Cybersecurity Glossary
Letter: A
access
Definition: The ability and means to communicate with or otherwise interact with a system, to use system resources to handle information, to gain knowledge of the information the system contains, or to control system components and functions.
From: CNSSI 4009access and identity management
Synonym(s): identity and access managementaccess control
Definition: The process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities.
Related Term(s): access control mechanism
Adapted from: CNSSI 4009access control mechanism
Definition: Security measures designed to detect and deny unauthorized access and permit authorized access to an information system or a physical facility.
Adapted from: CNSSI 4009active attack
Definition: An actual assault perpetrated by an intentional threat source that attempts to alter a system, its resources, its data, or its operations.
Related Term(s): passive attack
Adapted from: IETF RFC 4949, NIST SP 800-63 Rev 1active content
Definition: Software that is able to automatically carry out or trigger actions without the explicit intervention of a user.
Adapted from: CNSSI 4009Advanced Persistent Threat
Definition: An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception).
From: NIST SP 800-53 Rev 4adversary
Definition: An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.
Related Term(s): threat agent, attacker
From: DHS Risk Lexiconair gap
Definition: To physically separate or isolate a system from other systems or networks (verb).
Extended Definition: The physical separation or isolation of a system from other systems or networks (noun).alert
Definition: A notification that a specific attack has been detected or directed at an organization’s information systems.
Adapted from: CNSSI 4009All Source Intelligence
Definition: In the NICE Framework, cybersecurity work where a person: Analyzes threat information from multiple sources, disciplines, and agencies across the Intelligence Community. Synthesizes and places intelligence information in context; draws insights about the possible implications.
From: NICE FrameworkAnalyze
Definition: A NICE Framework category consisting of specialty areas responsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.
From: NICE Frameworkantispyware software
Definition: A program that specializes in detecting and blocking or removing forms of spyware.
Related Term(s): spyware
Adapted from: NCSD Glossaryantivirus software Definition: A program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents. Sometimes by removing or neutralizing the malicious code.
Adapted from: NCSD Glossaryasset Definition: A person, structure, facility, information, and records, information technology systems and resources, material, process, relationships, or reputation that has value.
Extended Definition: Anything useful that contributes to the success of something, such as an organizational mission; assets are things of value or properties to which value can be assigned.
Adapted from: DHS Risk Lexiconasymmetric cryptography
Synonym(s): public key cryptographyattack
Definition: An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity.
Extended Definition: The intentional act of attempting to bypass one or more security services or controls of an information system.
Related Term(s): active attack, passive attack
From: NCSD Glossary. NTSSI 4009 (2000), CNSSI 4009attack method
Definition: The manner or technique and means an adversary may use in an assault on information or an information system.
Adapted from: DHS Risk Lexicon, NCSD Glossaryattack mode Synonym(s): attack method
attack path
Definition: The steps that an adversary takes or may take to plan, prepare for, and execute an attack.
Adapted from: DHS Risk Lexicon, NCSD Glossaryattack pattern
Definition: Similar cyber events or behaviors that may indicate an attack has occurred or is occurring, resulting in a security violation or a potential security violation.
Extended Definition: For software, descriptions of common methods for exploiting software systems.
Related Term(s): attack signature
Adapted from: Oak Ridge National Laboratory Visualization Techniques for Computer Network Defense, MITRE's CAPEC web siteattack signature
Definition: A characteristic or distinctive pattern that can be searched for or that can be used in matching to previously identified attacks.
Extended Definition: An automated set of rules for identifying a potential threat (such as an exploit or the presence of an attacker tool) and possible responses to that threat.
Related Term(s): attack pattern
Adapted from: NCSD Glossary, CNSSI 4009, ISSG V1.2 Databaseattack surface
Definition: The set of ways in which an adversary can enter a system and potentially cause damage.
Extended Definition: An information system's characteristics that permit an adversary to probe, attack, or maintain presence in the information system.
Adapted from: Manadhata, P.K., & Wing, J.M. in Attack Surface Measurement; DHS personnelattacker
Definition: An individual, group, organization, or government that executes an attack.
Extended Definition: A party acting with malicious intent to compromise an information system.
Related Term(s): adversary, threat agent
Adapted from: Barnum & Sethi (2006), NIST SP 800-63 Rev 1authenticate Related Term(s): authentication
authentication
Definition: The process of verifying the identity or other attributes of an entity (user, process, or device).
Extended Definition: Also the process of verifying the source and integrity of data.
Adapted from: CNSSI 4009, NIST SP 800-21, NISTIR 7298authenticity
Definition: A property achieved through cryptographic methods of being genuine and being able to be verified and trusted, resulting in confidence in the validity of a transmission, information or a message, or sender of information or a message.
Related Term(s): integrity, non-repudiation
Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4authorization
Definition: A process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource.
Extended Definition: The process or act of granting access privileges or the access privileges as granted.
From: OASIS SAML Glossary 2.0; Adapted from CNSSI 4009availability
Definition: The property of being accessible and usable upon demand.
Extended Definition: In cybersecurity, applies to assets such as information or information systems.
Related Term(s): confidentiality, integrity
Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4, 44 U.S.C., Sec 3542
Letter: B
behavior monitoring
Definition: Observing activities of users, information systems, and processes and measuring the activities against organizational policies and rule, baselines of normal activity, thresholds, and trends.
Adapted from: DHS personnel
behavioral monitoring
Synonym(s): behavior monitoringblacklist
Definition: A list of entities that are blocked or denied privileges or access.
Related Term(s): whitelist
Adapted from: DHS personnelBlue Team
Definition: A group that defends an enterprise's information systems when mock attackers (i.e., the Red Team) attack, typically as part of an operational exercise conducted according to rules established and monitored by a neutral group (i.e., the White Team).
Extended Definition: Also, a group that conducts operational vulnerability evaluations and recommends mitigation techniques to customers who need an independent technical review of their cybersecurity posture.
Related Term(s): Red Team, White Team
Adapted from: CNSSI 4009bot
Definition: A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under remote the command and control of a remote administrator.
Extended Definition: A member of a larger collection of compromised computers known as a botnet.
Synonym(s): zombie
Related Term(s): botnetbot herder
Synonym(s): bot masterbot master
Definition: The controller of a botnet that, from a remote location, provides direction to the compromised computers in the botnet.
Synonym(s): bot herderbotnet
Definition: A collection of computers compromised by malicious code and controlled across a network.bug
Definition: An unexpected and relatively small defect, fault, flaw, or imperfection in an information system or device.
Adapted from: NCSD GlossaryBuild Security In
Definition: A set of principles, practices, and tools to design, develop, and evolve information systems and software that enhance resistance to vulnerabilities, flaws, and attacks.
Adapted from: Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program (2011), US-CERT's Build Security In website.
Letter: C
capability
Definition: The means to accomplish a mission, function, or objective.
Related Term(s): intent
Adapted from: DHS Risk Lexiconcipher
Synonym(s): cryptographic algorithmciphertext
Definition: Data or information in its encrypted form.
Related Term(s): plaintext
From: CNSSI 4009cloud computing
Definition: A model for enabling on-demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
Adapted from: CNSSI 4009, NIST SP 800-145Collect & Operate
Definition: A NICE Framework category consisting of specialty areas responsible for specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence.
From: NICE FrameworkCollection Operations
Definition: In the NICE Framework, cybersecurity work where a person: Executes collection using appropriate strategies and within the priorities established through the collection management process.
From: NICE Frameworkcomputer forensics
Synonym(s): digital forensicscomputer network defense
Definition: The actions taken to defend against unauthorized activity within computer networks.
From: CNSSI 4009Computer Network Defense Analysis
Definition: In the NICE Framework, cybersecurity work where a person: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.
From: NICE FrameworkComputer Network Defense Infrastructure Support
Definition: In the NICE Framework, cybersecurity work where a person: Tests, implements, deploys, maintains, reviews, and administers the infrastructure hardware and software that are required to effectively manage the computer network defense service provider network and resources; monitors network to actively remediate unauthorized activities.
From: NICE Frameworkcomputer security incident
Synonym(s): incident
Related Term(s): eventconfidentiality
Definition: A property that information is not disclosed to users, processes, or devices unless they have been authorized to access the information.
Extended Definition: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.
Related Term(s): availability, integrity
Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4, 44 U.S.C., Sec 3542consequence
Definition: The effect of an event, incident, or occurrence.
Extended Definition: In cybersecurity, the effect of a loss of confidentiality, integrity or availability of information or an information system on an organization's operations, its assets, on individuals, other organizations, or on national interests.
Adapted from: DHS Risk Lexicon, National Infrastructure Protection Plan, NIST SP 800-53 Rev 4Continuity of Operations Plan
Definition: A document that sets forth procedures for the continued performance of core capabilities and critical operations during any disruption or potential disruption.Related Term(s): Business Continuity Plan, Disaster Recovery Plan, Contingency Plan
Adapted from: CPG 101, CNSSI 4009critical infrastructure
Definition: The systems and assets, whether physical or virtual, so vital to society that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters.
Related Term(s): key resource
Adapted from: National Infrastructure Protection Plancritical infrastructure and key resources
Synonym(s): critical infrastructurecryptanalysis
Definition: The operations performed in defeating or circumventing cryptographic protection of information by applying mathematical techniques and without an initial knowledge of the key employed in providing the protection.
Extended Definition: The study of mathematical techniques for attempting to defeat or circumvent cryptographic techniques and/or information systems security.
Adapted from: CNSSI 4009, NIST SP 800-130cryptographic algorithm
Definition: A well-defined computational procedure that takes variable inputs, including a cryptographic key, and produces an output.
Related Term(s): key, encryption, decryption, symmetric key, asymmetric key
From: CNSSI 4009cryptography
Definition: The use of mathematical techniques to provide security services, such as confidentiality, data integrity, entity authentication, and data origin authentication.
Extended Definition: The art or science concerning the principles, means, and methods for converting plaintext into ciphertext and for restoring encrypted ciphertext to plaintext.
Related Term(s): plaintext, ciphertext, encryption, decryption
From: NIST SP 800-130; Adapted from: CNSSI 4009cryptology
Definition: The mathematical science that deals with cryptanalysis and cryptography.
Related Term(s): cryptanalysis, cryptography
From: CNSSI 4009Customer Service and Technical Support
Definition: In the NICE Framework, cybersecurity work where a person: Addresses problems, installs, configures, troubleshoots, and provides maintenance and training in response to customer requirements or inquiries (e.g., tiered-level customer support).
From: NICE FrameworkCommon Vulnerabilities and Exposures
Definition: Publicly disclosed information security vulnerabilities and exposures. CVE was launched in 1999 to identify and categorize vulnerabilities in software and firmware.
cyber ecosystem
Definition: The interconnected information infrastructure of interactions among persons, processes, data, and information and communications technologies, along with the environment and conditions that influence those interactions.
Adapted from: DHS personnelcyber exercise
Definition: A planned event during which an organization simulates a cyber disruption to develop or test capabilities such as preventing, detecting, mitigating, responding to or recovering from the disruption.
Adapted from: NCSD Glossary, DHS Homeland Security Exercise and Evaluation Programcyber incident
Synonym(s): incident
Related Term(s): eventcyber incident response plan
Synonym(s): incident response plancyber infrastructure
Definition: An electronic information and communications systems and services and the information contained therein.
Extended Definition: The information and communications systems and services composed of all hardware and software that process, store, and communicate information, or any combination of all of these elements: • Processing includes the creation, access, modification, and destruction of information. • Storage includes paper, magnetic, electronic, and all other media types. • Communications include sharing and distribution of information.
Adapted from: NIPPCyber Operations
Definition: In the NICE Framework, cybersecurity work where a person: Performs activities to gather evidence on criminal or foreign intelligence entities in order to mitigate possible or real-time threats, protect against espionage or insider threats, foreign sabotage, international terrorist activities, or to support other intelligence activities.
From: NICE FrameworkCyber Operations Planning
Definition: in the NICE Framework, cybersecurity work where a person: Performs in-depth joint targeting and cyber planning process. Gathers information and develops detailed Operational Plans and Orders supporting requirements. Conducts strategic and operational-level planning across the full range of operations for integrated information and cyberspace operations
From: NICE Frameworkcybersecurity
Definition: The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation.
Extended Definition: Strategy, policy, and standards regarding the security of and operations in cyberspace, and encompass[ing] the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure.
Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4, NIPP, DHS National Preparedness Goal; White House Cyberspace Policy Review, May 2009cyberspace
Definition: The interdependent network of information technology infrastructures, that includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers.
Adapted from: NSPD 54/HSPD -23, CNSSI 4009, NIST SP 800-53 Rev 4
Letter: D
Data Administration Definition: In the NICE Framework, cybersecurity work where a person: Develops and administers databases and/or data management systems that allow for the storage, query, and utilization of data.
From: NICE Frameworkdata aggregation
Definition: The process of gathering and combining data from different sources, so that the combined data reveals new information.
Extended Definition: The new information is more sensitive than the individual data elements themselves and the person who aggregates the data was not granted access to the totality of the information.
Related Term(s): data mining
Adapted from: CNSSI 4009data breach
Definition: The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information.
Related Term(s): data loss, data theft, exfiltrationdata integrity
Definition: The property that data is complete, intact, and trusted and has not been modified or destroyed in an unauthorized or accidental manner.
Related Term(s): integrity, system integrity
Adapted from: CNSSI 4009, NIST SP 800-27data leakage
Synonym(s): data breachdata loss
Definition: The result of unintentionally or accidentally deleting data, forgetting where it is stored, or exposure to an unauthorized party.
Related Term(s): data leakage, data theftdata loss prevention
Definition: A set of procedures and mechanisms to stop sensitive data from leaving a security boundary.
Related Term(s): data loss, data theft, data leak
Adapted from: Liu, S., & Kuhn, R. (2010, March/April). Data loss prevention. IEEE IT Professional, 11(2), pp. 10-13.data mining
Definition: The process or techniques used to analyze large sets of existing information to discover previously unrevealed patterns or correlations.
Related Term(s): data aggregation
Adapted from: DHS personneldata spill
Synonym(s): data breachdata theft
Definition: The deliberate or intentional act of stealing of information.
Related Term(s): data aggregation, data leakage, data lossdecipher
Definition: To convert enciphered text to plain text by means of a cryptographic system.
Synonym(s): decode, decrypt
From: CNSSI 4009decode Definition: To convert encoded text to plain text by means of a code.
Synonym(s): decipher, decrypt
From: CNSSI 4009decrypt
Definition: A generic term encompassing decode and decipher.
Synonym(s): decipher, decode
From: CNSSI 4009decryption
Definition: The process of transforming ciphertext into its original plaintext.
Extended Definition: The process of converting encrypted data back into its original form, so it can be understood.
Synonym(s): decode, decrypt, decipher
Adapted from: ICAM SAML 2.0 WB SSO Profile 1.0.2denial of service
Definition: An attack that prevents or impairs the authorized use of information system resources or services.Adapted from: NCSD Glossary
designed-in security
Synonym(s): Build Security Indigital forensics
Definition: The processes and specialized techniques for gathering, retaining, and analyzing system-related data (digital evidence) for investigative purposes.
Extended Definition: In the NICE Framework, cybersecurity work where a person: Collects, processes, preserves, analyzes, and presents computer-related evidence in support of network vulnerability, mitigation, and/or criminal, fraud, counterintelligence or law enforcement investigations.
Synonym(s): computer forensics, forensics
Adapted from: CNSSI 4009; From: NICE Frameworkdigital rights management
Definition: A form of access control technology to protect and manage use of digital content or devices in accordance with the content or device provider's intentions.digital signature
Definition: A value computed with a cryptographic process using a private key and then appended to a data object, thereby digitally signing the data.
Related Term(s): electronic signature
Adapted from: CNSSI 4009, IETF RFC 2828, ICAM SAML 2.0 WB SSO Profile 1.0.2, InCommon Glossary, NIST SP 800-63 Rev 1disruption
Definition: An event which causes unplanned interruption in operations or functions for an unacceptable length of time.
Adapted from: CNSSI 4009distributed denial of service
Definition: A denial of service technique that uses numerous systems to perform the attack simultaneously.
Related Term(s): denial of service, botnet
Adapted from: CNSSI 4009dynamic attack surface
Definition: The automated, on-the-fly changes of an information system's characteristics to thwart actions of an adversary.
Adapted from: DHS personnel
Letter: E
Education and Training
Definition: In the NICE Framework, cybersecurity work where a person: Conducts training of personnel within pertinent subject domain; develop, plan, coordinate, deliver, and/or evaluate training courses, methods, and techniques as appropriate.
From: NICE Frameworkelectronic signature
Definition: Any mark in electronic form associated with an electronic document, applied with the intent to sign the document.
Related Term(s): digital signature
Adapted from: CNSSI 4009encipher
Definition: To convert plaintext to ciphertext by means of a cryptographic system.
Synonym(s): encode, encrypt
From: CNSSI 4009encode
Definition: To convert plaintext to ciphertext by means of a code.
Synonym(s): encipher, encrypt
From: CNSSI 4009encrypt
Definition: The generic term encompassing encipher and encode.
Synonym(s): encipher, encode
From: CNSSI 4009encryption Definition: The process of transforming plaintext into ciphertext.
Extended Definition: Converting data into a form that cannot be easily understood by unauthorized people.
Synonym(s): encode, encrypt, encipher
Adapted from: CNSSI 4009, ICAM SAML 2.0 WB SSO Profile 1.0.2enterprise risk management
Definition: A comprehensive approach to risk management that engages people, processes, and systems across an organization to improve the quality of decision making for managing risks that may hinder an organization’s ability to achieve its objectives.
Extended Definition: Involves identifying mission dependencies on enterprise capabilities, identifying and prioritizing risks due to defined threats, implementing countermeasures to provide both a static risk posture and an effective dynamic response to active threats; and assessing enterprise performance against threats and adjusts countermeasures as necessary.
Related Term(s): risk management, integrated risk management, risk
Adapted from: DHS Risk Lexicon, CNSSI 4009event
Definition: An observable occurrence in an information system or network.
Extended Definition: Sometimes provides an indication that an incident is occurring or at least raise the suspicion that an incident may be occurring.
Related Term(s): incident
Adapted from: CNSSI 4009exfiltration
Definition: The unauthorized transfer of information from an information system.
Related Term(s): data breach
From: NIST SP 800-53 Rev 4exploit
Definition: A technique to breach the security of a network or information system in violation of security policy.
Adapted from: ISO/IEC 27039 (draft), DHS personnelExploitation Analysis
Definition: In the NICE Framework, cybersecurity work where a person: Analyzes collected information to identify vulnerabilities and potential for exploitation.
From: NICE Frameworkexposure
Definition: The condition of being unprotected, thereby allowing access to information or access to capabilities that an attacker can use to enter a system or network.
Adapted from: NCSD glossary
Letter: F
Failure
Definition: The inability of a system or component to perform its required functions within specified performance requirements.
From: NCSD Glossaryfirewall
Definition: A capability to limit network traffic between networks and/or information systems.
Extended Definition: A hardware/software device or a software program that limits network traffic according to a set of rules of what access is and is not allowed or authorized.
Adapted from: CNSSI 4009forensics
Synonym(s): digital forensics
Letter: G
Letter: H
hacker
Definition: An unauthorized user who attempts to or gains access to an information system.
From: CNSSI 4009hash value
Definition: A numeric value resulting from applying a mathematical algorithm against a set of data such as a file.
Synonym(s): cryptographic hash value
Related Term(s): hashing
Adapted from: CNSSI 4009hashing
Definition: A process of applying a mathematical algorithm against a set of data to produce a numeric value (a 'hash value') that represents the data.
Extended Definition: Mapping a bit string of arbitrary length to a fixed length bit string to produce the hash value.
Related Term(s): hash value
Adapted from: CNSSI 4009, FIPS 201-2hazard
Definition: A natural or man-made source or cause of harm or difficulty.
Related Term(s): threat
From: DHS Risk Lexicon
Letter: I
ICT supply chain threat
Definition: A man-made threat achieved through exploitation of the information and communications technology (ICT) system’s supply chain, including acquisition processes.
Related Term(s): supply chain, threat
From: DHS SCRM PMOidentity and access management
Definition: The methods and processes used to manage subjects and their authentication and authorizations to access specific objects.impact
Synonym(s): consequenceincident
Definition: An occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences.
Extended Definition: An occurrence that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.
Related Term(s): event
Adapted from: CNSSI 4009, FIPS 200, NIST SP 800-53 Rev 4, ISSGincident management
Definition: The management and coordination of activities associated with an actual or potential occurrence of an event that may result in adverse consequences to information or information systems.
Adapted from: NCSD Glossary, ISSG NCPS Target Architecture Glossaryincident response
Definition: The activities that address the short-term, direct effects of an incident and may also support short-term recovery.
Extended Definition: In the Workforce framework, cybersecurity work where a person: Responds to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats; uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of life, preservation of property, and information security. Investigates and analyzes all relevant response activities.
Synonym(s): response
Related Term(s): recovery
From: Workforce Frameworkincident response plan
Definition: A set of predetermined and documented procedures to detect and respond to a cyber incident.
Adapted from: CNSSI 4009indicator
Definition: An occurrence or sign that an incident may have occurred or may be in progress.
Related Term(s): precursor
Adapted from: CNSSI 4009, NIST SP 800-61 Rev 2 (DRAFT), ISSG V1.2 DatabaseIndustrial Control System
Definition: An information system used to control industrial processes such as manufacturing, product handling, production, and distribution or to control infrastructure assets.
Related Term(s): Supervisory Control and Data Acquisition, Operations Technology
Adapted from: NIST SP 800-53 Rev 4, NIST SP 800-82information and communication(s) technology
Definition: Any information technology, equipment, or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information.
Related Term(s): information technology
Adapted from: The Access Board's 2011 Advance Notice of Proposed Rulemaking for Section 508information assurance
Definition: The measures that protect and defend information and information systems by ensuring their availability, integrity, and confidentiality.
Related Term(s): information security
Adapted from: CNSSI 4009Information Assurance Compliance
Definition: In the NICE Framework, cybersecurity work where a person: Oversees, evaluates, and supports the documentation, validation, and accreditation processes necessary to assure that new IT systems meet the organization's information assurance and security requirements; ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.
From: NICE Frameworkinformation security policy Definition: An aggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information.
Related Term(s): security policy
From: CNSSI 4009; NIST SP 800-53 Rev 4information sharing
Definition: An exchange of data, information, and/or knowledge to manage risks or respond to incidents.
Adapted from: NCSD glossaryinformation system resilience
Definition: The ability of an information system to: (1) continue to operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (2) recover effectively in a timely manner.
Related Term(s): resilience
Adapted from: NIST SP 800-53 Rev 4Information Systems Security Operations
Definition: In the NICE Framework, cybersecurity work where a person: Oversees the information assurance program of an information system in or outside the network environment; may include procurement duties (e.g., Information Systems Security Officer).
From: NICE Frameworkinformation technology
Definition: Any equipment or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information.
Related Term(s): information and communication(s) technology
Adapted from: CNSSI 4009, NIST SP 800-53 rev. 4, based on 40 U.S.C. sec. 1401inside( r) threat
Definition: A person or group of persons within an organization who pose a potential risk through violating security policies.
Extended Definition: One or more individuals with the access and/or inside knowledge of a company, organization, or enterprise that would allow them to exploit the vulnerabilities of that entity's security, systems, services, products, or facilities with the intent to cause harm.
Related Term(s): outside( r) threat
Adapted from: CNSSI 4009; From: NIAC Final Report and Recommendations on the Insider Threat to Critical Infrastructure, 2008integrated risk management
Definition: The structured approach that enables an enterprise or organization to share risk information and risk analysis and to synchronize independent yet complementary risk management strategies to unify efforts across the enterprise.
Related Term(s): risk management, enterprise risk management
Adapted from: DHS Risk Lexiconintegrity
Definition: The property whereby information, an information system, or a component of a system has not been modified or destroyed in an unauthorized manner.
Extended Definition: A state in which information has remained unaltered from the point it was produced by a source, during transmission, storage, and eventual receipt by the destination.
Related Term(s): availability, confidentiality, data integrity, system integrity
Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4, 44 U.S.C., Sec 3542, SANS; From SAFE-BioPharma Certificate Policy 2.5intent
Definition: A state of mind or desire to achieve an objective.
Related Term(s): capability
Adapted from: DHS Risk Lexiconinteroperability
Definition: The ability of two or more systems or components to exchange information and to use the information that has been exchanged.
Adapted from: IEEE Standard Computer Dictionary, DHS personnelintrusion
Definition: An unauthorized act of bypassing the security mechanisms of a network or information system.
Synonym(s): penetration
Adapted from: CNSSI 4009intrusion detection
Definition: The process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred.
Adapted from: CNSSI 4009, ISO/IEC 27039 (draft)Investigate
Definition: a NICE Framework category consisting of specialty areas responsible for the investigation of cyber events and/or crimes of IT systems, networks, and digital evidence
From: NICE Frameworkinvestigation
Definition: A systematic and formal inquiry into a qualified threat or incident using digital forensics and perhaps other traditional criminal inquiry techniques to determine the events that transpired and to collect evidence.
Extended Definition: In the NICE Framework, cybersecurity work where a person: Applies tactics, techniques, and procedures for a full range of investigative tools and processes to include but not limited to interview and interrogation techniques, surveillance, counter surveillance, and surveillance detection, and appropriately balances the benefits of prosecution versus intelligence gathering.
Adapted from: ISSG V1.2 Database; Conrad, E., Misenauer, S., & Feldman, J. (2010). CISSP® Study Guide. Burlington, MA: Syngress; From: NICE Workforce
FrameworkIT asset
Synonym(s): asset
Letter: J
Letter: K
key
Definition: The numerical value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification.
Related Term(s): private key, public key, secret key, symmetric key
From: CNSSI 4009key pair
Definition: A public key and its corresponding private key.
Extended Definition: Two mathematically related keys having the property that one key can be used to encrypt a message that can only be decrypted using the other key.
Related Term(s): private key, public key
Adapted from: CNSSI 4009, Federal Bridge Certificate Authority Certification Policy 2.25key resource
Definition: A publicly or privately controlled asset necessary to sustain continuity of government and/or economic operations, or an asset that is of great historical significance.
Related Term(s): critical infrastructure
From: NCSD glossarykeylogger
Definition: Software or hardware that tracks keystrokes and keyboard events, usually surreptitiously / secretly, to monitor actions by the user of an information system.
Related Term(s): spywareKnowledge Management Definition: In the NICE Framework, cybersecurity work where a person: Manages and administers processes and tools that enable the organization to identify, document, and access intellectual capital and information content.
From: NICE Framework
Letter: L
Legal Advice and Advocacy Definition: In the NICE Framework, cybersecurity work where a person: Provides legally sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain; advocates legal and policy changes and makes a case on behalf of client via a wide range of written and oral work products, including legal briefs and proceedings.
From: NICE Framework
Letter: M
machine learning and evolution
Definition: A field concerned with designing and developing artificial intelligence algorithms for automated knowledge discovery and innovation by information systems.
Adapted from: DHS personnelmacro virus
Definition: A type of malicious code that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute, replicate, and spread or propagate itself.
Related Term(s): virus
Adapted from: CNSSI 4009malicious applet
Definition: A small application program that is automatically downloaded and executed and that performs an unauthorized function on an information system.
Related Term(s): malicious code
From: CNSSI 4009malicious code
Definition: Program code intended to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system.
Extended Definition: Includes software, firmware, and scripts.
Related Term(s): malicious logic
Adapted from: CNSSI 4009. NIST SP 800-53 Rev 4malicious logic
Definition: Hardware, firmware, or software that is intentionally included or inserted in a system to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system.
Related Term(s): malicious code
Adapted from: CNSSI 4009malware
Definition: Software that compromises the operation of a system by performing an unauthorized function or process.
Synonym(s): malicious code, malicious applet, malicious logic
Adapted from: CNSSI 4009, NIST SP 800-83mitigation
Definition: The application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences.
Extended Definition: Implementing appropriate risk-reduction controls based on risk management priorities and analysis of alternatives.
Adapted from: DHS Risk Lexicon, CNSSI 4009, NIST SP 800-53 Rev 4moving target defense Definition: The presentation of a dynamic attack surface, increasing an adversary's work factor necessary to probe, attack, or maintain presence in a cyber target.
From: DHS personnel
Letter: N
network resilience
Definition: The ability of a network to: (1) provide continuous operation (i.e., highly resistant to disruption and able to operate in a degraded mode if damaged); (2) recover effectively if failure does occur; and (3) scale to meet rapid or unpredictable demands.
Adapted from: CNSSI 4009Network Services
Definition: In the NICE Framework, cybersecurity work where a person: Installs, configures, tests, operates, maintains, and manages networks and their firewalls, including hardware (e.g., hubs, bridges, switches, multiplexers, routers, cables, proxy servers, and protective distributor systems) and software that permit the sharing and transmission of all spectrum transmissions of information to support the security of information and information systems.
From: NICE Frameworknon-repudiation Definition: A property achieved through cryptographic methods to protect against an individual or entity falsely denying having performed a particular action related to data.
Extended Definition: Provides the capability to determine whether a given individual took a particular action such as creating information, sending a message, approving information, and receiving a message.
Related Term(s): integrity, authenticity
Adapted from: CNSSI 4009; From: NIST SP 800-53 Rev 4
Letter: O
object
Definition: A passive information system-related entity containing or receiving information.
Related Term(s): subject, access, access control
Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4Operate & Maintain
Definition: A NICE Framework category consisting of specialty areas responsible for providing the support, administration, and maintenance necessary to ensure effective and efficient IT system performance and security.
From: NICE Frameworkoperational exercise
Definition: An action-based exercise where personnel rehearse reactions to an incident scenario, drawing on their understanding of plans and procedures, roles, and responsibilities.
Extended Definition: Also referred to as operations-based exercise.
Adapted from: DHS Homeland Security Exercise and Evaluation ProgramOperations Technology
Definition: The hardware and software systems used to operate industrial control devices.
Related Term(s): Industrial Control System
Adapted from: DHS personneloutside( r) threat
Definition: A person or group of persons external to an organization who are not authorized to access its assets and pose a potential risk to the organization and its assets.
Related Term(s): inside( r) threat
Adapted from: CNSSI 4009Oversight & Development Definition: A NICE Framework category consisting of specialty areas providing leadership, management, direction, and/or development and advocacy so that all individuals and the organization may effectively conduct cybersecurity work.
From: NICE Framework
Letter: P
passive attack
Definition: An actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations.
Related Term(s): active attack
Adapted from: IETF RFC 4949, NIST SP 800-63 Rev 1password
Definition: A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization.
From: FIPS 140-2pen test
Definition: A colloquial term for penetration test or penetration testing.
Synonym(s): penetration testingpenetration
Synonym(s): intrusionpenetration testing Definition: An evaluation methodology whereby assessors search for vulnerabilities and attempt to circumvent the security features of a network and/or information system.
Adapted from: NCSD Glossary, CNSSI 4009, NIST SP 800-53 Rev 4Personal Identifying Information / Personally Identifiable Information
Definition: The information that permits the identity of an individual to be directly or indirectly inferred.
Adapted from: NCSD Glossary, CNSSI 4009, GAO Report 08-356, as cited in NIST SP 800-63 Rev 1phishing
Definition: A digital form of social engineering to deceive individuals into providing sensitive information.
Adapted from: NCSD Glossary, CNSSI 4009, NIST SP 800-63 Rev 1plaintext
Definition: Unencrypted information.
Related Term(s): ciphertext
From: CNSSI 4009precursor Definition: An observable occurrence or sign that an attacker may be preparing to cause an incident.
Related Term(s): indicator
Adapted from: CNSSI 4009, NIST SP 800-61 Rev 2 (DRAFT)Preparedness
Definition: The activities to build, sustain, and improve readiness capabilities to prevent, protect against, respond to, and recover from natural or manmade incidents.
Adapted from: NIPPprivacy
Definition: The assurance that the confidentiality of, and access to, certain information about an entity is protected.
Extended Definition: The ability of individuals to understand and exercise control over how information about themselves may be used by others.
From: NIST SP 800-130; Adapted from: DHS personnelprivate key
Definition: A cryptographic key that must be kept confidential and is used to enable the operation of an asymmetric (public key) cryptographic algorithm.
Extended Definition: The secret part of an asymmetric key pair that is uniquely associated with an entity.
Related Term(s): public key, asymmetric cryptography
Adapted from: CNSSI 4009, NIST SP 800-63 Rev 1, FIPS 201-2, FIPS 140-2, Federal Bridge Certificate Authority Certification Policy 2.25Protect & Defend
Definition: A NICE Framework category consisting of specialty areas responsible for the identification, analysis, and mitigation of threats to internal IT systems or networks.
From: NICE Frameworkpublic key
Definition: A cryptographic key that may be widely published and is used to enable the operation of an asymmetric (public key) cryptographic algorithm.
Extended Definition: The public part of an asymmetric key pair that is uniquely associated with an entity and that may be made public.
Related Term(s): private key, asymmetric cryptography
Adapted from: CNSSI 4009, NIST SP 800-63 Rev 1, FIPS 201-2, FIPS 140-2, Federal Bridge Certificate Authority Certification Policy 2.25public key cryptography
Definition: A branch of cryptography in which a cryptographic system or algorithms use two uniquely linked keys: a public key and a private key (a key pair).
Synonym(s): asymmetric cryptography, public key encryption
Adapted from: CNSSI 4009, FIPS 140-2, InCommon Glossarypublic key encryption
Synonym(s): public key cryptographyPublic Key Infrastructure
Definition: A framework consisting of standards and services to enable secure, encrypted communication and authentication over potentially insecure networks such as the Internet.
Extended Definition: A framework and services for generating, producing, distributing, controlling, accounting for, and revoking (destroying) public key certificates.
Adapted from: CNSSI 4009, IETF RFC 2828, Federal Bridge Certificate Authority Cross-certification Methodology 3.0, InCommon Glossary, Kantara Identity Assurance Framework 1100, NIST SP 800-63 Rev 1
Letter: Q
Letter: R
Recovery
Definition: The activities after an incident or event to restore essential services and operations in the short and medium term and fully restore all capabilities in the longer term.
Adapted from: NIPPRed Team
Definition: A group authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s cybersecurity posture.
Related Term(s): Blue Team, White Team
Adapted from: CNSSI 4009Red Team exercise
Definition: An exercise, reflecting real-world conditions, that is conducted as a simulated attempt by an adversary to attack or exploit vulnerabilities in an enterprise's information systems.
Related Term(s): cyber exercise
Adapted from: NIST SP 800-53 Rev 4redundancy
Definition: Additional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process.
From: DHS Risk Lexiconresilience
Definition: The ability to adapt to changing conditions and prepare for, withstand, and rapidly recover from disruption.
From: DHS Risk Lexiconresponse
Definition: The activities that address the short-term, direct effects of an incident and may also support short-term recovery.
Extended Definition: In cybersecurity, response encompasses both automated and manual activities.
Related Term(s): recovery
Adapted from: National Infrastructure Protection Plan, NCPS Target Architecture Glossaryresponse plan
Synonym(s): incident response planrisk Definition: The potential for an unwanted or adverse outcome resulting from an incident, event, or occurrence, as determined by the likelihood that a particular threat will exploit a particular vulnerability, with the associated consequences.
Adapted from: DHS Risk Lexicon, NIPP and adapted from: CNSSI 4009, FIPS 200, NIST SP 800-53 Rev 4, SAFE-BioPharma Certificate Policy 2.5risk analysis
Definition: The systematic examination of the components and characteristics of risk.
Related Term(s): risk assessment, risk
From: DHS Risk Lexiconrisk assessment
Definition: The product or process which collects information and assigns values to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making.
Extended Definition: The appraisal of the risks facing an entity, asset, system, or network, organizational operations, individuals, geographic area, other organizations, or society, and includes determining the extent to which adverse circumstances or events could result in harmful consequences.
Related Term(s): risk analysis, risk
Adapted from: DHS Risk Lexicon, CNSSI 4009, NIST SP 800-53 Rev 4risk management
Definition: The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.
Extended Definition: Includes: 1) conducting a risk assessment; 2) implementing strategies to mitigate risks; 3) continuous monitoring of risk over time; and 4) documenting the overall risk management program.
Related Term(s): enterprise risk management, integrated risk management, risk
From: DHS Risk Lexicon and Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4risk mitigation
Synonym(s): mitigationrisk-based data management
Definition: A structured approach to managing risks to data and information by which an organization selects and applies appropriate security controls in compliance with policy and commensurate with the sensitivity and value of the data.
Adapted from: DHS personnelrootkit
Definition: A set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges, and conceal the activities conducted by the tools.
Adapted from: CNSSI 4009
Letter: S
secret key
Definition: A cryptographic key that is used for both encryption and decryption, enabling the operation of a symmetric key cryptography scheme.
Extended Definition: Also, a cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption of plaintext and decryption of ciphertext.
Related Term(s): symmetric key
Adapted from: CNSSI 4009Securely Provision Definition: A NICE Framework category consisting of specialty areas concerned with conceptualizing, designing, and building secure IT systems, with responsibility for some aspect of the systems' development.
From: NICE Frameworksecurity automation
Definition: The use of information technology in place of manual processes for cyber incident response and management.
Adapted from: DHS personnelsecurity incident
Synonym(s): incidentsecurity policy
Definition: A rule or set of rules that govern the acceptable use of an organization's information and services to a level of acceptable risk and the means for protecting the organization's information assets.
Extended Definition: A rule or set of rules applied to an information system to provide security services.
Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4, NIST SP 800-130, OASIS SAML Glossary 2.0Security Program Management
Definition: In the NICE Framework, cybersecurity work where a person: Manages information security (e.g., information security) implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and other resources (e.g., the role of a Chief Information Security Officer).
From: NICE Frameworksignature
Definition: A recognizable, distinguishing pattern.
Extended Definition: Types of signatures: attack signature, digital signature, electronic signature.
From: CNSSI 4009; Adapted from: NIST SP 800-94situational awareness
Definition: Comprehending information about the current and developing security posture and risks, based on information gathered, observation and analysis, and knowledge or experience.
Extended Definition: In cybersecurity, comprehending the current status and security posture with respect to availability, confidentiality, and integrity of networks, systems, users, and data, as well as projecting future states of these.
Adapted from: CNSSI 4009, DHS personnel, National Response Frameworksoftware assurance
Definition: The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner.
From: CNSSI 4009Software Assurance and Security Engineering
Definition: In the NICE Framework, cybersecurity work where a person: Develops and writes/codes new (or modifies existing) computer applications, software, or specialized utility programs following software assurance best practices.
From: NICE Frameworkspam
Definition: The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.
Adapted from: CNSSI 4009spillage
Synonym(s): data spill, data breachSpoofing
Definition: Faking the sending address of a transmission to gain illegal [unauthorized] entry into a secure system.
Extended Definition: The deliberate inducement of a user or resource to take incorrect action. Note: Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing.
From: CNSSI 4009spyware
Definition: Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.
Related Term(s): keylogger
Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4Strategic Planning and Policy Development
Definition: In the NICE Framework, cybersecurity work where a person: Applies knowledge of priorities to define an entity.
From: NICE Frameworksubject
Definition: An individual, process, or device causing information to flow among objects or a change to the system state.
Extended Definition: An active entity.
Related Term(s): object, access, access control
Adapted from: NIST SP 800-53 Rev 4., CNSSI 4009Supervisory Control and Data Acquisition
Definition: A generic name for a computerized system that is capable of gathering and processing data and applying operational controls to geographically dispersed assets over long distances.
Related Term(s): Industrial Control System
Adapted from: NCSD Glossary, CNSSI 4009supply chain
Definition: A system of organizations, people, activities, information and resources, for creating and moving products including product components and/or services from suppliers through to their customers.
Related Term(s): supply chain risk management
Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4Supply Chain Risk Management
Definition: The process of identifying, analyzing, and assessing supply chain risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.
Related Term(s): supply chain
Adapted from: DHS Risk Lexicon, CNSSD 505symmetric cryptography
Definition: A branch of cryptography in which a cryptographic system or algorithms use the same secret key (a shared secret key).
Adapted from: CNSSI 4009, SANSsymmetric encryption algorithm
Synonym(s): symmetric cryptographysymmetric key
Definition: A cryptographic key that is used to perform both the cryptographic operation and its inverse, for example to encrypt plaintext and decrypt ciphertext, or create a message authentication code and to verify the code.
Extended Definition: Also, a cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption of plaintext and decryption of ciphertext.
Related Term(s): secret key
From: CNSSI 4009System Administration
Definition: In the NICE Framework, cybersecurity work where a person: Installs, configures, troubleshoots, and maintains server configurations (hardware and software) to ensure their confidentiality, integrity, and availability; also manages accounts, firewalls, and patches; responsible for access control, passwords, and account creation and administration.
From: NICE Frameworksystem integrity
Definition: The attribute of an information system when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.
Related Term(s): integrity, data integrity
From: CNSSI 4009Systems Development
Definition: In the NICE Framework, cybersecurity work where a person: Works on the development phases of the systems development lifecycle.
From: NICE FrameworkSystems Requirements Planning
Definition: In the NICE Framework, cybersecurity work where a person: Consults with customers to gather and evaluate functional requirements and translates these requirements into technical solutions; provides guidance to customers about applicability of information systems to meet business needs.
From: NICE FrameworkSystems Security Analysis Definition: In the NICE Framework, cybersecurity work where a person: Conducts the integration/testing, operations, and maintenance of systems security.
From: NICE FrameworkSystems Security Architecture
Definition: In the NICE Framework, cybersecurity work where a person: Develops system concepts and works on the capabilities phases of the systems development lifecycle; translates technology and environmental conditions (e.g., law and regulation) into system and security designs and processes.
From: NICE Framework
Letter: T
tabletop exercise
Definition: A discussion-based exercise where personnel meet in a classroom setting or breakout groups and are presented with a scenario to validate the content of plans, procedures, policies, cooperative agreements or other information for managing an incident.
Adapted from: NCSD Glossary, DHS Homeland Security Exercise and Evaluation Programtailored trustworthy space
Definition: A cyberspace environment that provides a user with confidence in its security, using automated mechanisms to ascertain security conditions and adjust the level of security based on the user's context and in the face of an evolving range of threats.
Adapted from: National Science and Technology Council's Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development ProgramTargets
Definition: In the NICE Framework, cybersecurity work where a person: Applies current knowledge of one or more regions, countries, non-state entities, and/or technologies.
From: NICE FrameworkTechnology Research and Development
Definition: In the NICE Framework, cybersecurity work where a person: Conducts technology assessment and integration processes; provides and supports a prototype capability and/or evaluates its utility.
From: NICE FrameworkTest and Evaluation
Definition: In the NICE Framework, cybersecurity work where a person: Develops and conducts tests of systems to evaluate compliance with specifications and requirements by applying principles and methods for cost-effective planning, evaluating, verifying, and validating of technical, functional, and performance characteristics (including interoperability) of systems or elements of systems incorporating information technology.
From: NICE Frameworkthreat
Definition: A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society.
Extended Definition: Includes an individual or group of individuals, entity such as an organization or a nation), action, or occurrence.
Adapted from: DHS Risk Lexicon, NIPP, CNSSI 4009, NIST SP 800-53 Rev 4threat actor
Synonym(s): threat agentthreat agent
Definition: An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.
Related Term(s): adversary, attacker
Adapted from: DHS Risk Lexiconthreat analysis
Definition: The detailed evaluation of the characteristics of individual threats.
Extended Definition: In the NICE Framework, cybersecurity work where a person: Identifies and assesses the capabilities and activities of cyber criminals or foreign intelligence entities; produces findings to help initialize or support law enforcement and counterintelligence investigations or activities.
Adapted from: DHS personnel; From NICE Frameworkthreat assessment
Definition: The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations, and/or property.
Related Term(s): threat analysis
From: DHS Risk Lexicon and adapted from: CNSSI 4009, NIST SP 800-53, Rev 4ticket
Definition: In access control, data that authenticates the identity of a client or a service and, together with a temporary encryption key (a session key), forms a credential.
Adapted from: IETF RFC 4120 Kerberos V5, July 2005; Conrad, E., Misenauer, S., & Feldman, J. (2010). CISSP® Study Guide. Burlington, MA: Syngresstraffic light protocol
Definition: A set of designations employing four colors (RED, AMBER, GREEN, and WHITE) used to ensure that sensitive information is shared with the correct audience.
Adapted from: US-CERTTrojan horse
Definition: A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.
From: CNSSI 4009
Letter: U
unauthorized access
Definition: Any access that violates the stated security policy.
From: CNSSI 4009
Letter: V
virus
Definition: A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer.
Related Term(s): macro virus
Adapted from: CNSSI 4009vulnerability
Definition: A characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard.
Extended Definition: Characteristic of location or security posture or of design, security procedures, internal controls, or the implementation of any of these that permit a threat or hazard to occur. Vulnerability (expressing degree of vulnerability): qualitative or quantitative expression of the level of susceptibility to harm when a threat or hazard is realized.
Related Term(s): weakness
Adapted from: DHS Risk Lexicon, CNSSI 4009, NIST SP 800-53 Rev 4Vulnerability Assessment and Management
Definition: In the NICE Framework, cybersecurity work where a person: Conducts assessments of threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.
From: NICE Framework
Letter: W
weakness
Definition: A shortcoming or imperfection in software code, design, architecture, or deployment that, under proper conditions, could become a vulnerability or contribute to the introduction of vulnerabilities.
Related Term(s): vulnerability
Adapted from: ITU-T X.1520 CWE, FY 2013 CIO FISMA Reporting MetricsWhite Team Definition: A group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of information systems.
Related Term(s): Blue Team, Red Team
Adapted from: CNSSI 4009whitelist
Definition: A list of entities that are considered trustworthy and are granted access or privileges.
Related Term(s): blacklist
Adapted from: DHS personnelwork factor Definition: An estimate of the effort or time needed by a potential adversary, with specified expertise and resources, to overcome a protective measure.
Adapted from: CNSSI 4009worm
Definition: A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.
From: CNSSI 4009
Letter: X
Letter: Y
Letter: Z
Last Published Date: March 4, 2021
Acronyms
Acronym = Meaning
AMCIS
Americas Conference on Information Systems
AP
Advanced Placement
ATE
Advanced Technological Education
CAE
Centers of Academic Excellence
CBP
U.S. Customs and Border Protection
CCP
Cyber Competitions Project
CEO
Cybersecurity Education Office
CIA
Central Intelligence Agency
CIO
Chief Information Officer
CIS
U.S. Citizenship and Immigration Services
CISSE
Colloquium for Information Systems Security Education
CMM
Capability Maturity Model
CNAP
Cybersecurity National Action Plan
CNCI
Comprehensive National Cybersecurity Initiative
CNO
Computer Network Operations
CompTIA
Computing Technology Industry Association
COP
Community of Practice
CS
Computer Science
CSEC
Cyber Security Education Consortium
CSSIA
Center for Systems Security and Information Assurance
CVE
Common Vulnerability and Exposure
CWI
Cyber Workforce Initiative
DEF CON
Defense Readiness Condition
DHS
Department of Homeland Security
DoD
Department of Defense
DoED
Department of Education
EBK
Security Essential Body of Knowledge
EHRI
Enterprise Human Resources Integration
FAQ
Frequently Asked Questions
FedVTE
Federal Virtual Training Environment
FedVTE Live!
Federal Virtual Training Environment Live!
FEMA
Federal Emergency Management Agency
FISMA
Federal Information Security Management Act
FISSEA
Federal Information Systems Security Educators' Association
FLETC
Federal Law Enforcement Training Center
FOIA
Freedom of Information Act
GAO
Government Accountability Office
GFIRST
Government Forum of Incident Response and Security Teams
HC
Human Capital
HCAAF
Human Capital Assessment and Accountability Framework
HICSS
Hawaii International Conference on System Sciences
HQ
Headquarters
HR
Human Resources
HTML
HyperText Markup Language
IA
Information Assurance
IC
Intelligence Community
ICC
Interagency Coordinating Council
ICE
U.S. Immigration and Customs Enforcement
ICEC
Integrated Cybersecurity Education Communities
I-Corps
Innovation Corps
ICT
Information and Communication Technology
IDP
Individual Development Plan
IEEE
Institute of Electrical and Electronics Engineers
(ISC)²
International Information Systems Security Certification Consortium
IT
Information Technology
ITWAC
IT Workforce Assessment for Cybersecurity
KSA
Knowledge, Skills, and Abilities
MDC3
MD Cyber Challenge and Conference
MS-ISAC
Multi-State Information Sharing and Analysis Center
NAS
National Academy of Sciences
NCEC
National Cybersecurity Education Council
NCS
National Cryptologic School
NCSA
National Cyber Security Alliance
NCSAM
National Cyber Security Awareness Month
NCSD
National Cyber Security Division
NICE
National Initiative for Cybersecurity Education
NICCS
National Initiative for Cybersecurity Careers and Studies
NIST
National Institute of Standards and Technology
No FEAR
Notification and Federal Employee Antidiscrimination and Retaliation
NPPD
National Protection and Programs Directorate
NRD
National Resource Directory
NSA
National Security Agency
NSF
National Science Foundation
NVD
National Vulnerability Database
ODNI
Office of the Director of National Intelligence
OPM
Office of Personnel Management
PCAST
President’s Council of Advisors on Science and Technology
PII
Personally Identifiable Information
SA
Specialty Area
SAC
Senate Appropriations Committee
SANS
System Administration, Networking, and Security Institute
SFS
Scholarship for Service
SIGSE
Special Interest Group on Software Engineering
SME
Subject Matter Expert
SO/DEV
Supervisory Office / NICCS Development Team
SRD
System Reference Document
STEM
Science, technology, engineering, and mathematics
TMI
Talent Management Institute
TRB
Technical Review Board
TSA
Transportation and Security Administration
URL
Uniform Resource Locator
US CERT
United States Computer Emergency Readiness Team
USCG
U.S. Coast Guard
USDA
Department of Agriculture
USSS
U.S. Secret Service
Last Published Date: April 24, 2017
CVE’s
Newest CVE’s
IDDescriptionSeverityCVE-2021-32032
In Trusted Firmware-M through 1.3.0, cleaning up the memory allocated for a multi-part cryptographic operation (in the event of a failure) can prevent the abort() operation in the associated cryptographic library from freeing internal resources, causing a memory leak.
CVE-2021-28798A relative path traversal vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to modify files that impact system integrity. QNAP have already fixed this vulnerability in the following versions: QTS 4.5.2.1630 Build 20210406 and later QTS 4.3.6.1663 Build 20210504 and later QTS 4.3.3.1624 Build 20210416 and later QuTS hero h4.5.2.1638 Build 20210414 and later QNAP NAS running QTS 4.5.3 are not affected.
CVE-2020-27209The ECDSA operation of the micro-ecc library 1.0 is vulnerable to simple power analysis attacks which allows an adversary to extract the private ECC key.
CVE-2021-33477rxvt-unicode 9.22, rxvt 2.7.10, mrxvt 0.5.4, and Eterm 0.9.7 allow (potentially remote) code execution because of improper handling of certain escape sequences (ESC G Q). A response is terminated by a newline.
CVE-2021-22409There is a denial of service vulnerability in some versions of ManageOne. There is a logic error in the implementation of a function of a module. When the service pressure is heavy, there is a low probability that an exception may occur. Successful exploit may cause some services abnormal.
CVE-2021-22339There is a denial of service vulnerability in some versions of ManageOne. In specific scenarios, due to the insufficient verification of the parameter, an attacker may craft some specific parameter. Successful exploit may cause some services abnormal.
CVE-2020-18220Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted for users to be susceptible to dictionary attacks.
CVE-2021-28906In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.
CVE-2021-28905In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617).
CVE-2021-28904In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead to a crash.
CVE-2021-28903A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash.
CVE-2021-28902In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash.
CVE-2021-27956Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page via the e-mail address field.
CVE-2021-29258An issue was discovered in Envoy 1.14.0. There is a remotely exploitable crash for HTTP2 Metadata, because an empty METADATA map triggers a Reachable Assertion.
CVE-2021-28683An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.
CVE-2021-28682An issue was discovered in Envoy through 1.71.1. There is a remotely exploitable integer overflow in which a very large grpc-timeout value leads to unexpected timeout calculations.
CVE-2021-23386This affects the package dns-packet before 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names.
CVE-2020-21345Cross Site Scripting (XSS) vulnerability in Halo 1.1.3 via post publish components in the manage panel, which lets a remote malicious user execute arbitrary code.
CVE-2021-32632Pajbot is a Twitch chat bot. Pajbot versions prior to 1.52 are vulnerable to cross-site request forgery (CSRF). Hosters of the bot should upgrade to `v1.52` or `stable` to install the patch or, as a workaround, can add one modern dependency.
CVE-2021-27432OPC Foundation UA .NET Standard versions prior to 1.4.365.48 and OPC UA .NET Legacy are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.
CVE-2020-35580A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin's API key and the base64 encoded SHA1 password hashes of other SearchBlox users.
CVE-2020-21057Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a remote malicious user to delete folders on the system via the folder variable to app/edit/folderdelete.php.
CVE-2020-21056Directory Traversal vulnerability exists in FusionPBX 4.5.7, which allows a remote malicious user to create folders via the folder variale to app\edit\foldernew.php.
CVE-2020-21055A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows malicoius users to rename any file of the system.via the (1) folder, (2) filename, and (3) newfilename variables in app\edit\filerename.php.
CVE-2020-21054Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "f" variable in app\vars\vars_textarea.php.
CVE-2021-29692IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 200253.
CVE-2021-29691IBM Security Identity Manager 7.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 200252.
CVE-2021-29688IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 200102.
CVE-2021-29687IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. IBM X-Force ID: 200018
CVE-2021-29686IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and perform actions that they should not have access to. IBM X-Force ID: 200015
CVE-2021-29683IBM Security Identity Manager 7.0.2 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 199998.
CVE-2021-29682IBM Security Identity Manager 7.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 199997
CVE-2021-25933In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `groupName` and `groupComment` parameters. Due to this flaw, an authenticated attacker could inject arbitrary script and trick other admin users into downloading malicious files which can cause severe damage to the organization using opennms.
CVE-2021-25931In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection at `/opennms/admin/userGroupView/users/updateUser`. This flaw allows assigning `ROLE_ADMIN` security role to a normal user. Using this flaw, an attacker can trick the admin user to assign administrator privileges to a normal user by enticing him to click upon an attacker-controlled website.
CVE-2021-25929In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting since there is no validation on the input being sent to the `name` parameter in `noticeWizard` endpoint. Due to this flaw an authenticated attacker could inject arbitrary script and trick other admin users into downloading malicious files.
CVE-2020-4850IBM Spectrum Scale 1.1.1.0 through 1.1.8.4 Transparent Cloud Tiering could allow a remote attacker to obtain sensitive information, caused by the leftover files after configuration. IBM X-Force ID: 190298.
CVE-2020-21053Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 allows remote malicious users to inject arbitrary web script or HTML via an unsanitized "query_string" variable in app\devices\device_imports.php.
CVE-2021-3438A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege.
CVE-2021-28112Draeger X-Dock Firmware before 03.00.13 has Active Debug Code on a debug port, leading to remote code execution by an authenticated attacker.
CVE-2021-28111Draeger X-Dock Firmware before 03.00.13 has Hard-Coded Credentials, leading to remote code execution by an authenticated attacker.
CVE-2021-27434Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow.
CVE-2021-25930In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection, and since there is no validation of an existing user name while renaming a user. As a result, privileges of the renamed user are being overwritten by the old user and the old user is being deleted from the user list.
CVE-2020-24396homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive SSH keys within downloadable and unencrypted firmware images. This allows remote attackers to use the support server as a SOCKS proxy.
CVE-2020-24395The USB firmware update script of homee Brain Cube v2 (2.28.2 and 2.28.4) devices allows an attacker with physical access to install compromised firmware. This occurs because of insufficient validation of the firmware image file and can lead to code execution on the device.
CVE-2021-3536A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.
CVE-2021-3480A flaw was found in slapi-nis in versions before 0.56.7. A NULL pointer dereference during the parsing of the Binding DN could allow an unauthenticated attacker to crash the 389-ds-base directory server. The highest threat from this vulnerability is to system availability.
CVE-2021-3426There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7.
CVE-2021-29659ownCloud 10.7 has an incorrect access control vulnerability, leading to remote information disclosure. Due to a bug in the related API endpoint, the attacker can enumerate all users in a single request by entering three whitespaces. Secondary, the retrieval of all users on a large instance could cause higher than average load on the instance.
CVE-2021-27467A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected product’s web interface allows an attacker to route click or keystroke to another page provided by the attacker to gain unauthorized access to sensitive information.
CVE-2021-27463A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications utilize persistent cookies where the session cookie attribute is not properly invalidated, allowing an attacker to intercept the cookies and gain access to sensitive information.