Cybersecurity Terminology

Scareware

- a cyberattack tactic that frightens people into visiting spoofed or infected websites or downloading malicious software (malware)

SECaaS (Security as a Service)

- a cloud-based method of outsourcing your cybersecurity

SecDevOps

- a software development methodology that places security concerns first in planning and development

SecOps

- a combination of the terms security and operations, is a methodology that IT managers implement to enhance the connection, collaboration and communication between IT security and IT operations teams

secret key

- A cryptographic key that is used for both encryption and decryption, enabling the operation of a symmetric key cryptography scheme.

securely provision

- A NICE Framework category consisting of specialty areas concerned with conceptualizing, designing, and building secure IT systems, with responsibility for some aspect of the systems' development.

security automation

- The use of information technology in place of manual processes for cyber incident response and management.

security policy

- A rule or set of rules that govern the acceptable use of an organization's information and services to a level of acceptable risk and the means for protecting the organization's information assets.

security program management

- In the NICE Framework, cybersecurity work where a person: Manages information security (e.g., information security) implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and other resources (e.g., the role of a Chief Information Security Officer).

SIEM (Security information and event management)

- a security solution that helps organizations detect threats before they disrupt business

signature

- A recognizable, distinguishing pattern.

situational awareness

- Comprehending information about the current and developing security posture and risks, based on information gathered, observation and analysis, and knowledge or experience.

SlowLoris

- an attack tool designed to take down a server by flooding it with incomplete HTTP requests, without using much of bandwidth

smishing

- the fraudulent practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information

SoC (Security Operations Center)

- an intelligence hub for the company, gathering data from across the organization's networks, servers, endpoints and other digital assets and using intelligent automation to identify, prioritize and respond to potential cybersecurity threats

Social Engineering

- the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes

software assurance

- The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner.

software assurance and security engineering

- In the NICE Framework, cybersecurity work where a person: Develops and writes/codes new (or modifies existing) computer applications, software, or specialized utility programs following software assurance best practices.

spam

- The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.

Spidering

- the process where hackers familiarize themselves with their targets in order to obtain credentials based on their activity

spoofing

- Faking the sending address of a transmission to gain illegal [unauthorized] entry into a secure system.

spyware

- Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.

STaaS (Storage as a Service)

- a practice of using public cloud storage resources to store your data

strategic planning and policy development

- In the NICE Framework, cybersecurity work where a person: Applies knowledge of priorities to define an entity.

subject

- An individual, process, or device causing information to flow among objects or a change to the system state.

supervisory control and data acquisition

- A generic name for a computerized system that is capable of gathering and processing data and applying operational controls to geographically dispersed assets over long distances.

supply chain

- A system of organizations, people, activities, information and resources, for creating and moving products including product components and/or services from suppliers through to their customers.

supply chain risk management

- The process of identifying, analyzing, and assessing supply chain risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.

switchport

- the physical opening where a data cable can be plugged in

symmetric cryptography

- A branch of cryptography in which a cryptographic system or algorithms use the same secret key (a shared secret key).

symmetric key

- A cryptographic key that is used to perform both the cryptographic operation and its inverse, for example to encrypt plaintext and decrypt ciphertext, or create a message authentication code and to verify the code.

SysOp (System Operator)

- responsible for the upkeep and maintenance of servers, networks, and other IT infrastructure

system administration

- In the NICE Framework, cybersecurity work where a person: Installs, configures, troubleshoots, and maintains server configurations (hardware and software) to ensure their confidentiality, integrity, and availability; also manages accounts, firewalls, and patches; responsible for access control, passwords, and account creation and administration.

system integrity

- The attribute of an information system when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.

systems development

- In the NICE Framework, cybersecurity work where a person: Works on the development phases of the systems development lifecycle.

systems requirements planning

- In the NICE Framework, cybersecurity work where a person: Consults with customers to gather and evaluate functional requirements and translates these requirements into technical solutions; provides guidance to customers about applicability of information systems to meet business needs.

systems security analysis

- In the NICE Framework, cybersecurity work where a person: Conducts the integration/testing, operations, and maintenance of systems security.

systems security architecture

- In the NICE Framework, cybersecurity work where a person: Develops system concepts and works on the capabilities phases of the systems development lifecycle; translates technology and environmental conditions (e.g., law and regulation) into system and security designs and processes.