Cyber Security

authentication

Definition: The process of verifying the identity or other attributes of an entity (user, process, or device).Extended Definition: Also the process of verifying the source and integrity of data.

availability

Definition: The property of being accessible and usable upon demand.Extended Definition: In cybersecurity, applies to assets such as information or information systems.Related Term(s): confidentiality, integrity

attack surface

Definition: The set of ways in which an adversary can enter a system and potentially cause damage.Extended Definition: An information system's characteristics that permit an adversary to probe, attack, or maintain presence in the information system.

attack path

Definition: The steps that an adversary takes or may take to plan, prepare for, and execute an attack.

air gap

Definition: To physically separate or isolate a system from other systems or networks (verb).Extended Definition: The physical separation or isolation of a system from other systems or networks (noun).

Analyze

Definition: A NICE Framework category consisting of specialty areas responsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.

attack signature

Definition: A characteristic or distinctive pattern that can be searched for or that can be used in matching to previously identified attacks.Extended Definition: An automated set of rules for identifying a potential threat (such as an exploit or the presence of an attacker tool) and possible responses to that threat.Related Term(s): attack pattern

alert

Definition: A notification that a specific attack has been detected or directed at an organization's information systems.

asset

Definition: A person, structure, facility, information, and records, information technology systems and resources, material, process, relationships, or reputation that has value.Extended Definition: Anything useful that contributes to the success of something, such as an organizational mission; assets are things of value or properties to which value can be assigned.

authorization

Definition: A process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource.Extended Definition: The process or act of granting access privileges or the access privileges as granted.

antivirus software

Definition: A program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents. Sometimes by removing or neutralizing the malicious code.

antispyware software

Definition: A program that specializes in detecting and blocking or removing forms of spyware.

authenticity

Definition: A property achieved through cryptographic methods of being genuine and being able to be verified and trusted, resulting in confidence in the validity of a transmission, information or a message, or sender of information or a message.Related Term(s): integrity, non-repudiation

active attack

Definition: An actual assault perpetrated by an intentional threat source that attempts to alter a system, its resources, its data, or its operations.

Advanced Persistent Threat

Definition: An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception).

attack

Definition: An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity.Extended Definition: The intentional act of attempting to bypass one or more security services or controls of an information system.

adversary

Definition: An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.

attacker

Definition: An individual, group, organization, or government that executes an attack.Extended Definition: A party acting with malicious intent to compromise an information system.Related Term(s): adversary, threat agent

All Source Intelligence

Definition: In the NICE Framework, cybersecurity work where a person: Analyzes threat information from multiple sources, disciplines, and agencies across the Intelligence Community. Synthesizes and places intelligence information in context; draws insights about the possible implications.

access control mechanism

Definition: Security measures designed to detect and deny unauthorized access and permit authorized access to an information system or a physical facility.

attack pattern

Definition: Similar cyber events or behaviors that may indicate an attack has occurred or is occurring, resulting in a security violation or a potential security violation.Extended Definition: For software, descriptions of common methods for exploiting software systems.Related Term(s): attack signature

active content

Definition: Software that is able to automatically carry out or trigger actions without the explicit intervention of a user.

access

Definition: The ability and means to communicate with or otherwise interact with a system, to use system resources to handle information, to gain knowledge of the information the system contains, or to control system components and functions.

attack method

Definition: The manner or technique and means an adversary may use in an assault on information or an information system.

access control

Definition: The process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities.

authenticate

Related Term(s): authentication

attack mode

Synonym(s): attack method

access and identity management

Synonym(s): identity and access management

asymmetric cryptography

Synonym(s): public key cryptography