Cloud Computing
Cloud Computing is a model for enabling on-demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be …
Cloud Computing is a model for enabling on-demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be …
Computer Network Defense is the actions taken to defend against unauthorized activity within computer networks. Some examples of network defenses are firewalls, demilitarized zones (DMZs), Virtual Private Networks (VPNs), and …
Built–In Security is a set of principles, practices, and tools to design, develop, and evolve information systems and software that enhance resistance to vulnerabilities, flaws, and attacks. A simple example …
Related Terms: Access Control, Access Control Mechanism, Authentication Source: OASIS SAML Glossary 2.0; Adapted from CNSSI 4009 What Does This Mean for my SMB? It’s vital to ensure that your …
Authentication is the process of verifying the identity or other attributes of an entity (user, process, or device). Entering in log in credentials to gain access to a website is …
An access control mechanism is a security safeguard (i.e., hardware and software features, physical controls, operating procedures, management procedures, and various combinations of these) designed to detect and deny unauthorized …
A Block List or Deny List, (deprecated: Blacklist), is a list of entities that are blocked or denied privileges or access. Hosts or applications that have been previously determined to …
Active content is software that is able to automatically carry out or trigger actions without the explicit intervention of a user. When you are visiting a webpage on the Internet, …
Decryption is the process of transforming ciphertext into its original plaintext. This is done through a decryption process. Decryption transforms ciphertext into plaintext for an authorized user, in possession of …
Digital Forensics is the processes and specialized techniques for gathering, retaining, and analyzing system-related data (digital evidence) for investigative purposes. In the NICE Workforce Framework, cybersecurity work where a person: …
Cyber Criminals are individuals or teams of people who use technology to commit malicious activities on digital devices or networks with the intention of stealing sensitive company information, personal data, …
In the NICE Workforce Framework, Education and Training in cybersecurity work is where a person conducts training of personnel within pertinent subject domains. Additionally, this individual develops, plans, coordinates, delivers, …
Bot(s) A Bot is a computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under remote the command and control of …
Denial of Service (DoS) is an attack that prevents or impairs the authorized use of information system resources or services. A DoS is simply when hackers try to prevent legitimate …
Distributed Denial of Service (DDoS) attacks are a type of Denial of Service (DoS) attacks. A DDoS attack involves multiple connected online devices, collectively known as a botnet, which are used …
A Data Breach is the unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information. What …
Exfiltration is the unauthorized transfer of information from an information system. The types of data commonly exfiltrated are Social Security Numbers, credit card information, passwords and email addresses. What Does …
Data Loss Prevention is a set of procedures and mechanisms to stop sensitive data from leaving a security boundary. This helps you hold onto your important data and information so …
Exploitation Analysis is cybersecurity work where a person: analyzes collected information to identify vulnerabilities and potential for exploitation. This is done to attempt to “fill in the gaps” in the …
A Hash Value is a numeric value resulting from a mathematical algorithm applied to a set of data such as a file. A common hash value is called the MD5 …
An Supply Chain Threat is a man-made threat achieved through exploitation of the information and communications technology (ICT) system’s supply chain, including acquisition processes. What Does This Mean For An …
Identity and Access Management (IAM) are the methods and processes used to manage subjects and their authentication and authorizations to access specific objects. What Does This Mean For An SMB? …
Cybersecurity is the activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use …
Incident Management is the management and coordination of activities associated with an actual or potential occurrence of an event that may result in adverse consequences to information or information systems. …
An Incident Response Plan is a set of predetermined and documented procedures to detect and respond to a cyber incident. This is the actual procedure carried out if there is …
Information Assurance are the measures that protect and defend information and information systems by ensuring their availability, integrity, and confidentiality. What Should My SMB Do? If you own a business, …
Information Assurance Compliance in cybersecurity work is where a person: Oversees, evaluates, and supports the documentation, validation, and accreditation processes necessary to assure that new IT systems meet the organization’s …
Information Sharing is an exchange of data, information, and/or knowledge to manage risks or respond to incidents. This is commonly done when there has been a breach in technology that …
Information System Resilience is the ability of an information system to: (1) continue to operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining …
Information Systems Security Operations in cybersecurity work is where a person: Oversees the information assurance program of an information system in or outside the network environment; may include procurement duties (e.g., …
Interoperability is the ability of two or more systems or components to exchange information and to use the information that has been exchanged. What Does This Mean For An SMB? …
Network-based Intrusion Prevention Services (aka NIPS) is a preemptive approach to network security used to identify potential threats and respond to them swiftly. Like network intrusion detection systems (NIDS), Network-based Intrusion Prevention System (NIPS) monitors …