Access control lists (ACLs, pronounced ak-els): Permissions with respect to files and programs allocated to computer users, for example, read, write execute; may be listed for individual users or groups of users, where groups are designated by membership lists or attributes of a user record designated as a role.
Account hijacking: Using credentials for a computer that belongs to someone else without their knowledge.
Advanced persistent threat (APT): An adversary who is continually actively engaged in reconnaissance to collect information for purposes of cyber espionage and/or cyber attack.
Anti-malware: Software designed to detect and minimize the damaging impact of malicious software.
Antivirus: Software designed to detect and minimize the damaging impact of malicious self-replicating software.
Availability: A system security attribute that refers to the delivery of functional capability when required.
Badness-ometer: A scale on which every reading indicates security is bad.
Bandwidth: A measure of the amount of data that can simultaneously traverse through a telecommunications line.
Bit: An electronic representation of a 1 or a 0, typically combined with other bits to represent information in binary message formats.
Black hats: Cyber criminals. The origin of the term is old Western movies where the bad guy typically wore black while the good guy wore white.
Blacklist: In the context of the Internet, a list of sites to avoid due to evidence of malice by site operators (e.g., the sites deliver malware) or due to organization determination of inappropriate use of organizational computing resources (e.g., gambling sites).
Bluetooth: A network protocol for close range wireless communication.
Bogon: Short for bogus networks, this term refers to packet on the Internet that identifies its source as unallocated address space.
Border Gateway Protocol (BGP): A network communications protocol used to send data between Internet sites.
Bot: Short for robot, it refers to software.
Botnet: Multiple bots controlled by the same operator.
Bug: a coding error in software.
Business logic: In the context of security, rules for handling information that are programmed in software.
Byte: An ordered set of 8 bits; may represent a single character.
Carrier: A telecommunications company that transports data between physical locations, may be satellite, cellular, and/or land-based.
Certificates: Cryptographic keys which may be verified to be associated with organizations or individuals.
Certified Information Security Auditor (CISA): A technology audit certification offered by the Information Audit and Control Association (formerly the EDP Audit Association). Certification requires a test in information systems audit tools and techniques as well as independent attestation of education and experience. See www.isaca.org.
Certified Information Security Manager (CISM): An information systems security management certification offered by the Information Audit and Control Association. Certification requires a test of an enterprise security
body of knowledge as well as independent attestation of education and experience. See www.isaca.org.
Certified Information Systems Security Professional (CISSP): A security certification offered by the International Information Systems Security Certification Consortium, Inc. Certification requires a test in tools and techniques for information security as well as endorsement by an existing CISSP. See www.isc2.org.
Chief Information Security Officer (CISO): A title associated with the highest ranking individual whose sole function within an organization is to manage an organization-wide security program. Click fraud: The act of charging an Internet site for a user selecting a link to it, when no real person clicked on the link, often accomplished with
Compensating Control: A security measure that mitigates the security risk of a vulnerability for which a primary control is ineffective. Typically a detection and response capability, the measure would compensate for the lack of system features that would prevent the vulnerability from exploit.
Computer Emergency Response Team (CERT): An organization whose mission is to receive reports of cyber incidents and gather a team qualified and motivated to resolve them.
Confidentiality: A system security attribute that refers to its ability to restrict access to information to an identified set of system users.
Content: In the context of cyberspace, refers to information represented by data.
Content filters: Strings of text that may be compared to data to determine whether it contains specific information, for example, NNN-NN-NNNN where N translated to any number is often used as a content filter for a
U.S. social security number.
Control activity: Any combination of people, process, and technology whose purpose is to achieve a control objective.
Control objectives: Statement of management intention on security posture.
Credentials: information used to identify a user and authenticate that user to a computer; also referred to as login credentials.
Crime as a service (CAAS): Cyber attacks for hire, such as denial of service attacks.
Crimeware: Software created for the purpose of executing CAAS.
Cryptography: A method of hiding data in bit format by using complex methods of diffusion and confusion in combination with large sequences of other bits (keys). In this context, diffusion means disseminating the message into a statistically longer and more obscure format, and confusion means to make the relationship between the message and the key very long and involved.
Cyber Security: Security modified with an adjective referring to the cyberspace properties of the thing to be secured. In general, cyber security refers to methods of using people, process, and technology to prevent, detect, and recover from damage to confidentiality, integrity, and availability of information in cyberspace.
Cyberspace: The global collection of electronic circuits that allow people to share information without physical connectivity.
Defense Industrial Base (DIB): Companies whose primary customer is the U.S. government.
Denial of control: Deprivation of the ability to enter system commands.
Denial of service (DOS): An intentional shutdown of system communications.
Denial of view: Deprivation of the ability to view systems status, or otherwise corrupt the data normally viewed by a system operator.
Dial-back: A mechanism that records a phone number calling, disconnects the incoming call, and initiates an outbound call to the same number only if it has been previously authorized to connect to that number.
Discretionary access control (DAC): Computer access control mechanisms that allow a user who can access data to grant that access to another user without administration collusion.
Distributed control systems (DCSs): Systems that allow multiple avenues of administration.
Distributed denial of service (DDOS): An intentional shutdown of system communications caused by multiple, independently operating computers whose activities are purposefully coordinated.
Distributed Network Protocol (DNP3): A set of industrial control system communications protocols that segment messages into three components (physical, data, and application).
Domain Keys Identified Mail (DKIM): A cryptographic protocol that allows users to verify the integrity of email and its provenance.
Domain Name Services (DNSs): A way to identify at which Internet address the computer corresponds to an Internet Universal Resource Locator.
Domain squatting: Using a company or individual trademark, copyright, or an identifier similar to register a domain name on the Internet that appears with probability to belong to that company or individual.
Doxing: Disclosing embarrassing or otherwise damaging personal information about someone on the Internet.
e-Commerce: “e” is short for electronic, and e-commerce refers to business conducted over the Internet.
Email: Originally, email as in e-commerce, where “e” stood for “electronic,” now in mainstream vocabulary as email, or messages sent or received using Internet mail protocols.
Encryption: The process of using cryptography to hide data content.
End user: a person who uses a computer or mobile device, typically used to refer to those without the advantage of administrative privileges.
End User License Agreements (EULAs): Software industry standard verbiage created to form a legal compact between software buyers and sellers.
Federal Emergency Management Administration (FEMA): The U.S. federal government agency with Primary responsibility for responding to a domestic consequence management incident.
Field instrumentation: Physical sensors and mechanism with electronic circuits that integrate with industrial control systems (ICSs).
Firewall: An electronic device deployed to intercept all traffic sent and received between two networks for the purpose of restricting the type of data protocols allowed between them.
Flaw: In the context of software, a flaw is a design that is unable to meet all requirements for the intended functionality simultaneously. “Flaw” may also refer specifically refer to the portion of software code that, if and when replaced, would allow for a design that met specifications.
Freeware: Software that anyone may use, though authorized use may require acceptance of a license agreement. Often confused with Open Source, but different because freeware source code is not always available.
FUD Factor: Fear, uncertainty, and doubt in the context of a discussion about security, usually introduced in order to influence a spending decision.
Global Positioning System (GPS): A system that allows software on an electronic device to communicate with multiple satellites in order to determine its location on earth.
Graphical user interface (GUI): Software representation of information used to view information on and/or operate computers.
Hacktivism: Political protest conducted in cyberspace. Typically accomplished by sabotaging one or more government or enterprise websites that are associated with the political protest target.
Host intrusion detection system (HIDS): A file integrity detection and alerting system, such as tripwire.
Identity theft: Impersonation of an individual using data that are associated with computerized records that identify the individual.
Impersonation: A method by which a user may manipulate data within an authentication session or order to appear to the authenticating system as a different individual, who is also an authorized system user.
Improvised explosive device (IED): An explosive configured with trigger mechanisms customized to explode when approached by a specific target.
Industrial control system (ICS): A system that monitors and controls physical processes.
Information Systems Audit and Control Association (ISACA): An international association of cyber security and audit professionals who certify members for the professional practice of Information Systems Audit, Security, Governance, and Risk Management.
Information technology (IT): Refers in general to the computer systems and associated management processes designed to achieve organizational goals for information processing.
Integrity: An information attribute that refers to its authenticity, accuracy, and provenance. When applied to a system, integrity refers to its ability to maintain the authenticity, accuracy, and provenance of recorded and reported information.
Intelligent electronic device (IED): Component that provides software configuration, monitoring, and communications functions within a SCADA or other control component of an ICS.
Inter-Control Center Communications Protocol (ICCP or IEC 60870-6/ TASE.2): An international protocol for industrial control system communication that conforms to the sever-layer OSI model. Internet Assigned Numbers Authority (IANA) or a delegated Regional
Internet Registry (RIR): Organizations that facilitate the assignment of Internet addresses.
Internet Corporation for Assigned Names and Numbers (ICANN): The organization that sets the rules for determining how Internet users may claim ownership to address space and name space.
Internet Engineering Task Force (IETF): An organization that allows technologists to propose and collaborate on Internet standards. Internet-facing: An adjective to describe a system that may be accessed via the public Internet.
Internet protocol (IP): A method of electronic communication used to convey information on the Internet.
Internet Registrar: A service business that provides registration of Internet domain names within top-level domains (TLDs) such as “.com.”
Internet service provider (ISP): A business that sells connections to the Internet.
Intrusion detection system (IDS): With respect to physical security implies monitoring algorithms using images from cameras and personnel badge or physical access card readers, while in cyber security, the term IDS
refers to host or network monitoring for malware and/or damaging impact to cyberspace resources.
Intrusion prevention system (IPS): A cyber security term to describe software that terminates the network connection of any user identified to be sending malware or commands known to be part of a cyber attack.
Job control technician: A professional who manage large quantities of computer processes, ensuring that the required dependencies of each are available at the time they are executed, and the output of each is available when required.
Joyride: To use computers in an unauthorized fashion to play online games or for other peaceful purposes.
Key management: People, process, and technology coordinated to keep track of encryption keys to ensure availability of encrypted data.
Login: Information use to identify a user and authenticate that user to a computer, also referred to in shortened form as credentials.
Malvertising: Advertisements that contain links to websites that download malware onto end-computers without raising suspicions of the computer users.
Malware: Software designed with malicious intent, to spy on user activities, steal data, or damage the integrity of targeted computers.
Mandatory access control (MAC): A method of maintaining permission to access system information or execute system functions that must be performed by a system administrator or operator, and cannot be changed by users of system information.
Man-in-the-middle: A type of cyber attack wherein the attacker intercepts communication from a user destined for a server and communicates with the server instead, pretending to be the user. The server responds to the attacker, and the attacker responds to the user, in effect, impersonating both the user and the server simultaneously.
Mash-up: A website that incorporates links from many other websites in order to maintain its full set of features, such as linking to calendar applications and shopping cart applications running on a different web service provider, and displaying status from those applications continually throughout the user experience on its primary site.
Mean-time-to-repair (MTTR): The amount of time it is expected to take to recover from a specific type of system failure, based on historical data of actual recovery times recorded.
Messaging: a generic term to refer to any process by which messages are sent electronically, via server protocols such as email, chat, or peer-topeer protocols.
Modbus: A messaging structure used to communicate commands within industrial control systems.
Multifactor authentication: Authentication factors are what you have, what you know, and what you are. Any authentication process that uses more than one of these techniques to authenticate a user is multifactor authentication.
Mutual identification: Any process by which two devices connected over a network can identify the other simultaneously prior to creating a communications channel between them.
Name space: In the context of the Internet, the convention of names that ends in global top-level domains such as “.com.”
National Infrastructure Advisory Council (NIAC): Created by Executive Order 13231 in 2001, the NIAC advises the U.S. President on the security of information systems for critical infrastructure.
National Infrastructure Protection Plan (NIPP): A U.S. Department of Homeland Security publication that specifies the working relationship between public and private sector organizations that is expected to be used to respond to unforeseen emergencies that negatively impact national infrastructure.
National Security Telecommunications Advisory Committee (NSTAC): A committee of telecommunications industry stakeholders whose goal is to develop recommendations for the President of the United States to assure vital telecommunications links through any event or crisis, created under Executive Order 12382.
Net neutrality: A cyber security policy position that endorses unrestricted ability of content to move freely over the Internet, and opposes attempts to regulate Internet information flow or to allow Internet Service Providers to have control over routing of information as opposed to electronic transmission.
Network Address Translation (NAT): A communications protocol that allows a network routing device to label the same computer with different network addresses depending on which network interface is communicating with the computer.
Network listening: Copying network traffic to a device for which it was not addressed, for the purpose of eavesdropping on network communications.
Network zone: A set of network addresses for which communications security is managed by surrounding them with common traffic choke points with similar traffic filters.
Node: A network-connected electronic device which has communication capabilities.
North Atlantic Treaty Organization (NATO): An alliance of countries from North America and Europe committed to fulfilling the goals of the North Atlantic Treaty signed on April 4, 1949.
Online behavioral advertising: Gathering information about an individual’s behavior on the Internet in order to provide customized advertising to be displayed to that individual.
Open source: Software whose source code is freely available on the Internet and whose owners encourage others to add features; participation in such software projects may require the participant to observe license agreements.
Operating system: A computer program that allows hardware to be controlled using a standard set of utilities that are the same no matter what hardware is being accessed.
Operations: A generic term for a department whose mission is to ensure that systems function as expected.
Packet: In the context of the Internet communications protocols such as the Transmission Control Protocol, a packet is a string of bytes representing data fields that are read by Internet routers in sequential order in order to extract the IP address and other fields required to send the information in the packet to the destination identified by its sender.
Patch: A portion of software code contrived to replace portions of code that are operating incorrectly without replacing the entire code base for the affected application or product.
Penetration test: A software security quality assurance technique that checks for known vulnerabilities, a form of badness-ometer.
Personally identifiable information (PII): Information that can be used to create consumer relationships of financial liability.
Pharming: Changing the method that a user resolves domain names services to send them to malicious websites, either on their local machine or on a domain name server.
Phishing: Sending an unsolicited email or other message that appears to be from a friendly source, but instead lures a user into accepting malware onto their computer.
Phone home: A software or malware feature that initiates communication back to the software vendor who supports it or the crimeware operator who operates it, respectively.
Policy servers: Computers that store variable configurations for security technologies, not to be confused with management policy.
Port: An addressable place in memory on a computer that sends and receives network communications.
Programmable logic controller (PLC): A digital computer used for automation of electromechanical processes. PLCs are used in many industries and machines. A PLC is designed for multiple input and output arrangements.
Proxy servers: A computer that is designed to intercept network communications bounds for a given destination, such as the Internet, and check it against a set of rules for acceptable use prior to allowing it to continue to its destination.
Public key cryptography: A cryptographic algorithm that uses split keys to allow a user to keep the private component while allowing others to identify the user using a public component.
Reference monitor: Software that allows an operating system to allocate its resources to only authorized users by interrupting all resource requests and comparing them to access control lists before allowing them to be answered.
Remote access: The ability to use the resources of a computer without being collocated with it, usually via a phone line or Internet connection, but may be wireless or satellite enabled.
Remote access tool (RAT): Malware that enables remote access.
Remote terminal unit (RTU): Any device that allows manual command entry in a SCADA system.
Repudiate: To deny.
Request for comment (RFC): The standard name for a proposed Internet technology standard, indexed by number, title, author, and keywords.
Reverse engineer: A process of examining systems and/or software to determine how it works.
Secure Socket Layer (SSL): A generic term to refer to all secure communications protocols that allow traffic between end users and web servers to be encrypted.
Security information management (SIM): An industry-specific term in computer security referring to the collection of data (typically log files, e.g,. event logs) into a central repository for trend analysis.
Sender authentication: Sender ID Framework (SIDF) or Sender Policy Framework (SPF).
Security operations center (SOC): A department within an enterprise whose mission is to detect and respond to security incidents.
Smart grid: A digitally enabled electrical grid that gathers, distributes, and acts on information about the behavior of all participants to improve the efficiency, reliability, and sustainability of electricity services. It utilizes two-way communications making it cyber vulnerable.
Smart meters: Devices that measure electricity and alter power distribution based on the measured value.
Social engineering: Using friendly persuasion to gain information that may be used to commit account hijacking, identity theft, and theft of intellectual property, including espionage.
Social networking: Using collaboration software to share content with friends and colleagues on the Internet or privately operated networks used by persons of similar goals and/or interests.
Spam: This term originated as a canned meat product, but now refers to undesirable messages, most frequently email.
Spoof: A method by which one system may manipulate data within a communication protocol in order to display the technical attributes of another system through a network interface, spoofing is the system equivalent of impersonation.
Spyware: Malware designed to capture user keystrokes and other activities in order to complete profile information on them, to sell to advertisers or crimeware operators, or to conduct espionage or APT activities.
Supervisory Control and Data Acquisition (SCADA): A subset of industrial control systems generally used in large, geographically dispersed applications such as electric, gas, and water transmission and distribution systems.
System of systems: A system that has a specific mission or purpose only in combination with other independently operating systems that have mission or purposes separate from their use in combination.
Technology malpractice: Negligence in management techniques to meet information security requirements.
TNT: Trinitrotoluene, a type of explosive.
Top-level domain (TLD): A string of letters that corresponds to a set of Internet names that end in that string. For example, “com,” “org,” and “net.” A gTLD is a generic top-level domain, and a ccTLD is a country code top-level domain. TLD is the general term that encompasses both.
Traffic filters: Specification of the network traffic protocols to be allowed into a network zone, may also include the source or destination Internet address of the machines within the zone. Traffic filters are typically the
basis for firewall rules.
Transmission Control Protocol (TCP): A specification for data sent between network devices, specifies, among other things, how may bits are reserved in what order for the network address to which the data should be sent, the protocol under which it should be interpreted, and the application which should be used to process the date upon receipt.
Transport Layer Security (TLS): A more recent specification and update to SSL.
Tripwire: Software that monitors file attributes to detect and alert when files are modified or deleted.
Unallocated address space: Internet addresses that are purposely not assigned to any entity in order for all entities to use them internally, as defined in Internet Engineering Task Force (IETF) Requests for Comment
Universal serial bus: Protocol for data communications between an operating system and peripherals.
Virtual private network (VPN): A cryptography-enabled method of confidential communication between multiple computers over a public network.
White hat: A cyber security professional who emulates cyber criminal behavior in order to test systems security. The origin of the term is old Western movies where the bad guy typically wore black while the good guy wore white.
White list: A list of email domains which should not be blocked by spam filters, or a list of software programs that should not be quarantined by antivirus, or any other list of exceptions to security filters.
Zero-Day: When used as a modifier for the word threat, attack, or vulnerability, zero-day means that the vulnerability used by the threat agent is not publicly known.
Zone: An network configuration that requires traffic filters to specify all authorized access to systems within the zone.