Cloud Computing
Cloud Computing is a model for enabling on-demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be …
Cloud Computing is a model for enabling on-demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be …
Computer Network Defense is the actions taken to defend against unauthorized activity within computer networks. Some examples of network defenses are firewalls, demilitarized zones (DMZs), Virtual Private Networks (VPNs), and …
Built–In Security is a set of principles, practices, and tools to design, develop, and evolve information systems and software that enhance resistance to vulnerabilities, flaws, and attacks. A simple example …
Authorization is a process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource. In simpler …
Authentication is the process of verifying the identity or other attributes of an entity (user, process, or device). Entering in log in credentials to gain access to a website is …
An access control mechanism is a security safeguard (i.e., hardware and software features, physical controls, operating procedures, management procedures, and various combinations of these) designed to detect and deny unauthorized …
A Block List or Deny List is a list of entities that are blocked or denied privileges or access. Hosts or applications that have been previously determined to be associated …
Active content is software that is able to automatically carry out or trigger actions without the explicit intervention of a user. When you are visiting a webpage on the Internet, …
Cybersquatting, also known as “Typosquatting“, is the act of registering, trafficking, or using a domain name in bad faith. For example, phishing attacks are used against users to gain their …
Decryption is the process of transforming ciphertext into its original plaintext. This is done through the encryption process. Software decrypts the ciphertext into plaintext the user is able to easily …
Digital Forensics is the processes and specialized techniques for gathering, retaining, and analyzing system-related data (digital evidence) for investigative purposes. In the NICE Workforce Framework, cybersecurity work where a person: …
Cyber Criminals are individuals or teams of people who use technology to commit malicious activities on digital devices or networks with the intention of stealing sensitive company information or personal …
In the NICE Workforce Framework, Education and Training in cybersecurity work is where a person conducts training of personnel within pertinent subject domains. Additionally, this individual develops, plans, coordinates, delivers, …
Bot(s) A Bot is a computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under remote the command and control of …
Denial of Service (DoS) is an attack that prevents or impairs the authorized use of information system resources or services. A DoS is simply when hackers try to prevent legitimate …
A Distributed Denial of Service (DDoS) is a denial of service technique that uses numerous systems to perform the attack simultaneously. This is typically done maliciously with a Botnet, that …
A Data Breach is the unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information. Related …
Exfiltration is the unauthorized transfer of information from an information system. The types of data commonly exfiltrated are Social Security Numbers, credit card information, passwords and email addresses. Related Term: …
Data Loss Prevention is a set of procedures and mechanisms to stop sensitive data from leaving a security boundary. This helps you hold onto your important data and information so …
Exploitation Analysis is cybersecurity work where a person: analyzes collected information to identify vulnerabilities and potential for exploitation. This is done to attempt to “fill in the gaps” in the …
A Hash Value is a numeric value resulting from applying a mathematical algorithm against a set of data such as a file. One common hash value is called the MD5 …
An Supply Chain Threat is a man-made threat achieved through exploitation of the information and communications technology (ICT) system’s supply chain, including acquisition processes. Related Terms: Supply Chain, Threat Source: …
Identity and Access Management (IAM) are the methods and processes used to manage subjects and their authentication and authorizations to access specific objects. Related Terms: Authentication, Compromised Credentials, Password, Two-factor …
Cybersecurity is the activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use …
Incident Management is the management and coordination of activities associated with an actual or potential occurrence of an event that may result in adverse consequences to information or information systems. …
An Incident Response Plan is a set of predetermined and documented procedures to detect and respond to a cyber incident. This is the actual procedure carried out if there is …
Information Assurance are the measures that protect and defend information and information systems by ensuring their availability, integrity, and confidentiality. Related Terms: Information Security Policy Source: CNSSI 4009
Information Assurance Compliance in cybersecurity work is where a person: Oversees, evaluates, and supports the documentation, validation, and accreditation processes necessary to assure that new IT systems meet the organization’s …
Information Sharing is an exchange of data, information, and/or knowledge to manage risks or respond to incidents. This is commonly done when there has been a breach in technology that …
An Information Security Policy is an aggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information. It is important that any business has …
Information System Resilience is the ability of an information system to: (1) continue to operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining …
Information Systems Security Operations in cybersecurity work is where a person: Oversees the information assurance program of an information system in or outside the network environment; may include procurement duties (e.g., …
Interoperability is the ability of two or more systems or components to exchange information and to use the information that has been exchanged. Source: IEEE Standard Computer Dictionary, DHS personnel …