This glossary contains brief descriptions of commonly used cybersecurity and related technology terms.
Unless otherwise noted, definitions have been adapted from terms in the NIST Computer Security Resource Center Glossary.
The process of granting or denying specific requests to: i) obtain and use information or related systems or services; or ii) enter specific physical facilities.
A person who is responsible for managing a computer system or network.
Unlike regular user accounts, administrator accounts have full privileges and can perform tasks such as modifying computer hardware and software settings and managing user accounts. Some systems may refer to administrators as having “root” or “elevated” access.
A program designed to detect many forms of malware (e.g., viruses and spyware) and prevent them from infecting computers. It may also cleanse already-infected computers.
Verifying the identity of a user, process, or system, often as a prerequisite to allowing access to resources in an information system.
Timely, reliable access to data, information, and systems by authorized users.
A copy of information, files, and programs to facilitate recovery. Backups may be stored on the same machine that contains the original information, another machine, a storage device such as a thumb drive, or “in the cloud.”
A wireless protocol that allows two similarly equipped devices to communicate with each other within a short distance (e.g., 30 ft.). “Bluetooth-enabled” means that nearby devices can communicate with each other without a physical connection. Examples of Bluetooth-enabled devices include cell phones, portable wireless speakers, and wireless headphones.
Business Email Scams
A scam that targets businesses by using social engineering or computer intrusion to compromise legitimate business email accounts and conduct unauthorized fund transfers or obtain personal information.1
Assurance that information is not disclosed to unauthorized individuals, processes, or devices.
Criminal offenses committed on the internet or aided by the use of computer technology.2
Cyber Incident/Cyber Breach
An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or that constitutes a violation or imminent threat of violating security policies, security procedures, or acceptable use policies.
Insurance that is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage.3
An approach or series of steps to prevent or manage the risk of damage to, unauthorized use of, exploitation of, and—if needed—to restore electronic information and communications systems, and the information they contain, in order to strengthen the confidentiality, integrity, and availability of these systems.
An incident that involves sensitive, protected, or confidential information being copied, transmitted, viewed, stolen, or used by an individual unauthorized to do so. Exposed information may include credit card numbers, personal health information, customer data, company trade secrets, or matters of national security, for example.4
The practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data.
A security incident that occurs when a user unknowingly visits an infected/compromised website and malware is downloaded and installed without their knowledge.5
The transformation of data (called “plaintext”) into a form (called “ciphertext”) that conceals the data’s original meaning to prevent it from being known or used. If the transformation is reversible, the corresponding reversal process is called “decryption,” which is a transformation that restores encrypted data to its original state.
A device or program that restricts data communication traffic to or from a network and thus protects that network’s system resources against threats from another network.
Someone who attempts to or gains access to an information system, usually in an unauthorized manner. A “white hat” hacker is a cybersecurity specialist who breaks into systems with a goal of evaluating and ultimately improving the security of an organization’s systems.
A common connection point for devices in a network. Hubs commonly are used to pass data from one device (or network segment) to another.
Crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, often for economic gain.6
The approach to protect and manage the risk to information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.
A property whereby data has not been altered in an unauthorized manner since it was created, transmitted or stored.
Internet of Things (IoT)
The interconnection of electronic devices embedded in everyday or specialized objects, enabling them to sense, collect, process, and transmit data. IoT devices include wearable fitness trackers, “smart” appliances, home automation devices, wireless health devices, and cars—among many others.7
Intrusion Detection System/Intrusion Prevention System
A system or software that monitors and analyzes network or system events for the purpose of finding and providing real-time or near real-time warning of attempts to access system resources in an unauthorized manner. In addition, intrusion prevention systems can also attempt to stop the activity, ideally before it reaches its targets.
A computer program that is covertly placed onto a computer or electronic device with the intent to compromise the confidentiality, integrity, or availability of data, applications, or operating systems. Common types of malware include viruses, worms, malicious mobile code, Trojan horses, rootkits, spyware, and some forms of adware.
Multi-factor Authentication/Two-Factor Authentication/Dual Factor Authentication
Authentication using two or more different factors to provide increased security during log-ins. Factors may include: (i) something you know (e.g., password/PIN); (ii) something you have (e.g., cryptographic identification device, token); or (iii) something you are (e.g., biometric).
An information system implemented with a collection of interconnected components such as computers, routers, hubs, cabling, and telecommunications controllers.
Splitting a network into sub-networks, for example, by creating separate areas on the network which are protected by firewalls configured to reject unnecessary traffic. Network segmentation minimizes the harm of malware and other threats by isolating it to a limited part of the network.8
NIST Cybersecurity Framework
A widely used, risk-based approach to managing cybersecurity composed of three parts: the Framework Core, the Framework Profile, and the Framework Implementation Tiers. The Cybersecurity Framework includes references to standards, guidelines, and best practices. The Framework is voluntary for private sector use; federal agencies must use this risk management approach.9
The software “master control application” that runs a computer or electronic device.
A secret sequence of words or other text used to authenticate a person’s or system’s identity. A passphrase is similar to a password but is generally longer for added security.
A secret string of characters (letters, numbers, and other symbols) used to authenticate an identity, to verify access authorization or to derive cryptographic keys.
A “repair job” for a piece of programming, also known as a “fix.” When a software developer or distributor learns of a security weakness, a patch is the usual immediate solution that is provided to users and can sometimes be downloaded from the software maker’s web site.
Security testing in which evaluators mimic real-world attacks in an attempt to identify ways to circumvent the security features of an application, system, or network. Penetration testing often involves issuing real attacks on real systems and data, using the same tools and techniques used by actual attackers. Most penetration tests involve looking for combinations of vulnerabilities on a single system or multiple systems that can be used to gain more access than could be achieved through a single vulnerability.
Personally Identifiable Information (PII)
Information which can be used to distinguish or trace the identity of an individual (e.g., name, social security number, biometric records, etc.) alone, or when combined with other personal or identifying information which is linkable to a specific individual (e.g., date and place of birth, mother’s maiden name, etc.).
A technique for attempting to acquire sensitive data, such as bank account numbers, or access to a larger computerized system through a fraudulent solicitation in email or on a web site. The perpetrator typically masquerades as a legitimate business or reputable person.
Physical measures, policies, and procedures to protect an entity’s electronic information systems and related buildings and equipment from natural/environmental hazards and unauthorized intrusion.
Digital privacy is more than the security of personal information. It also covers the processing of information about individuals for a business’ operational purposes throughout the information lifecycle (from collection through disposal) and addressing risks that this processing could create for these individuals. These problems could range from embarrassment, discrimination, or loss of autonomy to more tangible harms such as identity theft or physical harm.
A type of malware that attempts to deny access to a user’s data, usually by encrypting the data with a key known only to the hacker who deployed the malware, until a ransom is paid.10
Access to an organization’s information system by a user (or a process acting on behalf of a user) communicating through an external network (e.g., the Internet).
The extent to which an entity is threatened by a potential circumstance or event. Risk typically is a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence. Information system-related security risks arise from the loss of confidentiality, integrity, or availability of information or information systems. These risks reflect the potential adverse impacts to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation.
The program and supporting processes to manage information security risk to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation. Risk management includes: (i) establishing the context for risk-related activities; (ii) assessing risk; (iii) responding to risk once determined; and (iv) monitoring risk over time.
A device that allows communication between different networks. Routers determine the best path for forwarding data to its destination.
Forms of electronic communications, including websites and applications, that enable users to create and share content or to participate in social networking.
Electronic junk mail or the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.
A highly targeted phishing attack, usually to a specific individual or department within an organization.
Software that is secretly or surreptitiously installed into an information system to gather information on individuals or organizations without their knowledge.
Tech Support Scams
A security exploit in which scammers call, place alarming pop-up messages on a computer, offer free “security” scans, or set up fake websites to convince someone that his/her computer is infected or has a problem. The scammers then ask to be paid to fix the non-existent problem.11
Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.
Type of standard cable, connector, or protocol for connecting computers, electronic devices, and power sources.
A computer program that can copy itself and infect a computer without permission or knowledge of the user. A virus might corrupt or delete data on a computer, use e-mail programs to spread itself to other computers, or even erase everything on a hard disk.
Virtual Private Network (VPN)
Virtual network built on top of existing networks that can provide a secure communications mechanism for data and Internet Protocol (IP) information transmitted via the virtual network.
A weakness in a system, application, or network that is subject to exploitation or misuse.
Watering Hole Attack
A security exploit where the attacker infects websites that are frequently visited by members of the group being attacked, with a goal of infecting a computer used by one of the targeted group when they visit the infected website.
An approved list or register of entities provided a particular privilege, service, mobility, access, or recognition.
Overwriting media (like a hard drive) or portions of media to hinder reconstruction of the data.
A generic term that refers to a wireless local area network that follows the IEEE 802.11 protocol. Wireless capabilities allow computers, smartphones, or other devices to connect to the Internet or communicate with one another wirelessly within a particular area.
- https:// www.hhs.gov/sites/default/files/RansomwareFactSheet. pdf