Cybersecurity Terminology

ResourcesTerms & Definitions

access
- The ability and means to communicate with or otherwise interact with a system, to use system resources to handle information, to gain knowledge of the information the system contains, or to control system components and functions.
access control
- The process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities.
access control mechanism
- Security measures designed to detect and deny unauthorized access and permit authorized access to an information system or a physical facility.
active attack
- An actual assault perpetrated by an intentional threat source that attempts to alter a system, its resources, its data, or its operations.
active content
- Software that is able to automatically carry out or trigger actions without the explicit intervention of a user.
advanced persistent threat
- An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception).
adversary
- An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.
AIaaS (Artificial Intelligence as a Service)
- a cloud-based service offering artificial intelligence (AI) outsourcing
air gap
- To physically separate or isolate a system from other systems or networks (verb).
alert
- A notification that a specific attack has been detected or directed at an organization’s information systems.
all source intelligence
- In the NICE Framework, cybersecurity work where a person: Analyzes threat information from multiple sources, disciplines, and agencies across the Intelligence Community. Synthesizes and places intelligence information in context; draws insights about the possible implications.
allowlist
- A list of entities that are considered trustworthy and are granted access or privileges.
analyze
- A NICE Framework category consisting of specialty areas responsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.
anonymizers
- an anonymous proxy is a tool that attempts to make activity on the Internet untraceable
anti-CSRF (Anti – Cross-Site Request Forgery)
- related pairs of tokens given to users to validate their requests and prevent issue requests from attackers via the victim
antispyware software
- A program that specializes in detecting and blocking or removing forms of spyware.
antivirus software
- A program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents. Sometimes by removing or neutralizing the malicious code.
AppSec
- the process of finding, fixing, and preventing security vulnerabilities at the application level, as part of the software development processes
asset
- A person, structure, facility, information, and records, information technology systems and resources, material, process, relationships, or reputation that has value.
attack
- An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity.
attack method
- The manner or technique and means an adversary may use in an assault on information or an information system.
attack path
- The steps that an adversary takes or may take to plan, prepare for, and execute an attack.
attack pattern
- Similar cyber events or behaviors that may indicate an attack has occurred or is occurring, resulting in a security violation or a potential security violation.
attack signature
- A characteristic or distinctive pattern that can be searched for or that can be used in matching to previously identified attacks.
attack surface
- The set of ways in which an adversary can enter a system and potentially cause damage.
attacker
- An individual, group, organization, or government that executes an attack.
authentication
- The process of verifying the identity or other attributes of an entity (user, process, or device).
authenticity
- A property achieved through cryptographic methods of being genuine and being able to be verified and trusted, resulting in confidence in the validity of a transmission, information or a message, or sender of information or a message.
authorization
- A process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource.
availability
- The property of being accessible and usable upon demand.

Interested in Cybersecurity?


    EDR SecurityMDR SecurityRansomeware ProtectionDNS/Web FilteringPenetration TestingSecurity AwarenessVulnerability AssessmentsPassword ManagementDarkweb MonitoringMultifactor (MFA)Other

    microsoft-logo
    ibm-logo
    dell-logo
    hp-logo
    sentinel-logo
    vmware-logo
    Skip to content