as malware scanners, firewalls and IDS), storage segmentation, appropriate vs inappropriate applications, on-boarding, off-boarding, repair/replacement due to damage, legal concerns, internal investigations and law enforcement investigations and forensics.

C

Top

ciphertext — The unintelligible and seeming random form of data that is produced by the cryptographic function of encryption. Ciphertext is produced by a symmetric algorithm when a data set is transformed by the encryption process using a selected key. Ciphertext can converted back into its original form (i.e. plain text) by performing the decryption process using the same symmetric encryption algorithm and the key used during the encryption process. (Also known as cryptogram.)

clickjacking — A malicious technique by which a victim is tricked into clicking on a URL, button or other screen object other than that intended by or perceived by the user. Clickjacking can be performed in many ways; one of which is to load a web page transparently behind another visible page in such a way that the obvious links and objects to click are facades, so clicking on an obvious link actually causes the hidden page's link to be selected.

cloud computing — A means to offer computing services to the public or for internal use through remote services. Most cloud computing systems are based on remote virtualization where the application or operating environment offered to customers is hosted on the cloud provider's computer hardware. There are a wide range of cloud solutions including software applications (examples include e-mail and document editing), custom code hosting (namely execution platforms and web services) as well as full system replacements (such as remote virtual services to host databases or file storage). (See SaaS, PaaS, and IaaS.) Most forms of cloud computing are considered public cloud as they are provided by a third party. However, private cloud (internally hosted), community cloud (a group of companies' privately hosted cloud), a hosted private cloud (the cloud servers are owned and managed by a third party but hosted in the facility of the customer) and hybrid cloud (a mixture of public and private) are also options.

CND (Computer Network Defense) — The establishment of a security perimeter and of internal security requirements with the goal of defending a network against cyberattacks, intrusions and other violations. A CND is defined by a security policy and can be stress tested using vulnerability assessment and penetration testing measures.

cracker — The proper term to refer to an unauthorized attacker of computers, networks and technology instead of the misused term “hacker.” However, this term is not as widely used in the media; thus, the term hacker has become more prominent in-spite of the terms misuse. (See hacker.)

critical infrastructure — The physical or virtual systems and assets that are vital to an organization or country. If these systems are compromised, the result would be catastrophic. If an organization's mission critical processes are interrupted, this could result in the organization ceasing to exist. If a country's critical infrastructure is destroyed, it will have severe negative impact on national security, economic stability, citizen safety and health, transportation and communications.

CVE (Common Vulnerabilities and Exposures) — An online database of attacks, exploits and compromises operated by the MITRE organization for the benefit of the public. It includes any and all attacks and abuses known for any type of computer system or software product. Often new attacks and exploits are documented in a CVE long before a vendor admits to the issue or releases an update or patch to resolve the concern.

cryptography — The application of mathematical processes on data-at-rest and data-in-transit to provide the security benefits of confidentiality, authentication, integrity and non-repudiation. Cryptography includes three primary components: symmetric encryption, asymmetric encryption and hashing. Symmetric encryption is used to provide confidentiality. Asymmetric encryption is used to provide secure symmetric key generation, secure symmetric key exchange (via digital envelopes created through the use of the recipient's public key) verification of source, verification/control of recipient, digital signature (a combination of hashing and use of the sender's private key) and digital certificates (which provides third-party authentication services). Hashing is the cryptographic operation that produces a representational value from an input data set. A before and after hash can be compared in order to detect protection of or violation of integrity.

cyberattack — Any attempt to violate the security perimeter of a logical environment. An attack can focus on gathering information, damaging business processes, exploiting flaws, monitoring targets, interrupting business tasks, extracting value, causing damage to logical or physical assets or using system resources to support attacks against other targets. Cyberattacks can be initiated through exploitation of a vulnerability in a publicly exposed service, through tricking a user into opening an infectious attachment, or even causing automated installation of exploitation tools through innocent website visits. (Also known as drive-by download.)

cyber ecosystem — The collection of computers, networks, communication pathways, software, data and users that comprise either a local private network or the world-wide Internet. It is the digital environment within which software operates and data is manipulated and exchanged.

cyberespionage — The unethical act of violating the privacy and security of an organization in order to leak data or disclose internal/private/confidential information. Cyberespionage can be performed by individuals, organization or governments for the direct purpose of causing harm to the violated entity to benefit individuals, organizations or governments.

cybersecurity — The efforts to design, implement, and maintain security for an organization's network, which is connected to the Internet. It is a combination of logical/technical-, physical- and personnel-focused countermeasures, safeguards and security controls. An organization's cybersecurity should be defined in a security policy, verified through evaluation techniques (such as vulnerability assessment and penetration testing) and revised, updated and improved over time as the organization evolves and as new threats are discovered.

cyber teams — Groups of professional or amateur penetration testing specialists who are tasked with evaluating and potentially improving the security stance of an organization. Common cyber teams include the red, blue and purple/white teams. A red team is often used as part of a multi-team penetration test (i.e. security evaluation), which is responsible for attacking the target which is being defended by the blue team. A purple team or white team is either used as a reference between the attack/red and defense/blue teams; or this team can be used as an interpreter of the results and activities of the red and blue teams in order to maximize their effectiveness in the final results.

D

Top

data breach — The occurrence of disclosure of confidential information, access to confidential information, destruction of data assets or abusive use of a private IT environment. Generally, a data breach results in internal data being made accessible to external entities without authorization.

data integrity — A security benefit that verifies data is unmodified and therefore original, complete and intact. Integrity is verified through the use of cryptographic hashing. A hashing algorithm generates a fixed length output known as a hash value, fingerprint or MAC (Message Authenticating Code), which is derived from the input data but which does not contain the input data. This makes hashing a one-way operation. A hash is calculated before an event, and another hash is calculated after the event (an event can be a time frame of storage (i.e. data-at-rest) or an occurrence of transmission (i.e. data-in-transit); the two hashes are then compared using an XOR Boolean operation. If the two hashes exactly match (i.e. the XOR result is zero), then the data has retained its integrity. However, if the two hashes do not match exactly (i.e. the XOR result is a non-zero value), then something about the data changed during the event.

data mining — The activity of analyzing and/or searching through data in order to find items of relevance, significance or value. The results of data mining are known as meta-data. Data mining can be a discovery of individual important data items, a summary or overview of numerous data items or a consolidation or clarification of a collection of data items.

data theft — The act of intentionally stealing data. Data theft can occur via data loss (physical theft) or data leakage (logical theft) event. Data loss occurs when a storage device is lost or stolen. Data leakage occurs when copies of data is possessed by unauthorized entities.

DDoS (Distributed Denial of Service) Attack — An attack which attempts to block access to and use of a resource. It is a violation of availability. DDOS (or DDoS) is a variation of the DoS attack (see DOS) and can include flooding attacks, connection exhaustion, and resource demand. The distinction of DDOS from DOS is that the attack traffic may originate from numerous sources or is reflected or bounced off of numerous intermediary systems. The purpose of a DDoS attack is to significantly amplify the level of the attack beyond that which can be generated by a single attack system in order to overload larger and more protected victims. DDoS attacks are often waged using botnets. (See botnet.)

decrypt — The act which transforms ciphertext (i.e. the unintelligible and seeming random form of data that is produced by the cryptographic function of encryption) back into its original plaintext or cleartext form. Ciphertext is produced by a symmetric encryption algorithm when a data set is transformed by the encryption process using a selected key. Ciphertext can converted back into its original form (i.e. plaintext) by performing the decryption process using the same symmetric encryption algorithm and the same key used during the encryption process.

digital certificate — A means by which to prove identity or provide authentication commonly by means of a trusted third-party entity known as a certificate authority. A digital certificate is based on the x.509 v3 standard. It is the public key of a subject signed by the private key of a certificate authority with clarifying text information such as issuer, subject identity, date of creation, date of expiration, algorithms, serial number and thumbprint (i.e. hash value).

digital forensics — The means of gathering digital information to be used as evidence in a legal procedure. Digital forensics focuses on gathering, preserving and analyzing the fragile and volatile data from a computer system and/or network. Computer data that is relevant to a security breach and/or criminal action is often intermixed with standard benign data from business functions and personal activities. Thus, digital forensics can be challenging to properly collect relevant evidence while complying with the rules of evidence in order to ensure that such collected evidence is admissible in court.

DLP (Data Loss Prevention) — A collection of security mechanisms which aim at preventing the occurrence of data loss and/or data leakage. Data loss occurs when a storage device is lost or stolen while data leakage occurs when copies of data is possessed by unauthorized entities. In both cases, data is accessible to those who should not have access. DLP aims at preventing such occurrences through various techniques such as strict access controls on resources, blocking the use of email attachments, preventing network file exchange to external systems, blocking cut-and-paste, disabling use of social networks and encrypting stored data.

DMZ (Demilitarized Zone) — A segment or subnet of a private network where resources are hosted and accessed by the general public from the Internet. The DMZ is isolated from the private network using a firewall and is protected from obvious abuses and attacks from the Internet using a firewall. A DMZ can be deployed in two main configurations. One method is the screened subnet configuration, which has the structure of I-F-DMZ-F-LAN (i.e. internet, then firewall, then the DMZ, then another firewall, then the private LAN). A second method is the multi-homed firewall configuration, which has the structure of a single firewall with three interfaces, one connecting to the Internet, a second to the DMZ, and a third to the private LAN.

DOS (Denial of Service) — An attack that attempts to block access to and use of a resource. It is a violation of availability. DOS (or DoS) attacks include flooding attacks, connection exhaustion and resource demand. A flooding attack sends massive amounts of network traffic to the target overloading the ability of network devices and servers to handle the raw load. Connection exhaustion repeatedly makes connection requests to a target to consume all system resources related to connections, which prevents any other connections from being established or maintained. A resource demand DoS repeatedly requests a resource from a server in order to keep it too busy to respond to other requests.

drive-by download — A type of web-based attack that automatically occurs based on the simple act of visiting a malicious or compromised/poisoned Web site. A drive-by download is accomplished by taking advantage of the default nature of a Web browser to execute mobile code, most often JavaScript, with little to no security restrictions. A drive-by download can install tracking tools, remote access backdoors, botnet agents, keystroke loggers or other forms of malicious utilities. In most cases, the occurrence of the infection based on the drive-by download is unnoticed by the user/victim.

E

Top

eavesdropping — The act of listening in on a transaction, communication, data transfer or conversation. Eavesdropping can be used to refer to both data packet capture on a network link (also known as sniffing or packet capture) and to audio recording using a microphone (or listening with ears).

encode — The act which transforms plaintext or cleartext (i.e. the original form of normal standard data) into ciphertext (i.e. the unintelligible and seeming random form of data that is produced by the cryptographic function of encryption). Ciphertext is produced by a symmetric encryption algorithm when a data set is transformed by the encryption process using a selected key (i.e. to encrypt or encode). Ciphertext can converted back into its original form (i.e. plaintext) by performing the decryption process using the same symmetric encryption algorithm and the same key used during the encryption process (i.e. decrypt or decode).

encryption key — The secret number value used by a symmetric encryption algorithm to control the encryption and decryption process. A key is a number defined by its length in binary digits. Generally, the longer the key length, the more security (i.e. defense against confidentiality breaches) it provides. The length of the key also determines the key space, which is the range of values between the binary digits being all zeros and all ones from which the key can be selected.

F

Top

firewall — A security tool, which may be a hardware or software solution that is used to filter network traffic. A firewall is based on an implicit deny stance where all traffic is blocked by default. Rules, filters or ACLs can be defined to indicate which traffic is allowed to cross the firewall. Advanced firewalls can make allow/deny decisions based on user authentication, protocol, header values and even payload contents.

H

Top

hacker — A person who has knowledge and skill in analyzing program code or a computer system, modifying its functions or operations and altering its abilities and capabilities. A hacker may be ethical and authorized (the original definition) or may be malicious and unauthorized (the altered but current use of the term). Hackers can range from professionals who are skilled programmers to those who have little to no knowledge of the specifics of a system or exploit but who can follow directions; in this instance, they are called script kiddies.

hacktivism — Attackers who hack for a cause or belief rather than some form of personal gain. Hacktivism is often viewed by attackers as a form of protest or fighting for their perceived “right” or “justice.” However, it is still an illegal action in most cases when the victim’s technology or data is abused, harmed or destroyed.

honeypot — A trap or decoy for attackers. A honeypot is used to distract attackers in order to prevent them from attacking actual production systems. It is a false system that is configured to look and function as a production system and is positioned where it would be encountered by an unauthorized entity who is seeking out a connection or attack point. A honeypot may contain false data in order to trick attackers into spending considerable time and effort attacking and exploiting the false system. A honeypot may also be able to discover new attacks or the identity of the attackers.

I

Top

IaaS (Infrastructure-as-a-Service) — A type of cloud computing service where the provider offers the customer the ability to craft virtual networks within their computing environment. An IaaS solution enables a customer to select which operating systems to install into virtual machines/nodes as well as the structure of the network including use of virtual switches, routers and firewalls. It also provides complete freedom as to the software or custom code run on the virtual machines. An IaaS solution is the most flexible of all the cloud computing services; it allows for significant reduction in hardware by the customer in their own local facility. It is the most expensive form of cloud computing service.

identity cloning — A form of identity theft in which the attacker takes on the identity of a victim and then attempts to live and act as the stolen identity. Identity cloning is often performed in order to hide the birth country or a criminal record of the attacker in order to obtain a job, credit or other secured financial instrument.

identity fraud — A form of identity theft in which a transaction, typically financial, is performed using the stolen identity of another individual. The fraud is due to the attacker impersonating someone else.

IDS (Intrusion Detection System) — A security tool that attempts to detect the presence of intruders or the occurrence of security violations in order to notify administrators, enable more detailed or focused logging or even trigger a response such as disconnecting a session or blocking an IP address. An IDS is considered a more passive security tool as it detects compromises after they are already occurring rather than preventing them from becoming successful.

information security policy — A written account of the security strategy and goals of an organization. A security policy is usually comprised of standards, policies (or SOPs – Standard Operating Procedures) and guidelines. All hardware, software, facilities and personnel must abide by the terms of the security policy of an organization. (Also known as security policy.)

insider threat — The likelihood or potential that an employee or another form of internal personnel may pose a risk to the stability or security of an organization. An insider has both physical access and logical access (through their network logon credentials). These are the two types of access that an outside attacker must first gain before launching malicious attacks whereas an insider already has both of these forms of access. Thus, an insider is potentially a bigger risk than an outsider if that insider goes rogue or is tricked into causing harm.

IPS (Intrusion Prevention System) — A security tool that attempts to detect the attempt to compromise the security of a target and then prevent that attack from becoming successful. An IPS is considered a more active security tool as it attempts to proactively respond to potential threats. An IPS can block IP addresses, turn off services, block ports and disconnect sessions as well as notify administrators.

ISP (Internet Service Provider) — The organization that provides connectivity to the Internet for individuals or companies. Some ISPs offer additional services above that of just connectivity such as e-mail, web hosting and domain registration.

J

Top

JBOH (JavaScript-Binding-Over-HTTP) — A form of Android-focused mobile device attack that enables an attacker to be able to initiate the execution of arbitrary code on a compromised device. A JBOH attack often takes place or is facilitated through compromised or malicious apps.

K

Top

keylogger — Any means by which the keystrokes of a victim are recorded as they are typed into the physical keyboard. A keylogger can be a software solution or a hardware device used to capture anything that a user might type in including passwords, answers to secret questions or details and information form e-mails, chats and documents.

L

Top

LAN (Local Area Network) — An interconnection of devices (i.e. a network) that is contained within a limited geographic area (typically a single building). For a typical LAN, all of the network cables or interconnection media is owned and controlled by the organization unlike a WAN (Wide Area Network) where the interconnection media is owned by a third party.

link jacking — A potentially unethical practice of redirecting a link to a middle-man or aggregator site or location rather than the original site the link seemed to indicate it was directed towards. For example, a news aggregation service may publish links that seem as if they point to the original source of their posted articles, but when a user discovers those links via search or through social networks, the links redirect back to the aggregation site and not the original source of the article.

M

Top

malware (malicious software) — Any code written for the specific purpose of causing harm, disclosing information or otherwise violating the security or stability of a system. Malware includes a wide range of types of malicious programs including: virus, worm, Trojan horse, logic bomb, backdoor, Remote Access Trojan (RAT), rootkit, ransomware and spyware/adware.

O

Top

outsider threat — The likelihood or potential that an outside entity, such as an ex-employee, competitor or even an unhappy customer, may pose a risk to the stability or security of an organization. An outsider must often gain logical or physical access to the target before launching malicious attacks.

outsourcing — The action of obtaining services from an external entity. Rather than performing certain tasks and internal functions, outsourcing enables an organization to take advantages of external entities that can provide services for a fee. Outsourcing is often used to obtain best-of-breed level service rather than settling for good-enough internal operations. It can be expensive and increases an organization's security risk due to the exposure of internal information and data to outsiders.

OWASP (Open Web Application Security Project) — An Internet community focused on understanding web technologies and exploitations. Their goal is to help anyone with a website improve the security of their site through defensive programming, design and configuration. Their approach includes understanding attacks in order to know how to defend against them. OWASP offers numerous tools and utilities related to website vulnerability evaluation and discovery as well as a significant amount of training and reference material related to all things web security.

P

Top

PaaS (Platform-as-a-Service) — A type of cloud computing service where the provider offers the customer the ability to operate custom code or applications. A PaaS operator determines which operating systems or execution environments are offered. A PaaS system does not allow the customer to change operating systems, patch the OS or alter the virtual network space. A PaaS system allows the customer to reduce hardware deployment in their own local facility and to take advantage of on-demand computing (also known as pay as you go).

packet sniffing — The act of collecting frames or packets off of a data network communication. This activity allows the evaluation of the header contents as well as the payload of network communications. Packet sniffing requires that the network interface card be placed into promiscuous mode in order to disable the MAC (Media Access Control) address filter which would otherwise discard any network communications not intended for the specific local network interface. (Also known as sniffing or eavesdropping.)

patch — An update or change or an operating system or application. A patch is often used to repair flaws or bugs in deployed code as well as introduce new features and capabilities. It is good security practice to test all updates and patches before implementation and attempt to stay current on patches in order to have the latest version of code that has the fewest known flaws and vulnerabilities.

patch management — The management activity related to researching, testing, approving and installing updates and patches to computer systems, which includes firmware, operating systems and applications. A patch is an update, correction, improvement or expansion of an existing software product through the application of new code issued by the vendor. Patch management is an essential part of security management in order to prevent downtime, minimize vulnerabilities and prevent new untested updates from interfering with productivity.

payment card skimmers — A malicious device used to read the contents of an ATM, debit or credit card when inserted into a POS (Point of Sale) payment system. A skimmer may be an internal component or an external addition. An attacker will attempt to use whatever means to imbed their skimmer into a payment system that will have the highest likelihood of not being detected and thus gather the most amount of financial information from victims. (See POS intrusions.)

pen testing — A means of security evaluation where automated tools and manual exploitations are performed by security and attack experts. This is an advanced form of security assessment that should only be used by environments with a mature security infrastructure. A penetration test will use the same tools, techniques and methodologies as criminal hackers, and thus, it can cause downtime and system damage. However, such evaluations can assist with securing a network by discovering flaws that are not visible to automated tools based on human (i.e. social engineering) or physical attack concepts. (Also known as penetration testing or ethical hacking.)

phishing — A social engineering attack that attempts to collect information from victims. Phishing attacks can take place over e-mail, text messages, through social networks or via smart phone apps. The goal of a phishing attack may be to learn logon credentials, credit card information, system configuration details or other company, network, computer or personal identity information. Phishing attacks are often successful because they mimic legitimate communications from trusted entities or groups such as false emails from a bank or a retail website.

PKI (Public Key Infrastructure) — A security framework (i.e. a recipe) for using cryptographic concepts in support of secure communications, storage and job tasks. A PKI solution is a combination of symmetric encryption, asymmetric encryption, hashing and digital certificate-based authentication.

POS (Point of Sale) intrusions — An attack that gains access to the POS (Point of Sale) devices at a retail outlet enabling an attacker to learn payment card information as well as other customer details. POS intrusions can occur against a traditional brick-and-mortar retail location as well as any online retail websites. (See payment card skimmers.)

R

Top

ransomware — A form of malware that holds a victim's data hostage on their computer typically through robust encryption. This is followed by a demand for payment in the form of Bitcoin (an untraceable digital currency) in order to release control of the captured data back to the user.

restore — The process of returning a system back to a state of normalcy. A restore or restoration process may involve formatting the main storage device before re-installing the operating system and applications as well as copying data from backups onto the reconstituted system.

risk assessment — The process of evaluating the state of risk of an organization. Risk assessment is often initiated through taking an inventory of all assets, assigning each asset a value, and then considering any potential threats against each asset. Threats are evaluated for their exposure factor (EF) (i.e. the amount of loss that would be caused by the threat causing harm) and frequency of occurrence (i.e. ARO—Annualized Rate of Occurrence) in order to calculate a relative risk value known as the ALE (Annualized Loss Expectancy). The largest ALE indicates the biggest concern or risk for the organization.

risk management — The process of performing a risk assessment and evaluating the responses to risk in order to mitigate or otherwise handle the identified risks. Countermeasures, safeguards or security controls are to be selected that may eliminate or reduce risk, assign or transfer risk to others (i.e. outsourcing or buying insurance) or avoid and deter risk. The goal is to reduce risk down to an acceptable or tolerable level.

S

Top

SaaS (Software-as-a-Service) — A type of cloud computing service where the provider offers the customer the ability to use a provided application. Examples of a SaaS include online e-mail services or online document editing systems. A user of a SaaS solution is only able to use the offered application and make minor configuration tweaks. The SaaS provider is responsible for maintaining the application.

sandboxing — A means of isolating applications, code or entire operating systems in order to perform testing or evaluation. The sandbox limits the actions and resources available to the constrained item. This allows for the isolated item to be used for evaluation while preventing any harm or damage to be caused to the host system or related data or storage devices.

SCADA (Supervisory Control and Data Acquisition) — A complex mechanism used to gather data and physical world metrics as well as perform measurement or management actions of the monitored systems for the purposes of automatic large complex real-world processes such as oil refining, nuclear power generation or water filtration. SCADA can provide automated control over very large complex systems whether concentrated in a single physical location or spread across long distances.

security control — Anything used as part of a security response strategy which addresses a threat in order to reduce risk. (Also known as countermeasure or safeguard.)

security perimeter — The boundary of a network or private environment where specific security policies and rules are enforced. The systems and users within the security boundary are forced into compliance with local security rules while anything outside is not under such restrictions. The security perimeter prevents any interactions between outside entities and internal entities that might violate or threaten the security of the internal systems.

SIEM (Security Information and Event Management) — A formal process by which the security of an organization is monitored and evaluated on a constant basis. SIEM helps to automatically identify systems that are out of compliance with the security policy as well as to notify the IRT (Incident Response Team) of any security violating events.

sniffing — See packet sniffing and eavesdropping.

social engineering — An attack focusing on people rather than technology. This type of attack is psychological and aims to either gain access to information or to a logical or physical environment. A social engineering attack may be used to gain access to a facility by tricking a worker into assisting by holding the door when making a delivery, gaining access into a network by tricking a user into revealing their account credentials to the false technical support staff or gaining copies of data files by encouraging a worker to cut-and-paste confidential materials into an e-mail or social networking post.

SPAM — A form of unwanted or unsolicited messages or communications typically received via e-mail but also occurring through text messaging, social networks or VoIP. Most SPAM is advertising, but some may include malicious code, malicious hyperlinks or malicious attachments.

spear phishing — A form of social engineering attack that is targeted to victims who have an existing digital relationship with an online entity such as a bank or retail website. A spear phishing message is often an e-mail although there are also text message and VoIP spear phishing attacks as well, which looks exactly like a legitimate communication from a trusted entity. The attack tricks the victim into clicking on a hyperlink to visit a company website only to be re-directed to a false version of the website operated by attackers. The false website will often look and operate similarly to the legitimate site and focus on having the victim provide their logon credentials and potentially other personal identity information such as answers to their security questions, an account number, their social security number, mailing address, email address and/or phone number. The goal of a spear phishing attack is to steal identity information for the purpose of account takeover or identity theft.

spoof (spoofing) — The act of falsifying the identity of the source of a communication or interaction. It is possible to spoof IP address, MAC address and email address.

spyware — A form of malware that monitors user activities and reports them to an external their party. Spyware can be legitimate in that it is operated by an advertising and marketing agency for the purpose of gathering customer demographics. However, spyware can also be operated by attackers using the data gathering tool to steal an identity or learn enough about a victim to harm them in other ways.

supply chain — The path of linked organizations involved in the process of transforming original or raw materials into a finished product that is delivered to a customer. An interruption of the supply chain can cause a termination of the production of the final product immediately or this effect might not be noticed until the materials already in transit across the supply chain are exhausted.

T

Top

threat assessment — The process of evaluating the actions, events and behaviors that can cause harm to an asset or organization. Threat assessment is an element of risk assessment and management. (Also known as threat modeling and threat inventory.)

Trojan Horse (Trojan) — A form of malware where a malicious payload is imbedded inside of a benign host file. The victim is tricked into believing that the only file being retrieved is the viewable benign host. However, when the victim uses the host file, the malicious payload is automatically deposited onto their computer system.

two-factor authentication — The means of proving identity using two authentication factors usually considered stronger than any single factor authentication. A form of multi-factor authentication. Valid factors for authentication include Type 1: Something you know such as passwords and PINs; Type 2: Something you have such as smart cards or OTP (One Time Password) devices; and Type 3: Someone you are such as fingerprints or retina scans (aka biometrics).

two-step authentication — A means of authentication commonly employed on websites as an improvement over single factor authentication but not as robust as two-factor authentication. This form of authentication requires the visitor provide their username (i.e. claim an identity) and password (i.e. the single factor authentication) before performing an additional step. The additional step could be receiving a text message with a code, then typing that code back into the website for confirmation. Alternatives include receiving an e-mail and needing to click on a link in the message for confirmation, or viewing a pre-selected image and statement before typing in another password or PIN. Two-step is not as secure as two-factor because the system provides one of the factors to the user at the time of logon rather than requiring that the user provide both.

U

Top

unauthorized access — Any access or use of a computer system, network or resource which is in violation of the company security policy or when the person or user was not explicitly granted authorization to access or use the resource or system

V

Top

VPN (Virtual Private Network) — A communication link between systems or networks that is typically encrypted in order to provide a secured, private, isolate pathway of communications.

virus — A form of malware that often attaches itself to a host file or the MBR (Master Boot Record) as a parasite. When the host file or MBR is accessed, it activates the virus enabling it to infect other objects. Most viruses spread through human activity within and between computers. A virus is typically designed to damage or destroy data, but different viruses implement their attack at different rates, speeds or targets. For example, some viruses attempt to destroy files on a computer as quickly as possible while others may do so slowly over hours or days. Others might only target images or Word documents (.doc/.docx).

vishing — A form of phishing attack which takes place over VoIP. In this attack, the attacker uses VoIP systems to be able to call any phone number with no toll-charge expense. The attacker often falsifies their caller-ID in order to trick the victim into believing they are receiving a phone call from a legitimate or trustworthy source such as a bank, retail outlet, law enforcement or charity. The victims do not need to be using VoIP themselves in order to be attacked over their phone system by a vishing attack. (See phishing.)

vulnerability — Any weakness in an asset or security protection which would allow for a threat to cause harm. It may be a flaw in coding, a mistake in configuration, a limitation of scope or capability, an error in architecture, design, or logic or a clever abuse of valid systems and their functions.

W

Top

whitelist — A security mechanism prohibiting the execution of any program that is not on a pre-approved list of software. The whitelist is often a list of the file name, path, file size and hash value of the approved software. Any code that is not on the list, whether benign or malicious, will not be able to execute on the protected system. (See blacklist.)

Wi-Fi — A means to support network communication using radio waves rather than cables. The current Wi-Fi or wireless networking technologies are based on the IEE 802.11 standard and its numerous amendments, which address speed, frequency, authentication and encryption.

worm — A form of malware that focuses on replication and distribution. A worm is a self-contained malicious program that attempts to duplicate itself and spread to other systems. Generally, the damage caused by a worm is indirect and due to the worm's replication and distribution activities consuming all system resources. A worm can be used to deposit other forms of malware on each system it encounters.

Z

Top

zombie — A term related to the malicious concept of a botnet. The term zombie can be used to refer to the system that is host to the malware agent of the botnet or to the malware agent itself. If the former, the zombie is the system that is blinding performing tasks based on instructions from an external and remote hacker. If the latter, the zombie is the tool that is performing malicious actions such as DoS flooding, SPAM transmission, eavesdropping on VoIP calls or falsifying DNS resolutions as one member of a botnet.

Information technology
IT company
Technical support
IT services
IT support
Network security
Cybersecurity
Cloud services

West Palm Beach
Palm Beach Gardens
Jupiter
Wellington
Boynton Beach
Delray Beach
Boca Raton
Palm Beach Gardens
North Palm Beach
Palm Beach
Lake Worth
Greenacres
Palm Beach Shores
Palm Springs
Riviera Beach
Royal Palm Beach
Juno Beach
South Palm Beach
Jupiter
Tequesta
Jupiter Inlet Colony
Wellington
Lake Worth Beach

Business Services
Managed IT & Support
IT Services
Network & WiFi
Cyber Security
Computers
System Upgrades
On-Site System Repair
End Point Protection & Backup
Security Camera Systems

Cloud technology
Cloud storage solutions
Hybrid cloud
Cloud storage providers
Service cloud
Cloud architecture
Cloud server
Cloud hosting
Cloud computing
Cybersecurity
Network security
IT security
Cybersecurity attack
Computer security software
Cybersecurity analyst
Cybersecurity companies
Cybersecurity engineer
IT services
Information technology specialist
IT manager
Infrastructure as a service
Managed IT services
Technology consulting
Tech solutions
IT service management
Network infrastructure
Programming
Software developer
Computer programming
Dynamic programming
Computer programmer
Web designer
Website creation
Code developer
App developer

Service Industries
Automotive & Towing
Construction & Trades
Entertainment Facilities
Healthcare
Law Offices
Real Estate & HOA
Retail
Restaurant

Letter: A

access
    Definition: The ability and means to communicate with or otherwise interact with a system, to use system resources to handle information, to gain knowledge of the information the system contains, or to control system components and functions.
    From: CNSSI 4009
access and identity management
    Synonym(s): identity and access management
access control
    Definition: The process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities.
    Related Term(s): access control mechanism
    From: CNSSI 4009
access control mechanism
    Definition: Security measures designed to detect and deny unauthorized access and permit authorized access to an information system or a physical facility.
    From: CNSSI 4009
active attack
    Definition: An actual assault perpetrated by an intentional threat source that attempts to alter a system, its resources, its data, or its operations.
    Related Term(s): passive attack
    From: IETF RFC 4949, NIST SP 800-63 Rev 1
active content
    Definition: Software that is able to automatically carry out or trigger actions without the explicit intervention of a user.
    From: CNSSI 4009
adversary
    Definition: An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.
    Related Term(s): threat agent, attacker
    From: DHS Risk Lexicon
air gap
    Definition: To physically separate or isolate a system from other systems or networks (verb).
    Extended Definition: The physical separation or isolation of a system from other systems or networks (noun).
alert
    Definition: A notification that a specific attack has been detected or directed at an organization’s information systems.
    From: CNSSI 4009
allowlist
    Definition: A list of entities that are considered trustworthy and are granted access or privileges.
    Related Term(s): Blocklist
    From: DHS personnel
all source intelligence
    Definition: In the NICE Framework, cybersecurity work where a person: Analyzes threat information from multiple sources, disciplines, and agencies across the Intelligence Community. Synthesizes and places intelligence information in context; draws insights about the possible implications.
    From: NICE Framework
analyze
    Definition: A NICE Framework category consisting of specialty areas responsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.
    From: NICE Framework
antispyware software
    Definition: A program that specializes in detecting and blocking or removing forms of spyware.
    Related Term(s): spyware
    From: NCSD Glossary
antivirus software
    Definition: A program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents. Sometimes by removing or neutralizing the malicious code.
    From: NCSD Glossary
asset
    Definition: A person, structure, facility, information, and records, information technology systems and resources, material, process, relationships, or reputation that has value.
    Extended Definition: Anything useful that contributes to the success of something, such as an organizational mission; assets are things of value or properties to which value can be assigned.
    From: DHS Risk Lexicon
asymmetric cryptography
    Synonym(s): public key cryptography
attack
    Definition: An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity.
    Extended Definition: The intentional act of attempting to bypass one or more security services or controls of an information system.
    Related Term(s): active attack, passive attack
    From: NCSD Glossary. NTSSI 4009 (2000), CNSSI 4009
attack method
    Definition: The manner or technique and means an adversary may use in an assault on information or an information system.
    From: DHS Risk Lexicon, NCSD Glossary
attack mode
    Synonym(s): attack method
attack path
    Definition: The steps that an adversary takes or may take to plan, prepare for, and execute an attack.
    From: DHS Risk Lexicon, NCSD Glossary
attack pattern
    Definition: Similar cyber events or behaviors that may indicate an attack has occurred or is occurring, resulting in a security violation or a potential security violation.
    Extended Definition: For software, descriptions of common methods for exploiting software systems.
    Related Term(s): attack signature
    From: Oak Ridge National Laboratory Visualization Techniques for Computer Network Defense, MITRE's CAPEC web site
attack signature
    Definition: A characteristic or distinctive pattern that can be searched for or that can be used in matching to previously identified attacks.
    Extended Definition: An automated set of rules for identifying a potential threat (such as an exploit or the presence of an attacker tool) and possible responses to that threat.
    Related Term(s): attack pattern
    From: NCSD Glossary, CNSSI 4009, ISSG V1.2 Database
attack surface
    Definition: The set of ways in which an adversary can enter a system and potentially cause damage.
    Extended Definition: An information system's characteristics that permit an adversary to probe, attack, or maintain presence in the information system.
    From: Manadhata, P.K., & Wing, J.M. in Attack Surface Measurement; DHS personnel
attacker
    Definition: An individual, group, organization, or government that executes an attack.
    Extended Definition: A party acting with malicious intent to compromise an information system.
    Related Term(s): adversary, threat agent
    From: Barnum & Sethi (2006), NIST SP 800-63 Rev 1
authenticate
    Related Term(s): authentication
authentication
    Definition: The process of verifying the identity or other attributes of an entity (user, process, or device).
    Extended Definition: Also the process of verifying the source and integrity of data.
    From: CNSSI 4009, NIST SP 800-21, NISTIR 7298
authenticity
    Definition: A property achieved through cryptographic methods of being genuine and being able to be verified and trusted, resulting in confidence in the validity of a transmission, information or a message, or sender of information or a message.
    Related Term(s): integrity, non-repudiation
    From: CNSSI 4009, NIST SP 800-53 Rev 4
authorization
    Definition: A process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource.
    Extended Definition: The process or act of granting access privileges or the access privileges as granted.
    From: OASIS SAML Glossary 2.0; Adapted from CNSSI 4009
availability
    Definition: The property of being accessible and usable upon demand.
    Extended Definition: In cybersecurity, applies to assets such as information or information systems.
    Related Term(s): confidentiality, integrity
    From: CNSSI 4009, NIST SP 800-53 Rev 4, 44 U.S.C., Sec 3542
advanced persistent threat
    Definition: An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception).
    From: NIST SP 800-53 Rev 4

Letter: B

behavior monitoring
    Synonym(s): behavioral monitoring
    From: DHS personnel
blocklist
    Definition: A list of entities that are blocked or denied privileges or access.
    Related Term(s): Allowlist
    From: DHS personnel
blue Team
    Definition: A group that defends an enterprise's information systems when mock attackers (i.e., the Red Team) attack, typically as part of an operational exercise conducted according to rules established and monitored by a neutral group (i.e., the White Team).
    Extended Definition: Also, a group that conducts operational vulnerability evaluations and recommends mitigation techniques to customers who need an independent technical review of their cybersecurity posture.
    Related Term(s): Red Team, White Team
    From: CNSSI 4009
bot
    Definition: A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under remote the command and control of a remote administrator.
    Extended Definition: A member of a larger collection of compromised computers known as a botnet.
    Related Term(s): botnet
    Synonym(s): zombie
bot herder
    Synonym(s): bot master
bot master
    Definition: The controller of a botnet that, from a remote location, provides direction to the compromised computers in the botnet.
    Synonym(s): bot herder
botnet
    Definition: A collection of computers compromised by malicious code and controlled across a network.
bug
    Definition: An unexpected and relatively small defect, fault, flaw, or imperfection in an information system or device.
    From: NCSD Glossary
build security in
    Definition: A set of principles, practices, and tools to design, develop, and evolve information systems and software that enhance resistance to vulnerabilities, flaws, and attacks.
    From: Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program (2011), US-CERT's Build Security In website.

Letter: C

capability
    Definition: The means to accomplish a mission, function, or objective.
    Related Term(s): intent
    From: DHS Risk Lexicon
cipher
    Synonym(s): cryptographic algorithm
ciphertext
    Definition: Data or information in its encrypted form.
    Related Term(s): plaintext
    From: CNSSI 4009
cloud computing
    Definition: A model for enabling on-demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
    From: CNSSI 4009, NIST SP 800-145
collect & operate
    Definition: A NICE Framework category consisting of specialty areas responsible for specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence.
    From: NICE Framework
collection operations
    Definition: In the NICE Framework, cybersecurity work where a person: Executes collection using appropriate strategies and within the priorities established through the collection management process.
    From: NICE Framework
computer forensics
    Synonym(s): digital forensics
computer network defense
    Definition: The actions taken to defend against unauthorized activity within computer networks.
    From: CNSSI 4009
computer network defense analysis
    Definition: In the NICE Framework, cybersecurity work where a person: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.
    From: NICE Framework
computer network defense infrastructure support
    Definition: In the NICE Framework, cybersecurity work where a person: Tests, implements, deploys, maintains, reviews, and administers the infrastructure hardware and software that are required to effectively manage the computer network defense service provider network and resources; monitors network to actively remediate unauthorized activities.
    From: NICE Framework
computer security incident
    Related Term(s): event
    From: incident
confidentiality
    Definition: A property that information is not disclosed to users, processes, or devices unless they have been authorized to access the information.
    Extended Definition: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.
    Related Term(s): availability, integrity
    From: CNSSI 4009, NIST SP 800-53 Rev 4, 44 U.S.C., Sec 3542
consequence
    Definition: The effect of an event, incident, or occurrence.
    Extended Definition: In cybersecurity, the effect of a loss of confidentiality, integrity or availability of information or an information system on an organization's operations, its assets, on individuals, other organizations, or on national interests.
    From: DHS Risk Lexicon, National Infrastructure Protection Plan, NIST SP 800-53 Rev 4
continuity of operations plan
    Definition: A document that sets forth procedures for the continued performance of core capabilities and critical operations during any disruption or potential disruption.
    Related Term(s): Business Continuity Plan, Disaster Recovery Plan, Contingency Plan
    From: CPG 101, CNSSI 4009
critical infrastructure
    Definition: The systems and assets, whether physical or virtual, so vital to society that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters.
    Related Term(s): key resource
    From: National Infrastructure Protection Plan
critical infrastructure and key resources
    Synonym(s): critical infrastructure
cryptanalysis
    Definition: The operations performed in defeating or circumventing cryptographic protection of information by applying mathematical techniques and without an initial knowledge of the key employed in providing the protection.
    Extended Definition: The study of mathematical techniques for attempting to defeat or circumvent cryptographic techniques and/or information systems security.
    From: CNSSI 4009, NIST SP 800-130
cryptographic algorithm
    Definition: A well-defined computational procedure that takes variable inputs, including a cryptographic key, and produces an output.
    Related Term(s): key, encryption, decryption, symmetric key, asymmetric key
    From: CNSSI 4009
cryptography
    Definition: The use of mathematical techniques to provide security services, such as confidentiality, data integrity, entity authentication, and data origin authentication.
    Extended Definition: The art or science concerning the principles, means, and methods for converting plaintext into ciphertext and for restoring encrypted ciphertext to plaintext.
    Related Term(s): plaintext, ciphertext, encryption, decryption
    From: NIST SP 800-130; Adapted from: CNSSI 4009
cryptology
    Definition: The mathematical science that deals with cryptanalysis and cryptography.
    Related Term(s): cryptanalysis, cryptography
    From: CNSSI 4009
customer service and technical support
    Definition: In the NICE Framework, cybersecurity work where a person: Addresses problems, installs, configures, troubleshoots, and provides maintenance and training in response to customer requirements or inquiries (e.g., tiered-level customer support).
    From: NICE Framework
cyber ecosystem
    Definition: The interconnected information infrastructure of interactions among persons, processes, data, and information and communications technologies, along with the environment and conditions that influence those interactions.
    From: DHS personnel
cyber exercise
    Definition: A planned event during which an organization simulates a cyber disruption to develop or test capabilities such as preventing, detecting, mitigating, responding to or recovering from the disruption.
    From: NCSD Glossary, DHS Homeland Security Exercise and Evaluation Program
cyber incident
    Related Term(s): event
    Synonym(s): incident
cyber incident response plan
    Synonym(s): incident response plan
cyber infrastructure
    Definition: An electronic information and communications systems and services and the information contained therein.
    Extended Definition: The information and communications systems and services composed of all hardware and software that process, store, and communicate information, or any combination of all of these elements: • Processing includes the creation, access, modification, and destruction of information. • Storage includes paper, magnetic, electronic, and all other media types. • Communications include sharing and distribution of information.
    From: NIPP
cyber operations
    Definition: In the NICE Framework, cybersecurity work where a person: Performs activities to gather evidence on criminal or foreign intelligence entities in order to mitigate possible or real-time threats, protect against espionage or insider threats, foreign sabotage, international terrorist activities, or to support other intelligence activities.
    From: NICE Framework
cyber operations planning
    Definition: in the NICE Framework, cybersecurity work where a person: Performs in-depth joint targeting and cyber planning process. Gathers information and develops detailed Operational Plans and Orders supporting requirements. Conducts strategic and operational-level planning across the full range of operations for integrated information and cyberspace operations.
    From: NICE Framework
cybersecurity
    Definition: The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation.
    Extended Definition: Strategy, policy, and standards regarding the security of and operations in cyberspace, and encompass[ing] the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure.
    From: CNSSI 4009, NIST SP 800-53 Rev 4, NIPP, DHS National Preparedness Goal; White House Cyberspace Policy Review, May 2009
cyber threat intelligence (CTI)
    Definition: The collecting, processing, organizing, and analyzing data into actionable information that relates to capabilities, opportunities, actions, and intent of adversaries in the cyber domain to meet a specific requirement determined by and informing decision-makers.
    From: ICD 203, CIA, SANS, Dragos, Carnegie Mellon

Letter: D

data administration
    Definition: In the NICE Framework, cybersecurity work where a person: Develops and administers databases and/or data management systems that allow for the storage, query, and utilization of data.
    From: NICE Framework
data aggregation
    Definition: The process of gathering and combining data from different sources, so that the combined data reveals new information.
    Extended Definition: The new information is more sensitive than the individual data elements themselves and the person who aggregates the data was not granted access to the totality of the information.
    Related Term(s): data mining
    From: CNSSI 4009
data breach
    Definition: The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information.
    Related Term(s): data loss, data theft, exfiltration
data integrity
    Definition: The property that data is complete, intact, and trusted and has not been modified or destroyed in an unauthorized or accidental manner.
    Related Term(s): integrity, system integrity
    From: CNSSI 4009, NIST SP 800-27
data leakage
    Synonym(s): data breach
data loss
    Definition: The result of unintentionally or accidentally deleting data, forgetting where it is stored, or exposure to an unauthorized party.
    Related Term(s): data leakage, data theft
data loss prevention
    Definition: A set of procedures and mechanisms to stop sensitive data from leaving a security boundary.
    Related Term(s): data loss, data theft, data leak
    From: Liu, S., & Kuhn, R. (2010, March/April). Data loss prevention. IEEE IT Professional, 11(2), pp. 10-13.
data mining
    Definition: The process or techniques used to analyze large sets of existing information to discover previously unrevealed patterns or correlations.
    Related Term(s): data aggregation
    From: DHS personnel
data spill
    Synonym(s): data breach
data theft
    Definition: The deliberate or intentional act of stealing of information.
    Related Term(s): data aggregation, data leakage, data loss
decipher
    Definition: To convert enciphered text to plain text by means of a cryptographic system.
    Synonym(s): decode, decrypt
    From: CNSSI 4009
decode
    Definition: To convert encoded text to plain text by means of a code.
    Synonym(s): decipher, decrypt
    From: CNSSI 4009
decrypt
    Definition: A generic term encompassing decode and decipher.
    Synonym(s): decipher, decode
    From: CNSSI 4009
decryption
    Definition: The process of transforming ciphertext into its original plaintext.
    Extended Definition: The process of converting encrypted data back into its original form, so it can be understood.
    Synonym(s): decode, decrypt, decipher
    From: ICAM SAML 2.0 WB SSO Profile 1.0.2
denial of service
    Definition: An attack that prevents or impairs the authorized use of information system resources or services.
    From: NCSD Glossary
designed-in security
    Synonym(s): Build Security In
digital forensics
    Definition: The processes and specialized techniques for gathering, retaining, and analyzing system-related data (digital evidence) for investigative purposes.
    Extended Definition: In the NICE Framework, cybersecurity work where a person: Collects, processes, preserves, analyzes, and presents computer-related evidence in support of network vulnerability, mitigation, and/or criminal, fraud, counterintelligence or law enforcement investigations.
    Synonym(s): computer forensics, forensics
    From: CNSSI 4009; From: NICE Framework
digital rights management
    Definition: A form of access control technology to protect and manage use of digital content or devices in accordance with the content or device provider's intentions.
digital signature
    Definition: A value computed with a cryptographic process using a private key and then appended to a data object, thereby digitally signing the data.
    Related Term(s): electronic signature
    From: CNSSI 4009, IETF RFC 2828, ICAM SAML 2.0 WB SSO Profile 1.0.2, InCommon Glossary, NIST SP 800-63 Rev 1
disruption
    Definition: An event which causes unplanned interruption in operations or functions for an unacceptable length of time.
    From: CNSSI 4009
distributed denial of service
    Definition: A denial of service technique that uses numerous systems to perform the attack simultaneously.
    Related Term(s): denial of service, botnet
    From: CNSSI 4009
dynamic attack surface
    Definition: The automated, on-the-fly changes of an information system's characteristics to thwart actions of an adversary.
    From: DHS personnel

Letter: E

education and training
    Definition: In the NICE Framework, cybersecurity work where a person: Conducts training of personnel within pertinent subject domain; develop, plan, coordinate, deliver, and/or evaluate training courses, methods, and techniques as appropriate.
    From: NICE Framework
electronic signature
    Definition: Any mark in electronic form associated with an electronic document, applied with the intent to sign the document.
    Related Term(s): digital signature
    From: CNSSI 4009
encipher
    Definition: To convert plaintext to ciphertext by means of a cryptographic system.
    Synonym(s): encode, encrypt
    From: CNSSI 4009
encode
    Definition: To convert plaintext to ciphertext by means of a code.
    Synonym(s): encipher, encrypt
    From: CNSSI 4009
encrypt
    Definition: The generic term encompassing encipher and encode.
    Synonym(s): encipher, encode
    From: CNSSI 4009
encryption
    Definition: The process of transforming plaintext into ciphertext.
    Extended Definition: Converting data into a form that cannot be easily understood by unauthorized people.
    Synonym(s): encode, encrypt, encipher
    From: CNSSI 4009, ICAM SAML 2.0 WB SSO Profile 1.0.2
enterprise risk management
    Definition: A comprehensive approach to risk management that engages people, processes, and systems across an organization to improve the quality of decision making for managing risks that may hinder an organization’s ability to achieve its objectives.
    Extended Definition: Involves identifying mission dependencies on enterprise capabilities, identifying and prioritizing risks due to defined threats, implementing countermeasures to provide both a static risk posture and an effective dynamic response to active threats; and assessing enterprise performance against threats and adjusts countermeasures as necessary.
    Related Term(s): risk management, integrated risk management, risk
    From: DHS Risk Lexicon, CNSSI 4009
event
    Definition: An observable occurrence in an information system or network.
    Extended Definition: Sometimes provides an indication that an incident is occurring or at least raise the suspicion that an incident may be occurring.
    Related Term(s): incident
    From: CNSSI 4009
exfiltration
    Definition: The unauthorized transfer of information from an information system.
    Related Term(s): data breach
    From: NIST SP 800-53 Rev 4
exploit
    Definition: A technique to breach the security of a network or information system in violation of security policy.
    From: ISO/IEC 27039 (draft), DHS personnel
exposure
    Definition: The condition of being unprotected, thereby allowing access to information or access to capabilities that an attacker can use to enter a system or network.
    From: NCSD glossary
exploitation analysis
    Definition: In the NICE Framework, cybersecurity work where a person: Analyzes collected information to identify vulnerabilities and potential for exploitation.
    From: NICE Framework

Letter: F

failure
    Definition: The inability of a system or component to perform its required functions within specified performance requirements.
    From: NCSD Glossary
firewall
    Definition: A capability to limit network traffic between networks and/or information systems.
    Extended Definition: A hardware/software device or a software program that limits network traffic according to a set of rules of what access is and is not allowed or authorized.
    From: CNSSI 4009
forensics
    Synonym(s): digital forensics

Letter: H

hacker
    Definition: An unauthorized user who attempts to or gains access to an information system.
    From: CNSSI 4009
hash value
    Definition: A numeric value resulting from applying a mathematical algorithm against a set of data such as a file.
    Related Term(s): hashing
    Synonym(s): cryptographic hash value
    From: CNSSI 4009
hashing
    Definition: A process of applying a mathematical algorithm against a set of data to produce a numeric value (a 'hash value') that represents the data.
    Extended Definition: Mapping a bit string of arbitrary length to a fixed length bit string to produce the hash value.
    Related Term(s): hash value
    From: CNSSI 4009, FIPS 201-2
hazard
    Definition: A natural or man-made source or cause of harm or difficulty.
    Related Term(s): threat
    From: DHS Risk Lexicon

Letter: I

ict supply chain threat
    Definition: A man-made threat achieved through exploitation of the information and communications technology (ICT) system’s supply chain, including acquisition processes.
    Related Term(s): supply chain, threat
    From: DHS SCRM PMO
identity and access management
    Definition: The methods and processes used to manage subjects and their authentication and authorizations to access specific objects.
impact
    Synonym(s): consequence
incident
    Definition: An occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences.
    Extended Definition: An occurrence that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.
    Related Term(s): event
    From: CNSSI 4009, FIPS 200, NIST SP 800-53 Rev 4, ISSG
incident management
    Definition: The management and coordination of activities associated with an actual or potential occurrence of an event that may result in adverse consequences to information or information systems.
    From: NCSD Glossary, ISSG NCPS Target Architecture Glossary
incident response
    Definition: The activities that address the short-term, direct effects of an incident and may also support short-term recovery.
    Extended Definition: In the Workforce framework, cybersecurity work where a person: Responds to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats; uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of life, preservation of property, and information security. Investigates and analyzes all relevant response activities.
    Related Term(s): recovery
    Synonym(s): response
    From: Workforce Framework
incident response plan
    Definition: A set of predetermined and documented procedures to detect and respond to a cyber incident.
    From: CNSSI 4009
indicator
    Definition: An occurrence or sign that an incident may have occurred or may be in progress.
    Related Term(s): precursor
    From: CNSSI 4009, NIST SP 800-61 Rev 2 (DRAFT), ISSG V1.2 Database
industrial control system
    Definition: An information system used to control industrial processes such as manufacturing, product handling, production, and distribution or to control infrastructure assets.
    Related Term(s): Supervisory Control and Data Acquisition, Operations Technology
    From: NIST SP 800-53 Rev 4, NIST SP 800-82
information and communication(s) technology
    Definition: Any information technology, equipment, or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information.
    Related Term(s): information technology
    From: The Access Board's 2011 Advance Notice of Proposed Rulemaking for Section 508
information assurance
    Definition: The measures that protect and defend information and information systems by ensuring their availability, integrity, and confidentiality.
    Related Term(s): information security
    From: CNSSI 4009
information assurance compliance
    Definition: In the NICE Framework, cybersecurity work where a person: Oversees, evaluates, and supports the documentation, validation, and accreditation processes necessary to assure that new IT systems meet the organization's information assurance and security requirements; ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.
    From: NICE Framework
information security policy
    Definition: An aggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information.
    Related Term(s): security policy
    From: CNSSI 4009; NIST SP 800-53 Rev 4
information sharing
    Definition: An exchange of data, information, and/or knowledge to manage risks or respond to incidents.
    From: NCSD glossary
information system resilience
    Definition: The ability of an information system to: (1) continue to operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (2) recover effectively in a timely manner.
    Related Term(s): resilience
    From: NIST SP 800-53 Rev 4
information systems security operations
    Definition: In the NICE Framework, cybersecurity work where a person: Oversees the information assurance program of an information system in or outside the network environment; may include procurement duties (e.g., Information Systems Security Office
    From: NICE Framework
information technology
    Definition: Any equipment or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information.
    Related Term(s): information and communication(s) technology
    From: CNSSI 4009, NIST SP 800-53 rev. 4, based on 40 U.S.C. sec. 1401
inside( r) threat
    Definition: A person or group of persons within an organization who pose a potential risk through violating security policies.
    Extended Definition: One or more individuals with the access and/or inside knowledge of a company, organization, or enterprise that would allow them to exploit the vulnerabilities of that entity's security, systems, services, products, or facilities with the intent to cause harm.
    Related Term(s): outside( r) threat
    From: CNSSI 4009; From: NIAC Final Report and Recommendations on the Insider Threat to Critical Infrastructure, 2008
integrated risk management
    Definition: The structured approach that enables an enterprise or organization to share risk information and risk analysis and to synchronize independent yet complementary risk management strategies to unify efforts across the enterprise.
    Related Term(s): risk management, enterprise risk management
    From: DHS Risk Lexicon
integrity
    Definition: The property whereby information, an information system, or a component of a system has not been modified or destroyed in an unauthorized manner.
    Extended Definition: A state in which information has remained unaltered from the point it was produced by a source, during transmission, storage, and eventual receipt by the destination.
    Related Term(s): availability, confidentiality, data integrity, system integrity
    From: CNSSI 4009, NIST SP 800-53 Rev 4, 44 U.S.C., Sec 3542, SANS; From SAFE-BioPharma Certificate Policy 2.5
intent
    Definition: A state of mind or desire to achieve an objective.
    Related Term(s): capability
    From: DHS Risk Lexicon
interoperability
    Definition: The ability of two or more systems or components to exchange information and to use the information that has been exchanged.
    From: IEEE Standard Computer Dictionary, DHS personnel
intrusion
    Definition: An unauthorized act of bypassing the security mechanisms of a network or information system.
    Synonym(s): penetration
    From: CNSSI 4009
intrusion detection
    Definition: The process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred.
    From: CNSSI 4009, ISO/IEC 27039 (draft)
investigate
    Definition: a NICE Framework category consisting of specialty areas responsible for the investigation of cyber events and/or crimes of IT systems, networks, and digital evidence
    From: NICE Framework
investigation
    Definition: A systematic and formal inquiry into a qualified threat or incident using digital forensics and perhaps other traditional criminal inquiry techniques to determine the events that transpired and to collect evidence.
    Extended Definition: In the NICE Framework, cybersecurity work where a person: Applies tactics, techniques, and procedures for a full range of investigative tools and processes to include but not limited to interview and interrogation techniques, surveillance, counter surveillance, and surveillance detection, and appropriately balances the benefits of prosecution versus intelligence gathering.
    From: ISSG V1.2 Database; Conrad, E., Misenauer, S., & Feldman, J. (2010). CISSP® Study Guide. Burlington, MA: Syngress; From: NICE Workforce Framework
it asset
    Synonym(s): asset

Letter: K

knowledge management
    Definition: In the NICE Framework, cybersecurity work where a person: Manages and administers processes and tools that enable the organization to identify, document, and access intellectual capital and information content.
    From: NICE Framework

Letter: L

legal advice and advocacy
    Definition: In the NICE Framework, cybersecurity work where a person: Provides legally sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain; advocates legal and policy changes and makes a case on behalf of client via a wide range of written and oral work products, including legal briefs and proceedings.
    From: NICE Framework

Letter: M

machine learning and evolution
    Definition: A field concerned with designing and developing artificial intelligence algorithms for automated knowledge discovery and innovation by information systems.
    From: DHS personnel
macro virus
    Definition: A type of malicious code that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute, replicate, and spread or propagate itself.
    Related Term(s): virus
    From: CNSSI 4009
malicious applet
    Definition: A small application program that is automatically downloaded and executed and that performs an unauthorized function on an information system.
    Related Term(s): malicious code
    From: CNSSI 4009
malicious code
    Definition: Program code intended to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system.
    Extended Definition: Includes software, firmware, and scripts.
    Related Term(s): malicious logic
    From: CNSSI 4009. NIST SP 800-53 Rev 4
malicious logic
    Definition: Hardware, firmware, or software that is intentionally included or inserted in a system to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system.
    Related Term(s): malicious code
    From: CNSSI 4009
malware
    Definition: Software that compromises the operation of a system by performing an unauthorized function or process.
    Synonym(s): malicious code, malicious applet, malicious logic
    From: CNSSI 4009, NIST SP 800-83
mitigation
    Definition: The application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences.
    Extended Definition: Implementing appropriate risk-reduction controls based on risk management priorities and analysis of alternatives.
    From: DHS Risk Lexicon, CNSSI 4009, NIST SP 800-53 Rev 4
moving target defense
    Definition: The presentation of a dynamic attack surface, increasing an adversary's work factor necessary to probe, attack, or maintain presence in a cyber target.
    From: DHS personnel

Letter: N

network resilience
    Definition: The ability of a network to: (1) provide continuous operation (i.e., highly resistant to disruption and able to operate in a degraded mode if damaged); (2) recover effectively if failure does occur; and (3) scale to meet rapid or unpredictable demands.
    From: CNSSI 4009
network services
    Definition: In the NICE Framework, cybersecurity work where a person: Installs, configures, tests, operates, maintains, and manages networks and their firewalls, including hardware (e.g., hubs, bridges, switches, multiplexers, routers, cables, proxy servers, and protective distributor systems) and software that permit the sharing and transmission of all spectrum transmissions of information to support the security of information and information systems.
    From: NICE Framework
non-repudiation
    Definition: A property achieved through cryptographic methods to protect against an individual or entity falsely denying having performed a particular action related to data.
    Extended Definition: Provides the capability to determine whether a given individual took a particular action such as creating information, sending a message, approving information, and receiving a message.
    Related Term(s): integrity, authenticity
    From: CNSSI 4009; From: NIST SP 800-53 Rev 4

Letter: O

object
    Definition: A passive information system-related entity containing or receiving information.
    Related Term(s): subject, access, access control
    From: CNSSI 4009, NIST SP 800-53 Rev 4
operate & maintain
    Definition: A NICE Framework category consisting of specialty areas responsible for providing the support, administration, and maintenance necessary to ensure effective and efficient IT system performance and security.
    From: NICE Framework
operational exercise
    Definition: An action-based exercise where personnel rehearse reactions to an incident scenario, drawing on their understanding of plans and procedures, roles, and responsibilities.
    Extended Definition: Also referred to as operations-based exercise.
    From: DHS Homeland Security Exercise and Evaluation Program
operations technology
    Definition: The hardware and software systems used to operate industrial control devices.
    Related Term(s): Industrial Control System
    From: DHS personnel
outside( r) threat
    Definition: A person or group of persons external to an organization who are not authorized to access its assets and pose a potential risk to the organization and its assets.
    Related Term(s): inside( r) threat
    From: CNSSI 4009
oversight & development
    Definition: A NICE Framework category consisting of specialty areas providing leadership, management, direction, and/or development and advocacy so that all individuals and the organization may effectively conduct cybersecurity work.
    From: NICE Framework

Letter: P

passive attack
    Definition: An actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations.
    Related Term(s): active attack
    From: IETF RFC 4949, NIST SP 800-63 Rev 1
password
    Definition: A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization.
    From: FIPS 140-2
pen test
    Definition: A colloquial term for penetration test or penetration testing.
    From: penetration testing
penetration
    Synonym(s): intrusion
penetration testing
    Definition: An evaluation methodology whereby assessors search for vulnerabilities and attempt to circumvent the security features of a network and/or information system.
    From: NCSD Glossary, CNSSI 4009, NIST SP 800-53 Rev 4
personal identifying information / personally identifiable information
    Definition: The information that permits the identity of an individual to be directly or indirectly inferred.
    From: NCSD Glossary, CNSSI 4009, GAO Report 08-356, as cited in NIST SP 800-63 Rev 1
phishing
    Definition: A digital form of social engineering to deceive individuals into providing sensitive information.
    From: NCSD Glossary, CNSSI 4009, NIST SP 800-63 Rev 1
plaintext
    Definition: Unencrypted information.
    Related Term(s): ciphertext
    From: CNSSI 4009
precursor
    Definition: An observable occurrence or sign that an attacker may be preparing to cause an incident.
    Related Term(s): indicator
    From: CNSSI 4009, NIST SP 800-61 Rev 2 (DRAFT)
preparedness
    Definition: The activities to build, sustain, and improve readiness capabilities to prevent, protect against, respond to, and recover from natural or manmade incidents.
    From: NIPP
privacy
    Definition: The assurance that the confidentiality of, and access to, certain information about an entity is protected.
    Extended Definition: The ability of individuals to understand and exercise control over how information about themselves may be used by others.
    From: NIST SP 800-130; Adapted from: DHS personnel
private key
    Definition: A cryptographic key that must be kept confidential and is used to enable the operation of an asymmetric (public key) cryptographic algorithm.
    Extended Definition: The secret part of an asymmetric key pair that is uniquely associated with an entity.
    Related Term(s): public key, asymmetric cryptography
    From: CNSSI 4009, NIST SP 800-63 Rev 1, FIPS 201-2, FIPS 140-2, Federal Bridge Certificate Authority Certification Policy 2.25
protect & defend
    Definition: A NICE Framework category consisting of specialty areas responsible for the identification, analysis, and mitigation of threats to internal IT systems or networks.
    From: NICE Framework
public key
    Definition: A cryptographic key that may be widely published and is used to enable the operation of an asymmetric (public key) cryptographic algorithm.
    Extended Definition: The public part of an asymmetric key pair that is uniquely associated with an entity and that may be made public.
    Related Term(s): private key, asymmetric cryptography
    From: CNSSI 4009, NIST SP 800-63 Rev 1, FIPS 201-2, FIPS 140-2, Federal Bridge Certificate Authority Certification Policy 2.25
public key cryptography
    Definition: A branch of cryptography in which a cryptographic system or algorithms use two uniquely linked keys: a public key and a private key (a key pair).
    Synonym(s): asymmetric cryptography, public key encryption
    From: CNSSI 4009, FIPS 140-2, InCommon Glossary
public key encryption
    Synonym(s): public key cryptography
public key infrastructure
    Definition: A framework consisting of standards and services to enable secure, encrypted communication and authentication over potentially insecure networks such as the Internet.
    Extended Definition: A framework and services for generating, producing, distributing, controlling, accounting for, and revoking (destroying) public key certificates.
    From: CNSSI 4009, IETF RFC 2828, Federal Bridge Certificate Authority Cross-certification Methodology 3.0, InCommon Glossary, Kantara Identity Assurance Framework 1100, NIST SP 800-63 Rev 1

Letter: R

recovery
    Definition: The activities after an incident or event to restore essential services and operations in the short and medium term and fully restore all capabilities in the longer term.
    From: NIPP
red team
    Definition: A group authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s cybersecurity posture.
    Related Term(s): Blue Team, White Team
    From: CNSSI 4009
red team exercise
    Definition: An exercise, reflecting real-world conditions, that is conducted as a simulated attempt by an adversary to attack or exploit vulnerabilities in an enterprise's information systems.
    Related Term(s): cyber exercise
    From: NIST SP 800-53 Rev 4
redundancy
    Definition: Additional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process.
    From: DHS Risk Lexicon
resilience
    Definition: The ability to adapt to changing conditions and prepare for, withstand, and rapidly recover from disruption.
    From: DHS Risk Lexicon
response
    Definition: The activities that address the short-term, direct effects of an incident and may also support short-term recovery.
    Extended Definition: In cybersecurity, response encompasses both automated and manual activities.
    Related Term(s): recovery
    From: National Infrastructure Protection Plan, NCPS Target Architecture Glossary
response plan
    Synonym(s): incident response plan
risk
    Definition: The potential for an unwanted or adverse outcome resulting from an incident, event, or occurrence, as determined by the likelihood that a particular threat will exploit a particular vulnerability, with the associated consequences.
    From: DHS Risk Lexicon, NIPP and adapted from: CNSSI 4009, FIPS 200, NIST SP 800-53 Rev 4, SAFE-BioPharma Certificate Policy 2.5
risk analysis
    Definition: The systematic examination of the components and characteristics of risk.
    Related Term(s): risk assessment, risk
    From: DHS Risk Lexicon
risk assessment
    Definition: The product or process which collects information and assigns values to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making.
    Extended Definition: The appraisal of the risks facing an entity, asset, system, or network, organizational operations, individuals, geographic area, other organizations, or society, and includes determining the extent to which adverse circumstances or events could result in harmful consequences.
    Related Term(s): risk analysis, risk
    From: DHS Risk Lexicon, CNSSI 4009, NIST SP 800-53 Rev 4
risk management
    Definition: The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.
    Extended Definition: Includes: 1) conducting a risk assessment; 2) implementing strategies to mitigate risks; 3) continuous monitoring of risk over time; and 4) documenting the overall risk management program.
    Related Term(s): enterprise risk management, integrated risk management, risk
    From: DHS Risk Lexicon and Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4
risk mitigation
    Synonym(s): mitigation
risk-based data management
    Definition: A structured approach to managing risks to data and information by which an organization selects and applies appropriate security controls in compliance with policy and commensurate with the sensitivity and value of the data.
    From: DHS personnel
rootkit
    Definition: A set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges, and conceal the activities conducted by the tools.
    From: CNSSI 4009

Letter: S

secret key
    Definition: A cryptographic key that is used for both encryption and decryption, enabling the operation of a symmetric key cryptography scheme.
    Extended Definition: Also, a cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption of plaintext and decryption of ciphertext.
    Related Term(s): symmetric key
    From: CNSSI 4009
securely provision
    Definition: A NICE Framework category consisting of specialty areas concerned with conceptualizing, designing, and building secure IT systems, with responsibility for some aspect of the systems' development.
    From: NICE Framework
security automation
    Definition: The use of information technology in place of manual processes for cyber incident response and management.
    From: DHS personnel
security incident
    Synonym(s): incident
security policy
    Definition: A rule or set of rules that govern the acceptable use of an organization's information and services to a level of acceptable risk and the means for protecting the organization's information assets.
    Extended Definition: A rule or set of rules applied to an information system to provide security services.
    From: CNSSI 4009, NIST SP 800-53 Rev 4, NIST SP 800-130, OASIS SAML Glossary 2.0
security program management
    Definition: In the NICE Framework, cybersecurity work where a person: Manages information security (e.g., information security) implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and other resources (e.g., the role of a Chief Information Security Officer).
    From: NICE Framework
signature
    Definition: A recognizable, distinguishing pattern.
    Extended Definition: Types of signatures: attack signature, digital signature, electronic signature.
    From: CNSSI 4009; Adapted from: NIST SP 800-94
situational awareness
    Definition: Comprehending information about the current and developing security posture and risks, based on information gathered, observation and analysis, and knowledge or experience.
    Extended Definition: In cybersecurity, comprehending the current status and security posture with respect to availability, confidentiality, and integrity of networks, systems, users, and data, as well as projecting future states of these.
    From: CNSSI 4009, DHS personnel, National Response Framework
software assurance
    Definition: The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner.
    From: CNSSI 4009
software assurance and security engineering
    Definition: In the NICE Framework, cybersecurity work where a person: Develops and writes/codes new (or modifies existing) computer applications, software, or specialized utility programs following software assurance best practices.
    From: NICE Framework
spam
    Definition: The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.
    From: CNSSI 4009
spillage
    Synonym(s): data spill, data breach
spoofing
    Definition: Faking the sending address of a transmission to gain illegal [unauthorized] entry into a secure system.
    Extended Definition: The deliberate inducement of a user or resource to take incorrect action. Note: Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing.
    From: CNSSI 4009
spyware
    Definition: Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.
    Related Term(s): keylogger
    From: CNSSI 4009, NIST SP 800-53 Rev 4
strategic planning and policy development
    Definition: In the NICE Framework, cybersecurity work where a person: Applies knowledge of priorities to define an entity.
    From: NICE Framework
subject
    Definition: An individual, process, or device causing information to flow among objects or a change to the system state.
    Extended Definition: An active entity.
    Related Term(s): object, access, access control
    From: NIST SP 800-53 Rev 4., CNSSI 4009
supervisory control and data acquisition
    Definition: A generic name for a computerized system that is capable of gathering and processing data and applying operational controls to geographically dispersed assets over long distances.
    Related Term(s): Industrial Control System
    From: NCSD Glossary, CNSSI 4009
supply chain
    Definition: A system of organizations, people, activities, information and resources, for creating and moving products including product components and/or services from suppliers through to their customers.
    Related Term(s): supply chain risk management
    From: CNSSI 4009, NIST SP 800-53 Rev 4
supply chain risk management
    Definition: The process of identifying, analyzing, and assessing supply chain risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.
    Related Term(s): supply chain
    From: DHS Risk Lexicon, CNSSD 505
symmetric cryptography
    Definition: A branch of cryptography in which a cryptographic system or algorithms use the same secret key (a shared secret key).
    From: CNSSI 4009, SANS
symmetric encryption algorithm
    Synonym(s): symmetric cryptography
symmetric key
    Definition: A cryptographic key that is used to perform both the cryptographic operation and its inverse, for example to encrypt plaintext and decrypt ciphertext, or create a message authentication code and to verify the code.
    Extended Definition: Also, a cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption of plaintext and decryption of ciphertext.
    Related Term(s): secret key
    From: CNSSI 4009
system administration
    Definition: In the NICE Framework, cybersecurity work where a person: Installs, configures, troubleshoots, and maintains server configurations (hardware and software) to ensure their confidentiality, integrity, and availability; also manages accounts, firewalls, and patches; responsible for access control, passwords, and account creation and administration.
    From: NICE Framework
system integrity
    Definition: The attribute of an information system when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
    Related Term(s): integrity, data integrity
    From: CNSSI 4009
systems development
    Definition: In the NICE Framework, cybersecurity work where a person: Works on the development phases of the systems development lifecycle.
    From: NICE Framework
systems requirements planning
    Definition: In the NICE Framework, cybersecurity work where a person: Consults with customers to gather and evaluate functional requirements and translates these requirements into technical solutions; provides guidance to customers about applicability of information systems to meet business needs.
    From: NICE Framework
systems security analysis
    Definition: In the NICE Framework, cybersecurity work where a person: Conducts the integration/testing, operations, and maintenance of systems security.
    From: NICE Framework
systems security architecture
    Definition: In the NICE Framework, cybersecurity work where a person: Develops system concepts and works on the capabilities phases of the systems development lifecycle; translates technology and environmental conditions (e.g., law and regulation) into system and security designs and processes.
    From: NICE Framework

Letter: T

tabletop exercise
    Definition: A discussion-based exercise where personnel meet in a classroom setting or breakout groups and are presented with a scenario to validate the content of plans, procedures, policies, cooperative agreements or other information for managing an incident.
    From: NCSD Glossary, DHS Homeland Security Exercise and Evaluation Program
tailored trustworthy space
    Definition: A cyberspace environment that provides a user with confidence in its security, using automated mechanisms to ascertain security conditions and adjust the level of security based on the user's context and in the face of an evolving range of threats.
    From: National Science and Technology Council's Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program
targets
    Definition: In the NICE Framework, cybersecurity work where a person: Applies current knowledge of one or more regions, countries, non-state entities, and/or technologies.
    From: NICE Framework
technology research and development
    Definition: In the NICE Framework, cybersecurity work where a person: Conducts technology assessment and integration processes; provides and supports a prototype capability and/or evaluates its utility.
    From: NICE Framework
test and evaluation
    Definition: In the NICE Framework, cybersecurity work where a person: Develops and conducts tests of systems to evaluate compliance with specifications and requirements by applying principles and methods for cost-effective planning, evaluating, verifying, and validating of technical, functional, and performance characteristics (including interoperability) of systems or elements of systems incorporating information technology.
    From: NICE Framework
threat
    Definition: A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society.
    Extended Definition: Includes an individual or group of individuals, entity such as an organization or a nation), action, or occurrence.
    From: DHS Risk Lexicon, NIPP, CNSSI 4009, NIST SP 800-53 Rev 4
threat actor
    Synonym(s): threat agent
threat agent
    Definition: An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.
    Related Term(s): adversary, attacker
    From: DHS Risk Lexicon
threat analysis
    Definition: The detailed evaluation of the characteristics of individual threats.
    Extended Definition: In the NICE Framework, cybersecurity work where a person: Identifies and assesses the capabilities and activities of cyber criminals or foreign intelligence entities; produces findings to help initialize or support law enforcement and counterintelligence investigations or activities.
    From: DHS personnel; From NICE Framework
threat assessment
    Definition: The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations, and/or property.
    Related Term(s): threat analysis
    From: DHS Risk Lexicon and adapted from: CNSSI 4009, NIST SP 800-53, Rev 4
ticket
    Definition: In access control, data that authenticates the identity of a client or a service and, together with a temporary encryption key (a session key), forms a credential.
    From: IETF RFC 4120 Kerberos V5, July 2005; Conrad, E., Misenauer, S., & Feldman, J. (2010). CISSP® Study Guide. Burlington, MA: Syngress
traffic light protocol
    Definition: A set of designations employing four colors (RED, AMBER, GREEN, and WHITE) used to ensure that sensitive information is shared with the correct audience.
    From: US-CERT
trojan horse
    Definition: A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.
    From: CNSSI 4009

Letter: U

unauthorized access
    Definition: Any access that violates the stated security policy.
    From: CNSSI 4009

Letter: V

virus
    Definition: A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer.
    Related Term(s): macro virus
    From: CNSSI 4009
vulnerability
    Definition: A characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard.
    Extended Definition: Characteristic of location or security posture or of design, security procedures, internal controls, or the implementation of any of these that permit a threat or hazard to occur. Vulnerability (expressing degree of vulnerability): qualitative or quantitative expression of the level of susceptibility to harm when a threat or hazard is realized.
    Related Term(s): weakness
    From: DHS Risk Lexicon, CNSSI 4009, NIST SP 800-53 Rev 4
vulnerability assessment and management
    Definition: In the NICE Framework, cybersecurity work where a person: Conducts assessments of threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.
    From: NICE Framework

Letter: W

weakness
    Definition: A shortcoming or imperfection in software code, design, architecture, or deployment that, under proper conditions, could become a vulnerability or contribute to the introduction of vulnerabilities.
    Related Term(s): vulnerability
    From: ITU-T X.1520 CWE, FY 2013 CIO FISMA Reporting Metrics
white team
    Definition: A group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of information systems.
    Related Term(s): Blue Team, Red Team
    From: CNSSI 4009
work factor
    Definition: An estimate of the effort or time needed by a potential adversary, with specified expertise and resources, to overcome a protective measure.
    From: CNSSI 4009
worm
    Definition: A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.
    From: CNSSI 4009

Information technology
IT company
Technical support
IT services
IT support
Network security
Cybersecurity
Cloud services

West Palm Beach
Palm Beach Gardens
Jupiter
Wellington
Boynton Beach
Delray Beach
Boca Raton
Palm Beach Gardens
North Palm Beach
Palm Beach
Lake Worth
Greenacres
Palm Beach Shores
Palm Springs
Riviera Beach
Royal Palm Beach
Juno Beach
South Palm Beach
Jupiter
Tequesta
Jupiter Inlet Colony
Wellington
Lake Worth Beach

Business Services
Managed IT & Support
IT Services
Network & WiFi
Cyber Security
Computers
System Upgrades
On-Site System Repair
End Point Protection & Backup
Security Camera Systems

Cloud technology
Cloud storage solutions
Hybrid cloud
Cloud storage providers
Service cloud
Cloud architecture
Cloud server
Cloud hosting
Cloud computing
Cybersecurity
Network security
IT security
Cybersecurity attack
Computer security software
Cybersecurity analyst
Cybersecurity companies
Cybersecurity engineer
IT services
Information technology specialist
IT manager
Infrastructure as a service
Managed IT services
Technology consulting
Tech solutions
IT service management
Network infrastructure
Programming
Software developer
Computer programming
Dynamic programming
Computer programmer
Web designer
Website creation
Code developer
App developer

Service Industries
Automotive & Towing
Construction & Trades
Entertainment Facilities
Healthcare
Law Offices
Real Estate & HOA
Retail
Restaurant

Adware – Adware refers to any piece of software or application that displays advertisements on your computer.

Advanced Persistent Threat (APT) – An advanced persistent threat is an attack in which an unauthorised user gains access to a system or network without being detected.

Anti-Virus Software – Anti-virus software is a computer program used to prevent, detect, and remove malware.

Artificial Intelligence – Artificial intelligence (AI) refers to the simulation of human intelligence in machines that are programmed to think like humans and mimic their actions.

Attachment – An attachment is a computer file sent with an email message.

Authentication – Authentication is a process that ensures and confirms a user’s identity.

Back door – A backdoor is used to describe a hidden method of bypassing security to gain access to a restricted part of a computer system.

Backup – To make a copy of data stored on a computer or server to reduce the potential impact of failure or loss.

Baiting – Online baiting involves enticing a victim with an incentive.

Bluetooth – Bluetooth is a wireless technology for exchanging data over short distances.

Blackhat – Black hat hacker refers to a hacker that violates computer security for personal gain or malice.

Botnet – A botnet is a collection of internet-connected devices, which may include PCs, servers and mobile devices that are infected and controlled by a common type of malware.

Broadband – High-speed data transmission system where the communications circuit is shared between multiple users.

Browser – A browser is software that is used to access the internet. The most popular web browsers are Chrome, Firefox, Safari, Internet Explorer, and Edge.

Brute Force Attack – Brute force attack is an activity which involves repetitive successive attempts of trying various password combinations to break into any website.

Bug – A bug refers to an error, fault or flaw in a computer program that may cause it to unexpectedly quit or behave in an unintended manner.

BYOD – Bring your own device (BYOD) refers to employees using personal devices to connect to their organisational networks.

Clickjacking – Clickjacking, also known as a UI redress attack, is a common hacking technique in which an attacker creates an invisible page or an HTML element that overlays the legitimate page.

Cloud Computing – The practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer.

Cookie – Cookies are small files which are stored on a user’s computer. Cookies provide a way for the website to recognize you and keep track of your preferences.

Critical Update – A fix for a specific problem that addresses a critical, non-security-related bug in computer software.

Cyber Warfare – Cyber warfare typically refers to cyber-attacks perpetrated by one nation-state against another.

Data Breach – A data breach is a confirmed incident where information has been stolen or taken from a system without the knowledge or authorization of the system’s owner.

Data Server – Data server is the phrase used to describe computer software and hardware that delivers database services.

DDoS Attack – A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

Deepfake – Deepfake refers to any video in which faces have been either swapped or digitally altered, with the help of AI.

Domain name – The part of a network address which identifies it as belonging to a particular domain.

Domain Name Server – A server that converts recognisable domain names into their unique IP address

Download – To copy (data) from one computer system to another, typically over the Internet.

Exploit – A malicious application or script that can be used to take advantage of a computer’s vulnerability.

Firewall – A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

Hacking – Hacking refers to an unauthorised intrusion into a computer or a network.

Honeypot – A decoy system or network that serves to attract potential attackers.

HTML – Hypertext Markup Language (HTML) is the standard markup language for creating web pages and web applications.

Identity theft – Identity theft is a crime in which someone uses personally identifiable information in order to impersonate someone else.

Incident Response Plan – An incident response policy is a plan outlying organisation’s response to an information security incident.

Internet of things (IoT) – The Internet of Things, or IoT, refers to the billions of physical devices around the world that are now connected to the internet, collecting and sharing data.

IP Address – An IP address is an identifying number for a piece of network hardware. Having an IP address allows a device to communicate with other devices over an IP-based network like the internet.

IOS – An operating system used for mobile devices manufactured by Apple.

Keystroke logger – A keystroke logger is software that tracks or logs the keys struck on your keyboard, typically in a covert manner so that you are unaware actions are being monitored.

Malware – Malware is shorthand for malicious software and is designed to cause damage to a computer, server, or computer network.

Malvertising – The use of online advertising to deliver malware.

Memory stick – A memory stick is a small device that connects to a computer and allows you to store and copy information.

MP3 – MP3 is a means of compressing a sound sequence into a very small file, to enable digital storage and transmission.

Multi-Factor Authentication – Multi-Factor Authentication (MFA) provides a method to verify a user’s identity by requiring them to provide more than one piece of identifying information.

Packet Sniffer – Software designed to monitor and record network traffic.

Padlock – A padlock icon displayed in a web browser indicates a secure mode where communications between browser and web server are encrypted.

Patch – A patch is a piece of software code that can be applied after the software program has been installed to correct an issue with that program.

Penetration testing – Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit.

Phishing – Phishing is a method of trying to gather personal information using deceptive e-mails and websites.

Policy Management – Policy Management is the process of creating, communicating, and maintaining policies and procedures within an organisation.

Proxy Server – A proxy server is another computer system which serves as a hub through which internet requests are processed.

Pre-texting – Pre-texting is the act of creating a fictional narrative or pretext to manipulate a victim into disclosing sensitive information.

Ransomware – A type of malicious software designed to block access to a computer system until a sum of money is paid.

Rootkit – Rootkits are a type of malware designed to remain hidden on your computer.

Router – A router is a piece of network hardware that allows communication between your local home network and the Internet.

Scam – A scam is a term used to describe any fraudulent business or scheme that takes money or other goods from an unsuspecting person.

Scareware – Scareware is a type of malware designed to trick victims into purchasing and downloading potentially dangerous software.

Security Awareness Training – Security awareness training is a training program aimed at heightening security awareness within an organisation.

Security Operations Centre (SOC) – A SOC monitors an organisation’s security operations to prevent, detect and respond to any potential threats.

Server – A server is a computer program that provides a service to another computer programs (and its user).

Smishing – Smishing is any kind of phishing that involves a text message.

Spam – Spam is slang commonly used to describe junk e-mail on the Internet.

Social Engineering – Social engineering is the art of manipulating people, so they disclose confidential information.

Software – Software is the name given to the programs you will use to perform tasks with your computer.

Spear Phishing – Spear phishing is an email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information.

Spyware – Spyware is a type of software that installs itself on a device and secretly monitors a victim’s online activity.

Tailgating – Tailgating involves someone who lacks the proper authentication following an employee into a restricted area.

Tablet – A tablet is a wireless, portable personal computer with a touchscreen interface.

Traffic – Web traffic is the amount of data sent and received by visitors to a website.

Trojan – A Trojan is also known as Trojan horse. It is a type of malicious software developed by hackers to disguise as legitimate software to gain access to target users’ systems.

Two-Factor Authentication – Two-factor authentication (2FA), often referred to as two-step verification, is a security process in which the user provides two authentication factors to verify they are who they say they are.

USB – USB (Universal Serial Bus) is the most popular connection used to connect a computer to devices such as digital cameras, printers, scanners, and external hard drives.

Username – A username is a name that uniquely identifies someone on a computer system.

Virus – A computer virus is a malicious software program loaded onto a user’s computer without the user’s knowledge and performs malicious actions.

VPN (Virtual Private Network) – A virtual private network gives you online privacy and anonymity by creating a private network from a public Internet connection. VPNs mask your Internet protocol (IP) address so your online actions are virtually untraceable.

Vulnerability – A vulnerability refers to a flaw in a system that can leave it open to attack.

Vishing – Vishing is the telephone equivalent of phishing. It is an attempt to scam someone over the phone into surrendering private information that will be used for identity theft.

Whaling – Whaling is a specific form of phishing that’s targeted at high-profile business executives and managers.

Whitehat – White hat hackers perform penetration testing, test in-place security systems and perform vulnerability assessments for companies.

Worm – A computer worm is a malware computer program that replicates itself in order to spread to other computers.

Wi-Fi – Wi-Fi is a facility that allows computers, smartphones, or other devices to connect to the Internet or communicate with one another wirelessly within a particular area.

Zero-Day – Zero-Day refers to a recently discovered vulnerability that hackers can use to attack systems.

Information technology
IT company
Technical support
IT services
IT support
Network security
Cybersecurity
Cloud services

West Palm Beach
Palm Beach Gardens
Jupiter
Wellington
Boynton Beach
Delray Beach
Boca Raton
Palm Beach Gardens
North Palm Beach
Palm Beach
Lake Worth
Greenacres
Palm Beach Shores
Palm Springs
Riviera Beach
Royal Palm Beach
Juno Beach
South Palm Beach
Jupiter
Tequesta
Jupiter Inlet Colony
Wellington
Lake Worth Beach

Business Services
Managed IT & Support
IT Services
Network & WiFi
Cyber Security
Computers
System Upgrades
On-Site System Repair
End Point Protection & Backup
Security Camera Systems

Cloud technology
Cloud storage solutions
Hybrid cloud
Cloud storage providers
Service cloud
Cloud architecture
Cloud server
Cloud hosting
Cloud computing
Cybersecurity
Network security
IT security
Cybersecurity attack
Computer security software
Cybersecurity analyst
Cybersecurity companies
Cybersecurity engineer
IT services
Information technology specialist
IT manager
Infrastructure as a service
Managed IT services
Technology consulting
Tech solutions
IT service management
Network infrastructure
Programming
Software developer
Computer programming
Dynamic programming
Computer programmer
Web designer
Website creation
Code developer
App developer

Service Industries
Automotive & Towing
Construction & Trades
Entertainment Facilities
Healthcare
Law Offices
Real Estate & HOA
Retail
Restaurant

Access Control
Access Control ensures that resources are only granted to those users who are entitled to them.

Access Control List (ACL)
A mechanism that implements access control for a system resource by listing the identities of the system entities that are permitted to access the resource.

Access Control Service
A security service that provides protection of system resources against unauthorized access. The two basic mechanisms for implementing this service are ACLs and tickets.

Access Management Access
Management is the maintenance of access information which consists of four tasks: account administration, maintenance, monitoring, and revocation.

Access Matrix
An Access Matrix uses rows to represent subjects and columns to represent objects with privileges listed in each cell.

Account Harvesting
Account Harvesting is the process of collecting all the legitimate account names on a system.

ACK Piggybacking
ACK piggybacking is the practice of sending an ACK inside another packet going to the same destination.

Active Content
Program code embedded in the contents of a web page. When the page is accessed by a web browser, the embedded code is automatically downloaded and executed on the user's workstation. Ex. Java, ActiveX (MS)

Activity Monitors
Activity monitors aim to prevent virus infection by monitoring for malicious activity on a system, and blocking that activity when possible.

Address Resolution Protocol (ARP)
Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address to a physical machine address that is recognized in the local network. A table, usually called the ARP cache, is used to maintain a correlation between each MAC address and its corresponding IP address. ARP provides the protocol rules for making this correlation and providing address conversion in both directions.

Advanced Encryption Standard (AES)
An encryption standard being developed by NIST. Intended to specify an unclassified, publicly-disclosed, symmetric encryption algorithm.

Algorithm
A finite set of step-by-step instructions for a problem-solving or computation procedure, especially one that can be implemented by a computer.

Applet
Java programs; an application program that uses the client's web browser to provide a user interface.

ARPANET
Advanced Research Projects Agency Network, a pioneer packet-switched network that was built in the early 1970s under contract to the US Government, led to the development of today's Internet, and was decommissioned in June 1990.

Asymmetric Cryptography
Public-key cryptography; A modern branch of cryptography in which the algorithms employ a pair of keys (a public key and a private key) and use a different component of the pair for different steps of the algorithm.

Asymmetric Warfare
Asymmetric warfare is the fact that a small investment, properly leveraged, can yield incredible results.

Auditing
Auditing is the information gathering and analysis of assets to ensure such things as policy compliance and security from vulnerabilities.

Authentication
Authentication is the process of confirming the correctness of the claimed identity.

Authenticity
Authenticity is the validity and conformance of the original information.

Authorization
Authorization is the approval, permission, or empowerment for someone or something to do something.

Autonomous System
One network or series of networks that are all under one administrative control. An autonomous system is also sometimes referred to as a routing domain. An autonomous system is assigned a globally unique number, sometimes called an Autonomous System Number (ASN).

Availability
Availability is the need to ensure that the business purpose of the system can be met and that it is accessible to those who need to use it.

Backdoor
A backdoor is a tool installed after a compromise to give an attacker easier access to the compromised system around any security mechanisms that are in place.

Bandwidth
Commonly used to mean the capacity of a communication channel to pass data through the channel in a given amount of time. Usually expressed in bits per second.

Banner
A banner is the information that is displayed to a remote user trying to connect to a service. This may include version information, system information, or a warning about authorized use.

Basic Authentication
Basic Authentication is the simplest web-based authentication scheme that works by sending the username and password with each request.

Bastion Host
A bastion host has been hardened in anticipation of vulnerabilities that have not been discovered yet.

BIND
BIND stands for Berkeley Internet Name Domain and is an implementation of DNS. DNS is used for domain name to IP address resolution.

Biometrics
Biometrics use physical characteristics of the users to determine access.

Bit
The smallest unit of information storage; a contraction of the term "binary digit;" one of two symbolsN"0" (zero) and "1" (one) - that are used to represent binary numbers.

Block Cipher
A block cipher encrypts one block of data at a time.

Blue Team
The people who perform defensive cybersecurity tasks, including placing and configuring firewalls, implementing patching programs, enforcing strong authentication, ensuring physical security measures are adequate and a long list of similar undertakings.

Boot Record Infector
A boot record infector is a piece of malware that inserts malicious code into the boot sector of a disk.

Border Gateway Protocol (BGP)
An inter-autonomous system routing protocol. BGP is used to exchange routing information for the Internet and is the protocol used between Internet service providers (ISP).

Botnet
A botnet is a large number of compromised computers that are used to create and send spam or viruses or flood a network with messages as a denial of service attack.

Bridge
A product that connects a local area network (LAN) to another local area network that uses the same protocol (for example, Ethernet or token ring).

British Standard 7799
A standard code of practice and provides guidance on how to secure an information system. It includes the management framework, objectives, and control requirements for information security management systems.

Broadcast
To simultaneously send the same message to multiple recipients. One host to all hosts on network.

Broadcast Address
An address used to broadcast a datagram to all hosts on a given network using UDP or ICMP protocol.

Browser
A client computer program that can retrieve and display information from servers on the World Wide Web.

Brute Force
A cryptanalysis technique or other kind of attack method involving an exhaustive procedure that tries all possibilities, one-by-one.

Buffer Overflow
A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them.

Business Continuity Plan (BCP)
A Business Continuity Plan is the plan for emergency response, backup operations, and post-disaster recovery steps that will ensure the availability of critical resources and facilitate the continuity of operations in an emergency situation.

Business Impact Analysis (BIA)
A Business Impact Analysis determines what levels of impact to a system are tolerable.

Byte
A fundamental unit of computer storage; the smallest addressable unit in a computer's architecture. Usually holds one character of information and usually means eight bits.

C-D

Cache
Pronounced cash, a special high-speed storage mechanism. It can be either a reserved section of main memory or an independent high-speed storage device. Two types of caching are commonly used in personal computers: memory caching and disk caching.

Cache Cramming
Cache Cramming is the technique of tricking a browser to run cached Java code from the local disk, instead of the internet zone, so it runs with less restrictive permissions.

Cache Poisoning
Malicious or misleading data from a remote name server is saved [cached] by another name server. Typically used with DNS cache poisoning attacks.

Call Admission Control (CAC)
The inspection and control all inbound and outbound voice network activity by a voice firewall based on user-defined policies.

Cell
A cell is a unit of data transmitted over an ATM network.

Certificate-Based Authentication
Certificate-Based Authentication is the use of SSL and certificates to authenticate and encrypt HTTP traffic.

CGI
Common Gateway Interface. This mechanism is used by HTTP servers (web servers) to pass parameters to executable scripts in order to generate responses dynamically.

Chain of Custody
Chain of Custody is the important application of the Federal rules of evidence and its handling.

Challenge-Handshake Authentication Protocol (CHAP)
The Challenge-Handshake Authentication Protocol uses a challenge/response authentication mechanism where the response varies every challenge to prevent replay attacks.

Checksum
A value that is computed by a function that is dependent on the contents of a data object and is stored or transmitted together with the object, for the purpose of detecting changes in the data.

Cipher
A cryptographic algorithm for encryption and decryption.

Ciphertext
Ciphertext is the encrypted form of the message being sent.

Circuit Switched Network
A circuit switched network is where a single continuous physical circuit connected two endpoints where the route was immutable once set up.

Client
A system entity that requests and uses a service provided by another system entity, called a "server." In some cases, the server may itself be a client of some other server.

Cloud Computing
Utilization of remote servers in the data-center of a cloud provider to store, manage, and process your data instead of using local computer systems.

Cold/Warm/Hot Disaster Recovery Site
* Hot site. It contains fully redundant hardware and software, with telecommunications, telephone and utility connectivity to continue all primary site operations. Failover occurs within minutes or hours, following a disaster. Daily data synchronization usually occurs between the primary and hot site, resulting in minimum or no data loss. Offsite data backup tapes might be obtained and delivered to the hot site to help restore operations. Backup tapes should be regularly tested to detect data corruption, malicious code and environmental damage. A hot site is the most expensive option. * Warm site. It contains partially redundant hardware and software, with telecommunications, telephone and utility connectivity to continue some, but not all primary site operations. Failover occurs within hours or days, following a disaster. Daily or weekly data synchronization usually occurs between the primary and warm site, resulting in minimum data loss. Offsite data backup tapes must be obtained and delivered to the warm site to restore operations. A warm site is the second most expensive option. * Cold site. Hardware is ordered, shipped and installed, and software is loaded. Basic telecommunications, telephone and utility connectivity might need turning on to continue some, but not all primary site operations. Relocation occurs within weeks or longer, depending on hardware arrival time, following a disaster. No data synchronization occurs between the primary and cold site, and could result in significant data loss. Offsite data backup tapes must be obtained and delivered to the cold site to restore operations. A cold site is the least expensive option.

Collision
A collision occurs when multiple systems transmit simultaneously on the same wire.

Competitive Intelligence
Competitive Intelligence is espionage using legal, or at least not obviously illegal, means.

Computer Emergency Response Team (CERT)
An organization that studies computer and network INFOSEC in order to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer other information to help improve computer and network security.

Computer Network
A collection of host computers together with the sub-network or inter-network through which they can exchange data.

Confidentiality
Confidentiality is the need to ensure that information is disclosed only to those who are authorized to view it.

Configuration Management
Establish a known baseline condition and manage it.

Cookie
Data exchanged between an HTTP server and a browser (a client of the server) to store state information on the client side and retrieve it later for server use. An HTTP server, when sending data to a client, may send along a cookie, which the client retains after the HTTP connection closes. A server can use this mechanism to maintain persistent client-side state information for HTTP-based applications, retrieving the state information in later connections.

Corruption
A threat action that undesirably alters system operation by adversely modifying system functions or data.

Cost Benefit Analysis
A cost benefit analysis compares the cost of implementing countermeasures with the value of the reduced risk.

Countermeasure
Reactive methods used to prevent an exploit from successfully occurring once a threat has been detected. Intrusion Prevention Systems (IPS) commonly employ countermeasures to prevent intruders form gaining further access to a computer network. Other counter measures are patches, access control lists and malware filters.

Covert Channels
Covert Channels are the means by which information can be communicated between two parties in a covert fashion using normal system operations. For example by changing the amount of hard drive space that is available on a file server can be used to communicate information.

Crimeware
A type of malware used by cyber criminals. The malware is designed to enable the cyber criminal to make money off of the infected system (such as harvesting key strokes, using the infected systems to launch Denial of Service Attacks, etc.).

Cron
Cron is a Unix application that runs jobs for users and administrators at scheduled times of the day.

Crossover Cable
A crossover cable reverses the pairs of cables at the other end and can be used to connect devices directly together.

Cryptanalysis
The mathematical science that deals with analysis of a cryptographic system in order to gain knowledge needed to break or circumvent the protection that the system is designed to provide. In other words, convert the cipher text to plaintext without knowing the key.

Cryptographic Algorithm or Hash
An algorithm that employs the science of cryptography, including encryption algorithms, cryptographic hash algorithms, digital signature algorithms, and key agreement algorithms.

Cut-Through
Cut-Through is a method of switching where only the header of a packet is read before it is forwarded to its destination.

Cyclic Redundancy Check (CRC)
Sometimes called "cyclic redundancy code." A type of checksum algorithm that is not a cryptographic hash but is used to implement data integrity service where accidental changes to data are expected.

Daemon
A program which is often started at the time the system boots and runs continuously without intervention from any of the users on the system. The daemon program forwards the requests to other programs (or processes) as appropriate. The term daemon is a Unix term, though many other operating systems provide support for daemons, though they're sometimes called other names. Windows, for example, refers to daemons and System Agents and services.

Data Aggregation
Data Aggregation is the ability to get a more complete picture of the information by analyzing several different types of records at once.

Data Custodian
A Data Custodian is the entity currently using or manipulating the data, and therefore, temporarily taking responsibility for the data.

Data Encryption Standard (DES)
A widely-used method of data encryption using a private (secret) key. There are 72,000,000,000,000,000 (72 quadrillion) or more possible encryption keys that can be used. For each given message, the key is chosen at random from among this enormous number of keys. Like other private key cryptographic methods, both the sender and the receiver must know and use the same private key.

Data Mining
Data Mining is a technique used to analyze existing information, usually with the intention of pursuing new avenues to pursue business.

Data Owner
A Data Owner is the entity having responsibility and authority for the data.

Data Warehousing
Data Warehousing is the consolidation of several previously independent databases into one location.

Datagram
Request for Comment 1594 says, "a self-contained, independent entity of data carrying sufficient information to be routed from the source to the destination computer without reliance on earlier exchanges between this source and destination computer and the transporting network." The term has been generally replaced by the term packet. Datagrams or packets are the message units that the Internet Protocol deals with and that the Internet transports. A datagram or packet needs to be self-contained without reliance on earlier exchanges because there is no connection of fixed duration between the two communicating points as there is, for example, in most voice telephone conversations. (This kind of protocol is referred to as connectionless.)

Day Zero
The "Day Zero" or "Zero Day" is the day a new vulnerability is made known. In some cases, a "zero day" exploit is referred to an exploit for which no patch is available yet. ("day one"-> day at which the patch is made available).

Decapsulation
Decapsulation is the process of stripping off one layer's headers and passing the rest of the packet up to the next higher layer on the protocol stack.

Decryption
Decryption is the process of transforming an encrypted message into its original plaintext.

Defacement
Defacement is the method of modifying the content of a website in such a way that it becomes "vandalized" or embarrassing to the website owner.

Defense In-Depth
Defense In-Depth is the approach of using multiple layers of security to guard against failure of a single security component.

Demilitarized Zone (DMZ)
In computer security, in general a demilitarized zone (DMZ) or perimeter network is a network area (a subnetwork) that sits between an organization's internal network and an external network, usually the Internet. DMZ's help to enable the layered security model in that they provide subnetwork segmentation based on security requirements or policy. DMZ's provide either a transit mechanism from a secure source to an insecure destination or from an insecure source to a more secure destination. In some cases, a screened subnet which is used for servers accessible from the outside is referred to as a DMZ.

Denial of Service
The prevention of authorized access to a system resource or the delaying of system operations and functions.

Dictionary Attack
An attack that tries all of the phrases or words in a dictionary, trying to crack a password or key. A dictionary attack uses a predefined list of words compared to a brute force attack that tries all possible combinations.

Diffie-Hellman
A key agreement algorithm published in 1976 by Whitfield Diffie and Martin Hellman. Diffie-Hellman does key establishment, not encryption. However, the key that it produces may be used for encryption, for further key management operations, or for any other cryptography.

Digest Authentication
Digest Authentication allows a web client to compute MD5 hashes of the password to prove it has the password.

Digital Certificate
A digital certificate is an electronic "credit card" that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority. It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real.

Digital Envelope
A digital envelope is an encrypted message with the encrypted session key.

Digital Signature
A digital signature is a hash of a message that uniquely identifies the sender of the message and proves the message hasn't changed since transmission.

Digital Signature Algorithm (DSA)
An asymmetric cryptographic algorithm that produces a digital signature in the form of a pair of large numbers. The signature is computed using rules and parameters such that the identity of the signer and the integrity of the signed data can be verified.

Digital Signature Standard (DSS)
The US Government standard that specifies the Digital Signature Algorithm (DSA), which involves asymmetric cryptography.

Disassembly
The process of taking a binary program and deriving the source code from it.

Disaster Recovery Plan (DRP)
A Disaster Recovery Plan is the process of recovery of IT systems in the event of a disruption or disaster.

Discretionary Access Control (DAC)
Discretionary Access Control consists of something the user can manage, such as a document password.

Disruption
A circumstance or event that interrupts or prevents the correct operation of system services and functions.

Distance Vector
Distance vectors measure the cost of routes to determine the best route to all known networks.

Distributed Scans
Distributed Scans are scans that use multiple source addresses to gather information.

Domain
A sphere of knowledge, or a collection of facts about some program entities or a number of network points or addresses, identified by a name. On the Internet, a domain consists of a set of network addresses. In the Internet's domain name system, a domain is a name with which name server records are associated that describe sub-domains or host. In Windows NT and Windows 2000, a domain is a set of network resources (applications, printers, and so forth) for a group of users. The user need only to log in to the domain to gain access to the resources, which may be located on a number of different servers in the network.

Domain Hijacking
Domain hijacking is an attack by which an attacker takes over a domain by first blocking access to the domain's DNS server and then putting his own server up in its place.

Domain Name
A domain name locates an organization or other entity on the Internet. For example, the domain name "www.sans.org" locates an Internet address for "sans.org" at Internet point 199.0.0.2 and a particular host server named "www". The "org" part of the domain name reflects the purpose of the organization or entity (in this example, "organization") and is called the top-level domain name. The "sans" part of the domain name defines the organization or entity and together with the top-level is called the second-level domain name.

Domain Name System (DNS)
The domain name system (DNS) is the way that Internet domain names are located and translated into Internet Protocol addresses. A domain name is a meaningful and easy-to-remember "handle" for an Internet address.

Due Care
Due care ensures that a minimal level of protection is in place in accordance with the best practice in the industry.

Due Diligence
Due diligence is the requirement that organizations must develop and deploy a protection plan to prevent fraud, abuse, and additional deploy a means to detect them if they occur.

DumpSec
DumpSec is a security tool that dumps a variety of information about a system's users, file system, registry, permissions, password policy, and services.

Dumpster Diving
Dumpster Diving is obtaining passwords and corporate directories by searching through discarded media.

Dynamic Link Library
A collection of small programs, any of which can be called when needed by a larger program that is running in the computer. The small program that lets the larger program communicate with a specific device such as a printer or scanner is often packaged as a DLL program (usually referred to as a DLL file).

Dynamic Routing Protocol
Allows network devices to learn routes. Ex. RIP, EIGRP Dynamic routing occurs when routers talk to adjacent routers, informing each other of what networks each router is currently connected to. The routers must communicate using a routing protocol, of which there are many to choose from. The process on the router that is running the routing protocol, communicating with its neighbor routers, is usually called a routing daemon. The routing daemon updates the kernel's routing table with information it receives from neighbor routers.

E-F

Eavesdropping
Eavesdropping is simply listening to a private conversation which may reveal information which can provide access to a facility or network.

Echo Reply
An echo reply is the response a machine that has received an echo request sends over ICMP.

Echo Request
An echo request is an ICMP message sent to a machine to determine if it is online and how long traffic takes to get to it.

Egress Filtering
Filtering outbound traffic.

Emanations Analysis
Gaining direct knowledge of communicated data by monitoring and resolving a signal that is emitted by a system and that contains the data but is not intended to communicate the data.

Encapsulation
The inclusion of one data structure within another structure so that the first data structure is hidden for the time being.

Encryption
Cryptographic transformation of data (called "plaintext") into a form (called "cipher text") that conceals the data's original meaning to prevent it from being known or used.

Ephemeral Port
Also called a transient port or a temporary port. Usually is on the client side. It is set up when a client application wants to connect to a server and is destroyed when the client application terminates. It has a number chosen at random that is greater than 1023.

Escrow Passwords
Escrow Passwords are passwords that are written down and stored in a secure location (like a safe) that are used by emergency personnel when privileged personnel are unavailable.

Ethernet
The most widely-installed LAN technology. Specified in a standard, IEEE 802.3, an Ethernet LAN typically uses coaxial cable or special grades of twisted pair wires. Devices are connected to the cable and compete for access using a CSMA/CD protocol.

Event
An event is an observable occurrence in a system or network.

Exponential Backoff Algorithm
An exponential backoff algorithm is used to adjust TCP timeout values on the fly so that network devices don't continue to timeout sending data over saturated links.

Exposure
A threat action whereby sensitive data is directly released to an unauthorized entity.

Extended ACLs (Cisco)
Extended ACLs are a more powerful form of Standard ACLs on Cisco routers. They can make filtering decisions based on IP addresses (source or destination), Ports (source or destination), protocols, and whether a session is established.

Extensible Authentication Protocol (EAP)
A framework that supports multiple, optional authentication mechanisms for PPP, including clear-text passwords, challenge-response, and arbitrary dialog sequences.

Exterior Gateway Protocol (EGP)
A protocol which distributes routing information to the routers which connect autonomous systems.

False Rejects
False Rejects are when an authentication system fails to recognize a valid user.

Fast File System
The first major revision to the Unix file system, providing faster read access and faster (delayed, asynchronous) write access through a disk cache and better file system layout on disk. It uses inodes (pointers) and data blocks.

Fast Flux
Protection method used by botnets consisting of a continuous and fast change of the DNS records for a domain name through different IP addresses.

Fault Line Attacks
Fault Line Attacks use weaknesses between interfaces of systems to exploit gaps in coverage.

File Transfer Protocol (FTP)
A TCP/IP protocol specifying the transfer of text or binary files across the network.

Filter
A filter is used to specify which packets will or will not be used. It can be used in sniffers to determine which packets get displayed, or by firewalls to determine which packets get blocked.

Filtering Router
An inter-network router that selectively prevents the passage of data packets according to a security policy. A filtering router may be used as a firewall or part of a firewall. A router usually receives a packet from a network and decides where to forward it on a second network. A filtering router does the same, but first decides whether the packet should be forwarded at all, according to some security policy. The policy is implemented by rules (packet filters) loaded into the router.

Finger
A protocol to lookup user information on a given host. A Unix program that takes an e-mail address as input and returns information about the user who owns that e-mail address. On some systems, finger only reports whether the user is currently logged on. Other systems return additional information, such as the user's full name, address, and telephone number. Of course, the user must first enter this information into the system. Many e-mail programs now have a finger utility built into them.

Fingerprinting
Sending strange packets to a system in order to gauge how it responds to determine the operating system.

Firewall
A logical or physical discontinuity in a network to prevent unauthorized access to data or resources.

Flooding
An attack that attempts to cause a failure in (especially, in the security of) a computer system or other data processing entity by providing more input than the entity can process properly.

Forest
A forest is a set of Active Directory domains that replicate their databases with each other.

Fork Bomb
A Fork Bomb works by using the fork() call to create a new process which is a copy of the original. By doing this repeatedly, all available processes on the machine can be taken up.

Form-Based Authentication
Form-Based Authentication uses forms on a webpage to ask a user to input username and password information.

Forward Lookup
Forward lookup uses an Internet domain name to find an IP address

Forward Proxy
Forward Proxies are designed to be the server through which all requests are made.

Fragment Offset
The fragment offset field tells the sender where a particular fragment falls in relation to other fragments in the original larger packet.

Fragment Overlap Attack
A TCP/IP Fragmentation Attack that is possible because IP allows packets to be broken down into fragments for more efficient transport across various media. The TCP packet (and its header) are carried in the IP packet. In this attack the second fragment contains incorrect offset. When packet is reconstructed, the port number will be overwritten.

Fragmentation
The process of storing a data file in several "chunks" or fragments rather than in a single contiguous sequence of bits in one place on the storage medium.

Frames
Data that is transmitted between network points as a unit complete with addressing and necessary protocol control information. A frame is usually transmitted serial bit by bit and contains a header field and a trailer field that "frame" the data. (Some control frames contain no data.)

Full Duplex
A type of duplex communications channel which carries data in both directions at once. Refers to the transmission of data in two directions simultaneously. Communications in which both sender and receiver can send at the same time.

Fully-Qualified Domain Name
A Fully-Qualified Domain Name is a server name with a hostname followed by the full domain name.

Fuzzing
The use of special regression testing tools to generate out-of-spec input for an application in order to find security vulnerabilities. Also see "regression testing".
G-H

Gateway
A network point that acts as an entrance to another network.

gethostbyaddr
The gethostbyaddr DNS query is when the address of a machine is known and the name is needed.

gethostbyname
The gethostbyname DNS quest is when the name of a machine is known and the address is needed.

GNU
GNU is a Unix-like operating system that comes with source code that can be copied, modified, and redistributed. The GNU project was started in 1983 by Richard Stallman and others, who formed the Free Software Foundation.

Gnutella
An Internet file sharing utility. Gnutella acts as a server for sharing files while simultaneously acting as a client that searches for and downloads files from other users.

Hardening
Hardening is the process of identifying and fixing vulnerabilities on a system.

Hash Function
An algorithm that computes a value based on a data object thereby mapping the data object to a smaller data object.

Hash Functions
(cryptographic) hash functions are used to generate a one way "check sum" for a larger text, which is not trivially reversed. The result of this hash function can be used to validate if a larger file has been altered, without having to compare the larger files to each other. Frequently used hash functions are MD5 and SHA1.

Header
A header is the extra information in a packet that is needed for the protocol stack to process the packet.

Hijack Attack
A form of active wiretapping in which the attacker seizes control of a previously established communication association.

Honey Client
see Honeymonkey.

Honey pot
Programs that simulate one or more network services that you designate on your computer's ports. An attacker assumes you're running vulnerable services that can be used to break into the machine. A honey pot can be used to log access attempts to those ports including the attacker's keystrokes. This could give you advanced warning of a more concerted attack.

Honeymonkey
Automated system simulating a user browsing websites. The system is typically configured to detect web sites which exploit vulnerabilities in the browser. Also known as Honey Client.

Hops
A hop is each exchange with a gateway a packet takes on its way to the destination.

Host
Any computer that has full two-way access to other computers on the Internet. Or a computer with a web server that serves the pages for one or more Web sites.

Host-Based ID
Host-based intrusion detection systems use information from the operating system audit records to watch all operations occurring on the host that the intrusion detection software has been installed upon. These operations are then compared with a pre-defined security policy. This analysis of the audit trail imposes potentially significant overhead requirements on the system because of the increased amount of processing power which must be utilized by the intrusion detection system. Depending on the size of the audit trail and the processing ability of the system, the review of audit data could result in the loss of a real-time analysis capability.

HTTP Proxy
An HTTP Proxy is a server that acts as a middleman in the communication between HTTP clients and servers.

HTTPS
When used in the first part of a URL (the part that precedes the colon and specifies an access scheme or protocol), this term specifies the use of HTTP enhanced by a security mechanism, which is usually SSL.

Hub
A hub is a network device that operates by repeating data that it receives on one port to all the other ports. As a result, data transmitted by one host is retransmitted to all other hosts on the hub.

Hybrid Attack
A Hybrid Attack builds on the dictionary attack method by adding numerals and symbols to dictionary words.

Hybrid Encryption
An application of cryptography that combines two or more encryption algorithms, particularly a combination of symmetric and asymmetric encryption.

Hyperlink
In hypertext or hypermedia, an information object (such as a word, a phrase, or an image; usually highlighted by color or underscoring) that points (indicates how to connect) to related information that is located elsewhere and can be retrieved by activating the link.

Hypertext Markup Language (HTML)
The set of markup symbols or codes inserted in a file intended for display on a World Wide Web browser page.

Hypertext Transfer Protocol (HTTP)
The protocol in the Internet Protocol (IP) family used to transport hypertext documents across an internet.
I-K

Identity
Identity is whom someone or what something is, for example, the name by which something is known.

Incident
An incident as an adverse network event in an information system or network or the threat of the occurrence of such an event.

Incident Handling
Incident Handling is an action plan for dealing with intrusions, cyber-theft, denial of service, fire, floods, and other security-related events. It is comprised of a six step process: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned.

Incremental Backups
Incremental backups only backup the files that have been modified since the last backup. If dump levels are used, incremental backups only backup files changed since last backup of a lower dump level.

Inetd (xinetd)
Inetd (or Internet Daemon) is an application that controls smaller internet services like telnet, ftp, and POP.

Inference Attack
Inference Attacks rely on the user to make logical connections between seemingly unrelated pieces of information.

Information Warfare
Information Warfare is the competition between offensive and defensive players over information resources.

Ingress Filtering
Ingress Filtering is filtering inbound traffic.

Input Validation Attacks
Input Validations Attacks are where an attacker intentionally sends unusual input in the hopes of confusing an application.

Integrity
Integrity is the need to ensure that information has not been changed accidentally or deliberately, and that it is accurate and complete.

Integrity Star Property
In Integrity Star Property a user cannot read data of a lower integrity level then their own.

Internet
A term to describe connecting multiple separate networks together.

Internet Control Message Protocol (ICMP)
An Internet Standard protocol that is used to report error conditions during IP datagram processing and to exchange other information concerning the state of the IP network.

Internet Engineering Task Force (IETF)
The body that defines standard Internet operating protocols such as TCP/IP. The IETF is supervised by the Internet Society Internet Architecture Board (IAB). IETF members are drawn from the Internet Society's individual and organization membership.

Internet Message Access Protocol (IMAP)
A protocol that defines how a client should fetch mail from and return mail to a mail server. IMAP is intended as a replacement for or extension to the Post Office Protocol (POP). It is defined in RFC 1203 (v3) and RFC 2060 (v4).

Internet Protocol (IP)
The method or protocol by which data is sent from one computer to another on the Internet.

Internet Protocol Security (IPsec)
A developing standard for security at the network or packet processing layer of network communication.

Internet Standard
A specification, approved by the IESG and published as an RFC, that is stable and well-understood, is technically competent, has multiple, independent, and interoperable implementations with substantial operational experience, enjoys significant public support, and is recognizably useful in some or all parts of the Internet.

Interrupt
An Interrupt is a signal that informs the OS that something has occurred.

Intranet
A computer network, especially one based on Internet technology, that an organization uses for its own internal, and usually private, purposes and that is closed to outsiders.

Intrusion Detection
A security management system for computers and networks. An IDS gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organization) and misuse (attacks from within the organization).

IP Address
A computer's inter-network address that is assigned for use by the Internet Protocol and other protocols. An IP version 4 address is written as a series of four 8-bit numbers separated by periods.

IP Flood
A denial of service attack that sends a host more echo request ("ping") packets than the protocol implementation can handle.

IP Forwarding
IP forwarding is an Operating System option that allows a host to act as a router. A system that has more than 1 network interface card must have IP forwarding turned on in order for the system to be able to act as a router.

IP Spoofing
The technique of supplying a false IP address.

ISO
International Organization for Standardization, a voluntary, non-treaty, non-government organization, established in 1947, with voting members that are designated standards bodies of participating nations and non-voting observer organizations.

Issue-Specific Policy
An Issue-Specific Policy is intended to address specific needs within an organization, such as a password policy.

ITU-T
International Telecommunications Union, Telecommunication Standardization Sector (formerly "CCITT"), a United Nations treaty organization that is composed mainly of postal, telephone, and telegraph authorities of the member countries and that publishes standards called "Recommendations."

Jitter
Jitter or Noise is the modification of fields in a database while preserving the aggregate characteristics of that make the database useful in the first place.

Jump Bag
A Jump Bag is a container that has all the items necessary to respond to an incident inside to help mitigate the effects of delayed reactions.

Kerberos
A system developed at the Massachusetts Institute of Technology that depends on passwords and symmetric cryptography (DES) to implement ticket-based, peer entity authentication service and access control service distributed in a client-server network environment.

Kernel
The essential center of a computer operating system, the core that provides basic services for all other parts of the operating system. A synonym is nucleus. A kernel can be contrasted with a shell, the outermost part of an operating system that interacts with user commands. Kernel and shell are terms used more frequently in Unix and some other operating systems than in IBM mainframe systems.
L-M

Lattice Techniques
Lattice Techniques use security designations to determine access to information.

Layer 2 Forwarding Protocol (L2F)
An Internet protocol (originally developed by Cisco Corporation) that uses tunneling of PPP over IP to create a virtual extension of a dial-up link across a network, initiated by the dial-up server and transparent to the dial-up user.

Layer 2 Tunneling Protocol (L2TP)
An extension of the Point-to-Point Tunneling Protocol used by an Internet service provider to enable the operation of a virtual private network over the Internet.

Least Privilege
Least Privilege is the principle of allowing users or applications the least amount of permissions necessary to perform their intended function.

Legion
Software to detect unprotected shares.

Lightweight Directory Access Protocol (LDAP)
A software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate Intranet.

Link State
With link state, routes maintain information about all routers and router-to-router links within a geographic area, and creates a table of best routes with that information.

List Based Access Control
List Based Access Control associates a list of users and their privileges with each object.

Loadable Kernel Modules (LKM)
Loadable Kernel Modules allow for the adding of additional functionality directly into the kernel while the system is running.

Log Clipping
Log clipping is the selective removal of log entries from a system log to hide a compromise.

Logic bombs
Logic bombs are programs or snippets of code that execute when a certain predefined event occurs. Logic bombs may also be set to go off on a certain date or when a specified set of circumstances occurs.

Logic Gate
A logic gate is an elementary building block of a digital circuit. Most logic gates have two inputs and one output. As digital circuits can only understand binary, inputs and outputs can assume only one of two states, 0 or 1.

Loopback Address
The loopback address (127.0.0.1) is a pseudo IP address that always refer back to the local host and are never sent out onto a network.

MAC Address
A physical address; a numeric value that uniquely identifies that network device from every other device on the planet.

Malicious Code
Software (e.g., Trojan horse) that appears to perform a useful or desirable function, but actually gains unauthorized access to system resources or tricks a user into executing other malicious logic.

Malware
A generic term for a number of different types of malicious code.

Mandatory Access Control (MAC)
Mandatory Access Control controls is where the system controls access to resources based on classification levels assigned to both the objects and the users. These controls cannot be changed by anyone.

Masquerade Attack
A type of attack in which one system entity illegitimately poses as (assumes the identity of) another entity.

md5
A one way cryptographic hash function. Also see "hash functions" and "sha1"

Measures of Effectiveness (MOE)
Measures of Effectiveness is a probability model based on engineering concepts that allows one to approximate the impact a give action will have on an environment. In Information warfare it is the ability to attack or defend within an Internet environment.

Monoculture
Monoculture is the case where a large number of users run the same software, and are vulnerable to the same attacks.

Morris Worm
A worm program written by Robert T. Morris, Jr. that flooded the ARPANET in November, 1988, causing problems for thousands of hosts.

Multi-Cast
Broadcasting from one host to a given set of hosts.

Multi-Homed
You are "multi-homed" if your network is directly connected to two or more ISP's.

Multiplexing
To combine multiple signals from possibly disparate sources, in order to transmit them over a single path.
N-O
NAT
Network Address Translation. It is used to share one or a small number of publicly routable IP addresses among a larger number of hosts. The hosts are assigned private IP addresses, which are then "translated" into one of the publicly routed IP addresses. Typically home or small business networks use NAT to share a single DLS or Cable modem IP address. However, in some cases NAT is used for servers as an additional layer of protection.

National Institute of Standards and Technology (NIST)
National Institute of Standards and Technology, a unit of the US Commerce Department. Formerly known as the National Bureau of Standards, NIST promotes and maintains measurement standards. It also has active programs for encouraging and assisting industry and science to develop and use these standards.

Natural Disaster
Any "act of God" (e.g., fire, flood, earthquake, lightning, or wind) that disables a system component.

Netmask
32-bit number indicating the range of IP addresses residing on a single IP network/subnet/supernet. This specification displays network masks as hexadecimal numbers. For example, the network mask for a class C IP network is displayed as 0xffffff00. Such a mask is often displayed elsewhere in the literature as 255.255.255.0.

Network Address Translation
The translation of an Internet Protocol address used within one network to a different IP address known within another network. One network is designated the inside network and the other is the outside.

Network Mapping
To compile an electronic inventory of the systems and the services on your network.

Network Taps
Network taps are hardware devices that hook directly onto the network cable and send a copy of the traffic that passes through it to one or more other networked devices.

Network-Based IDS
A network-based IDS system monitors the traffic on its network segment as a data source. This is generally accomplished by placing the network interface card in promiscuous mode to capture all network traffic that crosses its network segment. Network traffic on other segments, and traffic on other means of communication (like phone lines) can't be monitored. Network-based IDS involves looking at the packets on the network as they pass by some sensor. The sensor can only see the packets that happen to be carried on the network segment it's attached to. Packets are considered to be of interest if they match a signature.Network-based intrusion detection passively monitors network activity for indications of attacks. Network monitoring offers several advantages over traditional host-based intrusion detection systems. Because many intrusions occur over networks at some point, and because networks are increasingly becoming the targets of attack, these techniques are an excellent method of detecting many attacks which may be missed by host-based intrusion detection mechanisms.

Non-Printable Character
A character that doesn't have a corresponding character letter to its corresponding ASCII code. Examples would be the Linefeed, which is ASCII character code 10 decimal, the Carriage Return, which is 13 decimal, or the bell sound, which is decimal 7. On a PC, you can often add non-printable characters by holding down the Alt key, and typing in the decimal value (i.e., Alt-007 gets you a bell). There are other character encoding schemes, but ASCII is the most prevalent.

Non-Repudiation
Non-repudiation is the ability for a system to prove that a specific user and only that specific user sent a message and that it hasn't been modified.

Null Session
Known as Anonymous Logon, it is a way of letting an anonymous user retrieve information such as user names and shares over the network or connect without authentication. It is used by applications such as explorer.exe to enumerate shares on remote servers.

Octet
A sequence of eight bits. An octet is an eight-bit byte.

One-Way Encryption
Irreversible transformation of plaintext to cipher text, such that the plaintext cannot be recovered from the cipher text by other than exhaustive procedures even if the cryptographic key is known.

One-Way Function
A (mathematical) function, f, which is easy to compute the output based on a given input. However given only the output value it is impossible (except for a brute force attack) to figure out what the input value is.

Open Shortest Path First (OSPF)
Open Shortest Path First is a link state routing algorithm used in interior gateway routing. Routers maintain a database of all routers in the autonomous system with links between the routers, link costs, and link states (up and down).

OSI
OSI (Open Systems Interconnection) is a standard description or "reference model" for how messages should be transmitted between any two points in a telecommunication network. Its purpose is to guide product implementers so that their products will consistently work with other products. The reference model defines seven layers of functions that take place at each end of a communication. Although OSI is not always strictly adhered to in terms of keeping related functions together in a well-defined layer, many if not most products involved in telecommunication make an attempt to describe themselves in relation to the OSI model. It is also valuable as a single reference view of communication that furnishes everyone a common ground for education and discussion.

OSI layers
The main idea in OSI is that the process of communication between two end points in a telecommunication network can be divided into layers, with each layer adding its own set of special, related functions. Each communicating user or program is at a computer equipped with these seven layers of function. So, in a given message between users, there will be a flow of data through each layer at one end down through the layers in that computer and, at the other end, when the message arrives, another flow of data up through the layers in the receiving computer and ultimately to the end user or program. The actual programming and hardware that furnishes these seven layers of function is usually a combination of the computer operating system, applications (such as your Web browser), TCP/IP or alternative transport and network protocols, and the software and hardware that enable you to put a signal on one of the lines attached to your computer. OSI divides telecommunication into seven layers. The layers are in two groups. The upper four layers are used whenever a message passes from or to a user. The lower three layers (up to the network layer) are used when any message passes through the host computer or router. Messages intended for this computer pass to the upper layers. Messages destined for some other host are not passed up to the upper layers but are forwarded to another host. The seven layers are: Layer 7: The application layer...This is the layer at which communication partners are identified, quality of service is identified, user authentication and privacy are considered, and any constraints on data syntax are identified. (This layer is not the application itself, although some applications may perform application layer functions.) Layer 6: The presentation layer...This is a layer, usually part of an operating system, that converts incoming and outgoing data from one presentation format to another (for example, from a text stream into a popup window with the newly arrived text). Sometimes called the syntax layer. Layer 5: The session layer...This layer sets up, coordinates, and terminates conversations, exchanges, and dialogs between the applications at each end. It deals with session and connection coordination. Layer 4: The transport layer...This layer manages the end-to-end control (for example, determining whether all packets have arrived) and error-checking. It ensures complete data transfer. Layer 3: The network layer...This layer handles the routing of the data (sending it in the right direction to the right destination on outgoing transmissions and receiving incoming transmissions at the packet level). The network layer does routing and forwarding. Layer 2: The data-link layer...This layer provides synchronization for the physical level and does bit-stuffing for strings of 1's in excess of 5. It furnishes transmission protocol knowledge and management. Layer 1: The physical layer...This layer conveys the bit stream through the network at the electrical and mechanical level. It provides the hardware means of sending and receiving data on a carrier.

Overload
Hindrance of system operation by placing excess burden on the performance capabilities of a system component.
P-Q

Packet
A piece of a message transmitted over a packet-switching network. One of the key features of a packet is that it contains the destination address in addition to the data. In IP networks, packets are often called datagrams.

Packet Switched Network
A packet switched network is where individual packets each follow their own paths through the network from one endpoint to another.

Partitions
Major divisions of the total physical hard disk space.

Password Authentication Protocol (PAP)
Password Authentication Protocol is a simple, weak authentication mechanism where a user enters the password and it is then sent across the network, usually in the clear.

Password Cracking
Password cracking is the process of attempting to guess passwords, given the password file information.

Password Sniffing
Passive wiretapping, usually on a local area network, to gain knowledge of passwords.

Patch
A patch is a small update released by a software manufacturer to fix bugs in existing programs.

Patching
Patching is the process of updating software to a different version.

Payload
Payload is the actual application data a packet contains.

Penetration
Gaining unauthorized logical access to sensitive data by circumventing a system's protections.

Penetration Testing
Penetration testing is used to test the external perimeter security of a network or facility.

Permutation
Permutation keeps the same letters but changes the position within a text to scramble the message.

Personal Firewalls
Personal firewalls are those firewalls that are installed and run on individual PCs.

Pharming
This is a more sophisticated form of MITM attack. A user’s session is redirected to a masquerading website. This can be achieved by corrupting a DNS server on the Internet and pointing a URL to the masquerading website’s IP. Almost all users use a URL like www.worldbank.com instead of the real IP (192.86.99.140) of the website. Changing the pointers on a DNS server, the URL can be redirected to send traffic to the IP of the pseudo website. At the pseudo website, transactions can be mimicked and information like login credentials can be gathered. With this the attacker can access the real www.worldbank.com site and conduct transactions using the credentials of a valid user on that website.

Phishing
The use of e-mails that appear to originate from a trusted source to trick a user into entering valid credentials at a fake website. Typically the e-mail and the web site looks like they are part of a bank the user is doing business with.

Ping of Death
An attack that sends an improperly large ICMP echo request packet (a "ping") with the intent of overflowing the input buffers of the destination machine and causing it to crash.

Ping Scan
A ping scan looks for machines that are responding to ICMP Echo Requests.

Ping Sweep
An attack that sends ICMP echo requests ("pings") to a range of IP addresses, with the goal of finding hosts that can be probed for vulnerabilities.

Plaintext
Ordinary readable text before being encrypted into ciphertext or after being decrypted.

Point-to-Point Protocol (PPP)
A protocol for communication between two computers using a serial interface, typically a personal computer connected by phone line to a server. It packages your computer's TCP/IP packets and forwards them to the server where they can actually be put on the Internet.

Point-to-Point Tunneling Protocol (PPTP)
A protocol (set of communication rules) that allows corporations to extend their own corporate network through private "tunnels" over the public Internet.

Poison Reverse
Split horizon with poisoned reverse (more simply, poison reverse) does include such routes in updates, but sets their metrics to infinity. In effect, advertising the fact that there routes are not reachable.

Polyinstantiation
Polyinstantiation is the ability of a database to maintain multiple records with the same key. It is used to prevent inference attacks.

Polymorphism
Polymorphism is the process by which malicious software changes its underlying code to avoid detection.

Port
A port is nothing more than an integer that uniquely identifies an endpoint of a communication stream. Only one process per machine can listen on the same port number.

Port Scan
A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a "well-known" port number, the computer provides. Port scanning, a favorite approach of computer cracker, gives the assailant an idea where to probe for weaknesses. Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed for weakness.

Possession
Possession is the holding, control, and ability to use information.

Post Office Protocol, Version 3 (POP3)
An Internet Standard protocol by which a client workstation can dynamically access a mailbox on a server host to retrieve mail messages that the server has received and is holding for the client.

Practical Extraction and Reporting Language (Perl)
A script programming language that is similar in syntax to the C language and that includes a number of popular Unix facilities such as sed, awk, and tr.

Preamble
A preamble is a signal used in network communications to synchronize the transmission timing between two or more systems. Proper timing ensures that all systems are interpreting the start of the information transfer correctly. A preamble defines a specific series of transmission pulses that is understood by communicating systems to mean "someone is about to transmit data". This ensures that systems receiving the information correctly interpret when the data transmission starts. The actual pulses used as a preamble vary depending on the network communication technology in use.

Pretty Good Privacy (PGP)TM
Trademark of Network Associates, Inc., referring to a computer program (and related protocols) that uses cryptography to provide data security for electronic mail and other applications on the Internet.

Private Addressing
IANA has set aside three address ranges for use by private or non-Internet connected networks. This is referred to as Private Address Space and is defined in RFC 1918. The reserved address blocks are: 10.0.0.0 to 10.255.255.255 (10/8 prefix) 172.16.0.0 to 172.31.255.255 (172.16/12 prefix) 192.168.0.0 to 192.168.255.255 (192.168/16 prefix)

Program Infector
A program infector is a piece of malware that attaches itself to existing program files.

Program Policy
A program policy is a high-level policy that sets the overall tone of an organization's security approach.

Promiscuous Mode
When a machine reads all packets off the network, regardless of who they are addressed to. This is used by network administrators to diagnose network problems, but also by unsavory characters who are trying to eavesdrop on network traffic (which might contain passwords or other information).

Proprietary Information
Proprietary information is that information unique to a company and its ability to compete, such as customer lists, technical data, product costs, and trade secrets.

Protocol
A formal specification for communicating; an IP address the special set of rules that end points in a telecommunication connection use when they communicate. Protocols exist at several levels in a telecommunication connection.

Protocol Stacks (OSI)
A set of network protocol layers that work together.

Proxy Server
A server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service. A proxy server is associated with or part of a gateway server that separates the enterprise network from the outside network and a firewall server that protects the enterprise network from outside intrusion.

Public Key
The publicly-disclosed component of a pair of cryptographic keys used for asymmetric cryptography.

Public Key Encryption
The popular synonym for "asymmetric cryptography".

Public Key Infrastructure (PKI)
A PKI (public key infrastructure) enables users of a basically unsecured public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates.

Public-Key Forward Secrecy (PFS)
For a key agreement protocol based on asymmetric cryptography, the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the private keys is compromised in the future.

QAZ
A network worm.
R-S

Race Condition
A race condition exploits the small window of time between a security control being applied and when the service is used.

Radiation Monitoring
Radiation monitoring is the process of receiving images, data, or audio from an unprotected source by listening to radiation signals.

Ransomware
A type of malware that is a form of extortion. It works by encrypting a victim's hard drive denying them access to key files. The victim must then pay a ransom to decrypt the files and gain access to them again.

Reconnaissance
Reconnaissance is the phase of an attack where an attackers finds new systems, maps out networks, and probes for specific, exploitable vulnerabilities.

Reflexive ACLs (Cisco)
Reflexive ACLs for Cisco routers are a step towards making the router act like a stateful firewall. The router will make filtering decisions based on whether connections are a part of established traffic or not.

Registry
The Registry in Windows operating systems in the central set of settings and information required to run the Windows computer.

regression analysis
The use of scripted tests which are used to test software for all possible input is should expect. Typically developers will create a set of regression tests that are executed before a new version of a software is released. Also see "fuzzing".

Request for Comment (RFC)
A series of notes about the Internet, started in 1969 (when the Internet was the ARPANET). An Internet Document can be submitted to the IETF by anyone, but the IETF decides if the document becomes an RFC. Eventually, if it gains enough interest, it may evolve into an Internet standard.

Resource Exhaustion
Resource exhaustion attacks involve tying up finite resources on a system, making them unavailable to others.

Response
A response is information sent that is responding to some stimulus.

Reverse Address Resolution Protocol (RARP)
RARP (Reverse Address Resolution Protocol) is a protocol by which a physical machine in a local area network can request to learn its IP address from a gateway server's Address Resolution Protocol table or cache. A network administrator creates a table in a local area network's gateway router that maps the physical machine (or Media Access Control - MAC address) addresses to corresponding Internet Protocol addresses. When a new machine is set up, its RARP client program requests from the RARP server on the router to be sent its IP address. Assuming that an entry has been set up in the router table, the RARP server will return the IP address to the machine which can store it for future use.

Reverse Engineering
Acquiring sensitive data by disassembling and analyzing the design of a system component.

Reverse Lookup
Find out the hostname that corresponds to a particular IP address. Reverse lookup uses an IP (Internet Protocol) address to find a domain name.

Reverse Proxy
Reverse proxies take public HTTP requests and pass them to back-end webservers to send the content to it, so the proxy can then send the content to the end-user.

Risk
Risk is the product of the level of threat with the level of vulnerability. It establishes the likelihood of a successful attack.

Risk Assessment
A Risk Assessment is the process by which risks are identified and the impact of those risks determined.

Risk Averse
Avoiding risk even if this leads to the loss of opportunity. For example, using a (more expensive) phone call vs. sending an e-mail in order to avoid risks associated with e-mail may be considered "Risk Averse"

Rivest-Shamir-Adleman (RSA)
An algorithm for asymmetric cryptography, invented in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman.

Role Based Access Control
Role based access control assigns users to roles based on their organizational functions and determines authorization based on those roles.

Root
Root is the name of the administrator account in Unix systems.

Rootkit
A collection of tools (programs) that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network.

Router
Routers interconnect logical networks by forwarding information to other networks based upon IP addresses.

Routing Information Protocol (RIP)
Routing Information Protocol is a distance vector protocol used for interior gateway routing which uses hop count as the sole metric of a path's cost.

Routing Loop
A routing loop is where two or more poorly configured routers repeatedly exchange the same packet over and over.

RPC Scans
RPC scans determine which RPC services are running on a machine.

Rule Set Based Access Control (RSBAC)
Rule Set Based Access Control targets actions based on rules for entities operating on objects.

S/Key
A security mechanism that uses a cryptographic hash function to generate a sequence of 64-bit, one-time passwords for remote user login. The client generates a one-time password by applying the MD4 cryptographic hash function multiple times to the user's secret key. For each successive authentication of the user, the number of hash applications is reduced by one.

Safety
Safety is the need to ensure that the people involved with the company, including employees, customers, and visitors, are protected from harm.

Scavenging
Searching through data residue in a system to gain unauthorized knowledge of sensitive data.

Secure Electronic Transactions (SET)
Secure Electronic Transactions is a protocol developed for credit card transactions in which all parties (customers, merchant, and bank) are authenticated using digital signatures, encryption protects the message and provides integrity, and provides end-to-end security for credit card transactions online.

Secure Shell (SSH)
A program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another.

Secure Sockets Layer (SSL)
A protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a public key to encrypt data that's transferred over the SSL connection.

Security Policy
A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources.

Segment
Segment is another name for TCP packets.

Sensitive Information
Sensitive information, as defined by the federal government, is any unclassified information that, if compromised, could adversely affect the national interest or conduct of federal initiatives.

Separation of Duties
Separation of duties is the principle of splitting privileges among multiple individuals or systems.

Server
A system entity that provides a service in response to requests from other system entities called clients.

Session
A session is a virtual connection between two hosts by which network traffic is passed.

Session Hijacking
Take over a session that someone else has established.

Session Key
In the context of symmetric encryption, a key that is temporary or is used for a relatively short period of time. Usually, a session key is used for a defined period of communication between two computers, such as for the duration of a single connection or transaction set, or the key is used in an application that protects relatively large amounts of data and, therefore, needs to be re-keyed frequently.

SHA1
A one way cryptographic hash function. Also see "MD5"

Shadow Password Files
A system file in which encryption user password are stored so that they aren't available to people who try to break into the system.

Share
A share is a resource made public on a machine, such as a directory (file share) or printer (printer share).

Shell
A Unix term for the interactive user interface with an operating system. The shell is the layer of programming that understands and executes the commands a user enters. In some systems, the shell is called a command interpreter. A shell usually implies an interface with a command syntax (think of the DOS operating system and its "C:>" prompts and user commands such as "dir" and "edit").

Signals Analysis
Gaining indirect knowledge of communicated data by monitoring and analyzing a signal that is emitted by a system and that contains the data but is not intended to communicate the data.

Signature
A Signature is a distinct pattern in network traffic that can be identified to a specific tool or exploit.

Simple Integrity Property
In Simple Integrity Property a user cannot write data to a higher integrity level than their own.

Simple Network Management Protocol (SNMP)
The protocol governing network management and the monitoring of network devices and their functions. A set of protocols for managing complex networks.

Simple Security Property
In Simple Security Property a user cannot read data of a higher classification than their own.

Smartcard
A smartcard is an electronic badge that includes a magnetic strip or chip that can record and replay a set key.

Smurf
The Smurf attack works by spoofing the target address and sending a ping to the broadcast address for a remote network, which results in a large amount of ping replies being sent to the target.

Sniffer
A sniffer is a tool that monitors network traffic as it received in a network interface.

Sniffing
A synonym for "passive wiretapping."

Social Engineering
A euphemism for non-technical or low-technology means - such as lies, impersonation, tricks, bribes, blackmail, and threats - used to attack information systems.

Socket
The socket tells a host's IP stack where to plug in a data stream so that it connects to the right application.

Socket Pair
A way to uniquely specify a connection, i.e., source IP address, source port, destination IP address, destination port.

SOCKS
A protocol that a proxy server can use to accept requests from client users in a company's network so that it can forward them across the Internet. SOCKS uses sockets to represent and keep track of individual connections. The client side of SOCKS is built into certain Web browsers and the server side can be added to a proxy server.

Software
Computer programs (which are stored in and executed by computer hardware) and associated data (which also is stored in the hardware) that may be dynamically written or modified during execution.

Source Port
The port that a host uses to connect to a server. It is usually a number greater than or equal to 1024. It is randomly generated and is different each time a connection is made.

Spam
Electronic junk mail or junk newsgroup postings.

Spanning Port
Configures the switch to behave like a hub for a specific port.

Split Horizon
Split horizon is a algorithm for avoiding problems caused by including routes in updates sent to the gateway from which they were learned.

Split Key
A cryptographic key that is divided into two or more separate data items that individually convey no knowledge of the whole key that results from combining the items.

Spoof
Attempt by an unauthorized entity to gain access to a system by posing as an authorized user.

SQL Injection
SQL injection is a type of input validation attack specific to database-driven applications where SQL code is inserted into application queries to manipulate the database.

Stack Mashing
Stack mashing is the technique of using a buffer overflow to trick a computer into executing arbitrary code.

Standard ACLs (Cisco)
Standard ACLs on Cisco routers make packet filtering decisions based on Source IP address only.

Star Property
In Star Property, a user cannot write data to a lower classification level without logging in at that lower classification level.

State Machine
A system that moves through a series of progressive conditions.

Stateful Inspection
Also referred to as dynamic packet filtering. Stateful inspection is a firewall architecture that works at the network layer. Unlike static packet filtering, which examines a packet based on the information in its header, stateful inspection examines not just the header information but also the contents of the packet up through the application layer in order to determine more about the packet than just information about its source and destination.

Static Host Tables
Static host tables are text files that contain hostname and address mapping.

Static Routing
Static routing means that routing table entries contain information that does not change.

Stealthing
Stealthing is a term that refers to approaches used by malicious code to conceal its presence on the infected system.

Steganalysis
Steganalysis is the process of detecting and defeating the use of steganography.

Steganography
Methods of hiding the existence of a message or other data. This is different than cryptography, which hides the meaning of a message but does not hide the message itself. An example of a steganographic method is "invisible" ink.

Stimulus
Stimulus is network traffic that initiates a connection or solicits a response.

Store-and-Forward
Store-and-Forward is a method of switching where the entire packet is read by a switch to determine if it is intact before forwarding it.

Straight-Through Cable
A straight-through cable is where the pins on one side of the connector are wired to the same pins on the other end. It is used for interconnecting nodes on the network.

Stream Cipher
A stream cipher works by encryption a message a single bit, byte, or computer word at a time.

Strong Star Property
In Strong Star Property, a user cannot write data to higher or lower classifications levels than their own.

Sub Network
A separately identifiable part of a larger network that typically represents a certain limited number of host computers, the hosts in a building or geographic area, or the hosts on an individual local area network.

Subnet Mask
A subnet mask (or number) is used to determine the number of bits used for the subnet and host portions of the address. The mask is a 32-bit value that uses one-bits for the network and subnet portions and zero-bits for the host portion.

Switch
A switch is a networking device that keeps track of MAC addresses attached to each of its ports so that data is only transmitted on the ports that are the intended recipient of the data.

Switched Network
A communications network, such as the public switched telephone network, in which any user may be connected to any other user through the use of message, circuit, or packet switching and control devices. Any network providing switched communications service.

Symbolic Links
Special files which point at another file.

Symmetric Cryptography
A branch of cryptography involving algorithms that use the same key for two different steps of the algorithm (such as encryption and decryption, or signature creation and signature verification). Symmetric cryptography is sometimes called "secret-key cryptography" (versus public-key cryptography) because the entities that share the key.

Symmetric Key
A cryptographic key that is used in a symmetric cryptographic algorithm.

SYN Flood
A denial of service attack that sends a host more TCP SYN packets (request to synchronize sequence numbers, used when opening a connection) than the protocol implementation can handle.

Synchronization
Synchronization is the signal made up of a distinctive pattern of bits that network hardware looks for to signal that start of a frame.

Syslog
Syslog is the system logging facility for Unix systems.

System Security Officer (SSO)
A person responsible for enforcement or administration of the security policy that applies to the system.

System-Specific Policy
A System-specific policy is a policy written for a specific system or device.
T-U

T1, T3
A digital circuit using TDM (Time-Division Multiplexing).

Tamper
To deliberately alter a system's logic, data, or control information to cause the system to perform unauthorized functions or services.

TCP Fingerprinting
TCP fingerprinting is the user of odd packet header combinations to determine a remote operating system.

TCP Full Open Scan
TCP Full Open scans check each port by performing a full three-way handshake on each port to determine if it was open.

TCP Half Open Scan
TCP Half Open scans work by performing the first half of a three-way handshake to determine if a port is open.

TCP Wrapper
A software package which can be used to restrict access to certain network services based on the source of the connection; a simple tool to monitor and control incoming network traffic.

TCP/IP
A synonym for "Internet Protocol Suite;" in which the Transmission Control Protocol and the Internet Protocol are important parts. TCP/IP is the basic communication language or protocol of the Internet. It can also be used as a communications protocol in a private network (either an Intranet or an Extranet).

TCPDump
TCPDump is a freeware protocol analyzer for Unix that can monitor network traffic on a wire.

TELNET
A TCP-based, application-layer, Internet Standard protocol for remote login from one host to another.

Threat
A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm.

Threat Assessment
A threat assessment is the identification of types of threats that an organization might be exposed to.

Threat Model
A threat model is used to describe a given threat and the harm it could to do a system if it has a vulnerability.

Threat Vector
The method a threat uses to get to the target.

Time to Live
A value in an Internet Protocol packet that tells a network router whether or not the packet has been in the network too long and should be discarded.

Tiny Fragment Attack
With many IP implementations it is possible to impose an unusually small fragment size on outgoing packets. If the fragment size is made small enough to force some of a TCP packet's TCP header fields into the second fragment, filter rules that specify patterns for those fields will not match. If the filtering implementation does not enforce a minimum fragment size, a disallowed packet might be passed because it didn't hit a match in the filter. STD 5, RFC 791 states: Every Internet module must be able to forward a datagram of 68 octets without further fragmentation. This is because an Internet header may be up to 60 octets, and the minimum fragment is 8 octets.

Token Ring
A token ring network is a local area network in which all computers are connected in a ring or star topology and a binary digit or token-passing scheme is used in order to prevent the collision of data between two computers that want to send messages at the same time.

Token-Based Access Control
Token based access control associates a list of objects and their privileges with each user. (The opposite of list based.)

Token-Based Devices
A token-based device is triggered by the time of day, so every minute the password changes, requiring the user to have the token with them when they log in.

Topology
The geometric arrangement of a computer system. Common topologies include a bus, star, and ring. The specific physical, i.e., real, or logical, i.e., virtual, arrangement of the elements of a network. Note 1: Two networks have the same topology if the connection configuration is the same, although the networks may differ in physical interconnections, distances between nodes, transmission rates, and/or signal types. Note 2: The common types of network topology are illustrated

Traceroute (tracert.exe)
Traceroute is a tool the maps the route a packet takes from the local machine to a remote destination.

Transmission Control Protocol (TCP)
A set of rules (protocol) used along with the Internet Protocol to send data in the form of message units between computers over the Internet. While IP takes care of handling the actual delivery of the data, TCP takes care of keeping track of the individual units of data (called packets) that a message is divided into for efficient routing through the Internet. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent.

Transport Layer Security (TLS)
A protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer.

Triple DES
A block cipher, based on DES, that transforms each 64-bit plaintext block by applying the Data Encryption Algorithm three successive times, using either two or three different keys, for an effective key length of 112 or 168 bits.

Triple-Wrapped
S/MIME usage: data that has been signed with a digital signature, and then encrypted, and then signed again.

Trojan Horse
A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.

Trunking
Trunking is connecting switched together so that they can share VLAN information between them.

Trust
Trust determine which permissions and what actions other systems or users can perform on remote machines.

Trusted Ports
Trusted ports are ports below number 1024 usually allowed to be opened by the root user.

Tunnel
A communication channel created in a computer network by encapsulating a communication protocol's data packets in (on top of) a second protocol that normally would be carried above, or at the same layer as, the first one. Most often, a tunnel is a logical point-to-point link - i.e., an OSI layer 2 connection - created by encapsulating the layer 2 protocol in a transport protocol (such as TCP), in a network or inter-network layer protocol (such as IP), or in another link layer protocol. Tunneling can move data between computers that use a protocol not supported by the network connecting them.

UDP Scan
UDP scans perform scans to determine which UDP ports are open.

Unicast
Broadcasting from host to host.

Uniform Resource Identifier (URI)
The generic term for all types of names and addresses that refer to objects on the World Wide Web.

Uniform Resource Locator (URL)
The global address of documents and other resources on the World Wide Web. The first part of the address indicates what protocol to use, and the second part specifies the IP address or the domain name where the resource is located. For example, http://www.pcwebopedia.com/ind... .

Unix
A popular multi-user, multitasking operating system developed at Bell Labs in the early 1970s. Created by just a handful of programmers, Unix was designed to be a small, flexible system used exclusively by programmers.

Unprotected Share
In Windows terminology, a "share" is a mechanism that allows a user to connect to file systems and printers on other systems. An "unprotected share" is one that allows anyone to connect to it.

User
A person, organization entity, or automated process that accesses a system, whether authorized to do so or not.

User Contingency Plan
User contingency plan is the alternative methods of continuing business operations if IT systems are unavailable.

User Datagram Protocol (UDP)
A communications protocol that, like TCP, runs on top of IP networks. Unlike TCP/IP, UDP/IP provides very few error recovery services, offering instead a direct way to send and receive datagrams over an IP network. It's used primarily for broadcasting messages over a network. UDP uses the Internet Protocol to get a datagram from one computer to another but does not divide a message into packets (datagrams) and reassemble it at the other end. Specifically, UDP doesn't provide sequencing of the packets that the data arrives in.
V-Z

Virtual Private Network (VPN)
A restricted-use, logical (i.e., artificial or simulated) computer network that is constructed from the system resources of a relatively public, physical (i.e., real) network (such as the Internet), often by using encryption (located at hosts or gateways), and often by tunneling links of the virtual network across the real network. For example, if a corporation has LANs at several different sites, each connected to the Internet by a firewall, the corporation could create a VPN by (a) using encrypted tunnels to connect from firewall to firewall across the Internet and (b) not allowing any other traffic through the firewalls. A VPN is generally less expensive to build and operate than a dedicated real network, because the virtual network shares the cost of system resources with other users of the real network.

Virus
A hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting - i.e., inserting a copy of itself into and becoming part of - another program. A virus cannot run by itself; it requires that its host program be run to make the virus active.

Voice Firewall
A physical discontinuity in a voice network that monitors, alerts and controls inbound and outbound voice network activity based on user-defined call admission control (CAC) policies, voice application layer security threats or unauthorized service use violations.

Voice Intrusion Prevention System (IPS)
Voice IPS is a security management system for voice networks which monitors voice traffic for multiple calling patterns or attack/abuse signatures to proactively detect and prevent toll fraud, Denial of Service, telecom attacks, service abuse, and other anomalous activity.

War Chalking
War chalking is marking areas, usually on sidewalks with chalk, that receive wireless signals that can be accessed.

War Dialer
A computer program that automatically dials a series of telephone numbers to find lines connected to computer systems, and catalogs those numbers so that a cracker can try to break into the systems.

War Dialing
War dialing is a simple means of trying to identify modems in a telephone exchange that may be susceptible to compromise in an attempt to circumvent perimeter security.

War Driving
War driving is the process of traveling around looking for wireless access point signals that can be used to get network access.

Web of Trust
A web of trust is the trust that naturally evolves as a user starts to trust other's signatures, and the signatures that they trust.

Web Server
A software process that runs on a host computer connected to the Internet to respond to HTTP requests for documents from client web browsers.

WHOIS
An IP for finding information about resources on networks.

Windowing
A windowing system is a system for sharing a computer's graphical display presentation resources among multiple applications at the same time. In a computer that has a graphical user interface (GUI), you may want to use a number of applications at the same time (this is called task). Using a separate window for each application, you can interact with each application and go from one application to another without having to reinitiate it. Having different information or activities in multiple windows may also make it easier for you to do your work. A windowing system uses a window manager to keep track of where each window is located on the display screen and its size and status. A windowing system doesn't just manage the windows but also other forms of graphical user interface entities.

Windump
Windump is a freeware tool for Windows that is a protocol analyzer that can monitor network traffic on a wire.

Wired Equivalent Privacy (WEP)
A security protocol for wireless local area networks defined in the standard IEEE 802.11b.

Wireless Application Protocol
A specification for a set of communication protocols to standardize the way that wireless devices, such as cellular telephones and radio transceivers, can be used for Internet access, including e-mail, the World Wide Web, newsgroups, and Internet Relay Chat.

Wiretapping
Monitoring and recording data that is flowing between two points in a communication system.

World Wide Web ("the Web", WWW, W3)
The global, hypermedia-based collection of information and services that is available on Internet servers and is accessed by browsers using Hypertext Transfer Protocol and other information retrieval mechanisms.

Worm
A computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively.

Zero Day
The "Day Zero" or "Zero Day" is the day a new vulnerability is made known. In some cases, a "zero day" exploit is referred to an exploit for which no patch is available yet. ("day one" - day at which the patch is made available).

Zero-day attack
A zero-day (or zero-hour or day zero) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or undisclosed to the software developer. Zero-day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software developer knows about the vulnerability.

Zombies
A zombie computer (often shortened as zombie) is a computer connected to the Internet that has been compromised by a hacker, a computer virus, or a trojan horse. Generally, a compromised machine is only one of many in a botnet, and will be used to perform malicious tasks of one sort or another under remote direction. Most owners of zombie computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to zombies.
#
3-way handshake
Machine A sends a packet with a SYN flag set to Machine B. B acknowledges A's SYN with a SYN/ACK. A acknowledges B's SYN/ACK with an ACK.

Information technology
IT company
Technical support
IT services
IT support
Network security
Cybersecurity
Cloud services

West Palm Beach
Palm Beach Gardens
Jupiter
Wellington
Boynton Beach
Delray Beach
Boca Raton
Palm Beach Gardens
North Palm Beach
Palm Beach
Lake Worth
Greenacres
Palm Beach Shores
Palm Springs
Riviera Beach
Royal Palm Beach
Juno Beach
South Palm Beach
Jupiter
Tequesta
Jupiter Inlet Colony
Wellington
Lake Worth Beach

Business Services
Managed IT & Support
IT Services
Network & WiFi
Cyber Security
Computers
System Upgrades
On-Site System Repair
End Point Protection & Backup
Security Camera Systems

Cloud technology
Cloud storage solutions
Hybrid cloud
Cloud storage providers
Service cloud
Cloud architecture
Cloud server
Cloud hosting
Cloud computing
Cybersecurity
Network security
IT security
Cybersecurity attack
Computer security software
Cybersecurity analyst
Cybersecurity companies
Cybersecurity engineer
IT services
Information technology specialist
IT manager
Infrastructure as a service
Managed IT services
Technology consulting
Tech solutions
IT service management
Network infrastructure
Programming
Software developer
Computer programming
Dynamic programming
Computer programmer
Web designer
Website creation
Code developer
App developer

Service Industries
Automotive & Towing
Construction & Trades
Entertainment Facilities
Healthcare
Law Offices
Real Estate & HOA
Retail
Restaurant

25 Cyber Security Terms That Everyone Who Uses A Computer Should Know

The topic of cyber security is sweeping the world by storm with some of the largest and most advanced companies in the world falling victim to cyber-attacks in just the last 5 years. Against that backdrop, highly personal and sensitive information such as social security numbers were recently stolen in the Equifax hack, affecting over 145 million people. Unfortunately, as long as computers exist, we are at risk of having our digital data compromised and manipulated. However, living in the digital age is not all that scary – especially if you know what you’re doing.

Understanding how your device works is not as hard as it sounds. But, if you could nail long division in the 4th grade, then you can learn cyber basics that will get you pretty far in your own personal security as well as your company’s.

We’re here to make this learning curve easier by providing a list of the 25 most important cyber security terminology that everyone should know:

cyber security terms cloud

1. Cloud
A technology that allows us to access our files and/or services through the internet from anywhere in the world. Technically speaking, it’s a collection of computers with large storage capabilities that remotely serve requests.

cyber security terms software
2. Software
A set of programs that tell a computer to perform a task. These instructions are compiled into a package that users can install and use. For example, Microsoft Office is an application software.

cyber security domain
3. Domain
A group of computers, printers and devices that are interconnected and governed as a whole. For example, your computer is usually part of a domain at your workplace.

cyber security terms VPN
4. Virtual Private Network (VPN)
A tool that allows the user to remain anonymous while using the internet by masking the location and encrypting traffic.

RELATED: The Global Cybersecurity Skills Gap
cyber security terms IP address
5. IP Address
An internet version of a home address for your computer, which is identified when it communicates over a network; For example, connecting to the internet (a network of networks).

cyber security terms computer exploit
6. Exploit
A malicious application or script that can be used to take advantage of a computer’s vulnerability.

cyber security terms data breach
7. Breach
The moment a hacker successfully exploits a vulnerability in a computer or device, and gains access to its files and network.

cyber security terms firewall
8. Firewall
A defensive technology designed to keep the bad guys out. Firewalls can be hardware or software-based.

cyber security malware
9. Malware “the bad guy”
An umbrella term that describes all forms of malicious software designed to wreak havoc on a computer. Common forms include: viruses, trojans, worms and ransomware.

cyber security terms virus
10. Virus
A type of malware aimed to corrupt, erase or modify information on a computer before spreading to others. However, in more recent years, viruses like Stuxnet have caused physical damage.

wannacry ransomware
11. Ransomware
A form of malware that deliberately prevents you from accessing files on your computer – holding your data hostage. It will typically encrypt files and request that a ransom be paid in order to have them decrypted or recovered. For example, WannaCry Ransomware. For more information on Ransomware, check out our free Ransomware Guide.

trojan virus
12. Trojan horse
A piece of malware that often allows a hacker to gain remote access to a computer through a “back door”.

terms computer worm
13. Worm
A piece of malware that can replicate itself in order to spread the infection to other connected computers.

cyber security terms botnet
14. Bot/Botnet
A type of software application or script that performs tasks on command, allowing an attacker to take complete control remotely of an affected computer. A collection of these infected computers is known as a “botnet” and is controlled by the hacker or “bot-herder”.

RELATED: Schools Are Prime Targets For Cyber Attacks, Survey Finds
spyware malware terms
15. Spyware
A type of malware that functions by spying on user activity without their knowledge. The capabilities include activity monitoring, collecting keystrokes, data harvesting (account information, logins, financial data), and more.

rootkit cybersecurity terminology
16. Rootkit
Another kind of malware that allows cybercriminals to remotely control your computer. Rootkits are especially damaging because they are hard to detect, making it likely that this type of malware could live on your computer for a long time.

cyber security terms botnet DDoS attack
17. DDoS
An acronym that stands for distributed denial of service – a form of cyber attack. This attack aims to make a service such as a website unusable by “flooding” it with malicious traffic or data from multiple sources (often botnets).

cyber security terms spear phishing
18. Phishing or Spear Phishing
A technique used by hackers to obtain sensitive information. For example, using hand-crafted email messages designed to trick people into divulging personal or confidential data such as passwords and bank account information.

cyber security terms encryption
19. Encryption
The process of encoding data to prevent theft by ensuring the data can only be accessed with a key.

BYOD bring your own device
20. BYOD (Bring Your Own Device)
Refers to a company security policy that allows for employees’ personal devices to be used in business. A BYOD policy sets limitations and restrictions on whether or not a personal phone or laptop can be connected over the corporate network.

cyber security terms pentesting
21. Pen-testing
Short for “penetration testing,” this practice is a means of evaluating security using hacker tools and techniques with the aim of discovering vulnerabilities and evaluating security flaws.

social engineering
22. Social Engineering
A technique used to manipulate and deceive people to gain sensitive and private information. Scams based on social engineering are built around how people think and act. So, once a hacker understands what motivates a person’s actions, they can usually retrieve exactly what they’re looking for – like financial data and passwords.

RELATED: 6 Steps on How to Create Stronger Passwords
cyber security terms clickjacking
23. Clickjacking
A hacking attack that tricks victims into clicking on an unintended link or button, usually disguised as a harmless element.

deepfake cybersecurity term
24. Deepfake
An audio or video clip that has been edited and manipulated to seem real or believable. The most dangerous consequence of the popularity of deepfakes is that they can easily convince people into believing a certain story or theory that may result in user-behavior with a bigger impact as in political or financial.

black hat cyber security
25. White Hat / Black Hat
When speaking in cyber security terms, the differences in hacker “hats” refers to the intention of the hacker. For example:

White hat: Breaches the network to gain sensitive information with the owner’s consent – making it completely legal. This method is usually employed to test infrastructure vulnerabilities.
Black hat: Hackers that break into the network to steal information that will be used to harm the owner or the users without consent. It’s entirely illegal.
We’ve only covered the tip of the iceberg as far as cyber security terms, but this will get you started. Take the steps now to ensure that you and your business are protected – knowledge is power! Check back with Cybint for any follow-up tips and advice by signing up for our mailing list below.

Experience you can trust

Awards and Recognitions