The ability and means to communicate with or otherwise interact with a system, to use system resources to handle information, to gain knowledge of the information the system contains, or to control system components and functions.
The process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities.
Related Term(s): access control mechanism
Access Control Mechanism
Security measures designed to detect and deny unauthorized access and permit authorized access to an information system or a physical facility.
An actual assault perpetrated by an intentional threat source that attempts to alter a system, its resources, its data, or its operations.
Related Term(s): passive attack
The physical separation or isolation of a system from other systems or networks.
A notification that a specific attack has been detected or directed at an organization’s information systems.
A program that specializes in detecting and blocking or removing forms of spyware.
Related Term(s): spyware
Anything useful that contributes to the success of something, such as an organizational mission; assets are things of value or properties to which value can be assigned.
An information system’s characteristics that permit an adversary to probe, attack, or maintain presence in the information system.
Observing activities of users, information systems, and processes and measuring the activities against organizational policies and rule, baselines of normal activity, thresholds, and trends.
Synonym(s): behavior monitoring
A group that defends an enterprise’s information systems when mock attackers (i.e., the Red Team) attack, typically as part of an operational exercise conducted according to rules established and monitored by a neutral group (i.e., the White Team).
Related Term(s): Red Team, White Team
A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under remote the command and control of a remote administrator.
Related Term(s): botnet
Data or information in its encrypted form.
Related Term(s): plaintext
A model for enabling on-demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
A well-defined computational procedure that takes variable inputs, including a cryptographic key, and produces an output.
Related Term(s): key, encryption, decryption, symmetric key, asymmetric key
The art or science concerning the principles, means, and methods for converting plaintext into ciphertext and for restoring encrypted ciphertext to plaintext.
Related Term(s): plaintext, ciphertext, encryption, decryption
The information and communications systems and services composed of all hardware and software that process, store, and communicate information, or any combination of all of these elements: Processing includes the creation, access, modification, and destruction of information. Storage includes paper, magnetic, electronic, and all other media types. Communications include sharing and distribution of information.
In the NICE Framework, cybersecurity work where a person: Performs activities to gather evidence on criminal or foreign intelligence entities in order to mitigate possible or real-time threats, protect against espionage or insider threats, foreign sabotage, international terrorist activities, or to support other intelligence activities.
Strategy, policy, and standards regarding the security of and operations in cyberspace, and encompass[ing] the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure.
The interdependent network of information technology infrastructures, that includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers.
The process of gathering and combining data from different sources, so that the combined data reveals new information.
Related Term(s): data mining
The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information.
Related Term(s): data loss, data theft, exfiltration
The property that data is complete, intact, and trusted and has not been modified or destroyed in an unauthorized or accidental manner.
Related Term(s): integrity, system integrity
The process of converting encrypted data back into its original form, so it can be understood.
Synonym(s): decode, decrypt, decipher
Denial of Service (DoS)
An attack that prevents or impairs the authorized use of information system resources or services.
In the NICE Framework, cybersecurity work where a person: Collects, processes, preserves, analyzes, and presents computer-related evidence in support of network vulnerability, mitigation, and/or criminal, fraud, counterintelligence or law enforcement investigations.
Synonym(s): computer forensics, forensics
A value computed with a cryptographic process using a private key and then appended to a data object, thereby digitally signing the data.
Related Term(s): electronic signature
Distributed Denial of Service (DDoS)
A denial of service technique that uses numerous systems to perform the attack simultaneously.
Related Term(s): denial of service, botnet
Any mark in electronic form associated with an electronic document, applied with the intent to sign the document.
Related Term(s): digital signature
The generic term encompassing encipher and encode.
Synonym(s): encipher, encode
A technique to breach the security of a network or information system in violation of security policy.
In the NICE Framework, cybersecurity work where a person: Analyzes collected information to identify vulnerabilities and potential for exploitation.
Failure (System Failure)
The inability of a system or component to perform its required functions within specified performance requirements.
A hardware/software device or a software program that limits network traffic according to a set of rules of what access is and is not allowed or authorized.
An unauthorized user who attempts to or gains access to an information system.
A numeric value resulting from applying a mathematical algorithm against a set of data such as a file.
Synonym(s): cryptographic hash value
Related Term(s): hashing
Identity and Access Management
The methods and processes used to manage subjects and their authentication and authorizations to access specific objects.
An occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences.
Related Term(s): event
Incident Response Plan
A set of predetermined and documented procedures to detect and respond to a cyber incident.
An occurrence or sign that an incident may have occurred or may be in progress.
Related Term(s): precursor
The measures that protect and defend information and information systems by ensuring their availability, integrity, and confidentiality.
Related Term(s): information security
An exchange of data, information, and/or knowledge to manage risks or respond to incidents.
Any equipment or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information.
Related Term(s): information and communication(s) technology
Two mathematically related keys having the property that one key can be used to encrypt a message that can only be decrypted using the other key.
Related Term(s): private key, public key
A publicly or privately controlled asset necessary to sustain continuity of government and/or economic operations, or an asset that is of great historical significance.
Related Term(s): critical infrastructure
Software or hardware that tracks keystrokes and keyboard events, usually surreptitiously / secretly, to monitor actions by the user of an information system.
Related Term(s): spyware
A type of malicious code that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute, replicate, and spread or propagate itself.
Related Term(s): virus
Software that compromises the operation of a system by performing an unauthorized function or process.
Synonym(s): malicious code, malicious applet, malicious logic
Mitigation (Risk Management)
The application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences.
The hardware and software systems used to operate industrial control devices.
Related Term(s): Industrial Control System
An actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations.
Related Term(s): active attack
An unauthorized act of bypassing the security mechanisms of a network or information system.
An observable occurrence or sign that an attacker may be preparing to cause an incident.
Related Term(s): indicator
A group authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s cybersecurity posture.
Related Term(s): Blue Team, White Team
Red Team Exercise
An exercise, reflecting real-world conditions, that is conducted as a simulated attempt by an adversary to attack or exploit vulnerabilities in an enterprise’s information systems.
Related Term(s): cyber exercise
Additional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process.
The ability to adapt to changing conditions and prepare for, withstand, and rapidly recover from disruption.
The activities that address the short-term, direct effects of an incident and may also support short-term recovery.
Related Term(s): recovery
The potential for an unwanted or adverse outcome resulting from an incident, event, or occurrence, as determined by the likelihood that a particular threat will exploit a particular vulnerability, with the associated consequences.
The systematic examination of the components and characteristics of risk.
Related Term(s): risk assessment, risk
The appraisal of the risks facing an entity, asset, system, or network, organizational operations, individuals, geographic area, other organizations, or society, and includes determining the extent to which adverse circumstances or events could result in harmful consequences.
Related Term(s): risk analysis, risk
The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.
Includes: 1) conducting a risk assessment; 2) implementing strategies to mitigate risks; 3) continuous monitoring of risk over time; and 4) documenting the overall risk management program.
Related Term(s): enterprise risk management, integrated risk management, risk
A cryptographic key that is used for both encryption and decryption, enabling the operation of a symmetric key cryptography scheme.
Related Term(s): symmetric key
The use of information technology in place of manual processes for cyber incident response and management.
A rule or set of rules that govern the acceptable use of an organization’s information and services to a level of acceptable risk and the means for protecting the organization’s information assets.
In cybersecurity, comprehending the current status and security posture with respect to availability, confidentiality, and integrity of networks, systems, users, and data, as well as projecting future states of these.
The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner.
The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.
The deliberate inducement of a user or resource to take incorrect action. Note: Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing.
Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.
Related Term(s): keylogger
Supervisory Control and Data Acquisition
A generic name for a computerized system that is capable of gathering and processing data and applying operational controls to geographically dispersed assets over long distances.
Related Term(s): Industrial Control System
A system of organizations, people, activities, information and resources, for creating and moving products including product components and/or services from suppliers through to their customers.
Related Term(s): supply chain risk management
Supply Chain Risk Management
The process of identifying, analyzing, and assessing supply chain risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.
Related Term(s): supply chain
A branch of cryptography in which a cryptographic system or algorithms use the same secret key (a shared secret key).
In the NICE Framework, cybersecurity work where a person: Works on the development phases of the systems development lifecycle.
Systems Requirements Planning
In the NICE Framework, cybersecurity work where a person: Consults with customers to gather and evaluate functional requirements and translates these requirements into technical solutions; provides guidance to customers about applicability of information systems to meet business needs.
A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society.
An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.
Related Term(s): adversary, attacker
In the NICE Framework, cybersecurity work where a person: Identifies and assesses the capabilities and activities of cyber criminals or foreign intelligence entities; produces findings to help initialize or support law enforcement and counterintelligence investigations or activities.
The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations, and/or property.
Related Term(s): threat analysis
A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.
A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer.
Related Term(s): macro virus
Characteristic of location or security posture or of design, security procedures, internal controls, or the implementation of any of these that permit a threat or hazard to occur. Vulnerability (expressing degree of vulnerability): qualitative or quantitative expression of the level of susceptibility to harm when a threat or hazard is realized.
Related Term(s): weakness
Vulnerability Assessment and Management
In the NICE Framework, cybersecurity work where a person: Conducts assessments of threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.
A shortcoming or imperfection in software code, design, architecture, or deployment that, under proper conditions, could become a vulnerability or contribute to the introduction of vulnerabilities.
Related Term(s): vulnerability
A group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of information systems.
Related Term(s): Blue Team, Red Team
A list of entities that are considered trustworthy and are granted access or privileges.
Related Term(s): blacklist
A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.