Overall

Access controls

Security controls that manage access, authorization, and accountability of information

Active packet sniffing

A type of attack where data packets are manipulated in transit

Address Resolution Protocol (ARP)

A network protocol used to determine the MAC address of the next router or device on the path

Advanced persistent threat (APT)

An instance when a threat actor maintains unauthorized access to a system for an extended period of time

Adversarial artificial intelligence (AI)

A technique that manipulates artificial intelligence (AI) and machine learning (ML) technology to conduct attacks more efficiently

Adware

A type of legitimate software that is sometimes used to display digital advertisements in applications

Algorithm

A set of rules used to solve a problem

Analysis

The investigation and validation of alerts

Angler phishing

A technique where attackers impersonate customer service representatives on social media

Anomaly-based analysis

A detection method that identifies abnormal behavior

Antivirus software

A software program used to prevent, detect, and eliminate malware and viruses

Application

A program that performs a specific task

Application programming interface (API) token

A small block of encrypted code that contains information about a user

Argument (Linux)

Specific information needed by a command

Argument (Python)

The data brought into a function when it is called

Array

A data type that stores data in a comma-separated ordered list

Assess

The fifth step of the NIST RMF that means to determine if established controls are implemented correctly

Asset

An item perceived as having value to an organization

Asset classification

The practice of labeling assets based on sensitivity and importance to an organization

Asset inventory

A catalog of assets that need to be protected

Asset management

The process of tracking assets and the risks that affect them

Asymmetric encryption

The use of a public and private key pair for encryption and decryption of data

Attack surface

All the potential vulnerabilities that a threat actor could exploit

Attack tree

A diagram that maps threats to assets

Attack vectors

The pathways attackers use to penetrate security defenses

Authentication

The process of verifying who someone is

Authorization

The concept of granting access to specific resources in a system

Authorize

The sixth step of the NIST RMF that refers to being accountable for the security and privacy risks that might exist in an organization

Automation

The use of technology to reduce human and manual effort to perform common and repetitive tasks

Availability

The idea that data is accessible to those who are authorized to access it

Baiting

A social engineering tactic that tempts people into compromising their security

Bandwidth

The maximum data transmission capacity over a network, measured by bits per second

Baseline configuration (baseline image)

A documented set of specifications within a system that is used as a basis for future builds, releases, and updates

Bash

The default shell in most Linux distributions

Basic auth

The technology used to establish a user’s request to access a server

Basic Input/Output System (BIOS)

A microchip that contains loading instructions for the computer and is prevalent in older systems

Biometrics

The unique physical characteristics that can be used to verify a person’s identity

Bit

The smallest unit of data measurement on a computer

Boolean data

Data that can only be one of two values: either True or False

Bootloader

A software program that boots the operating system

Botnet

A collection of computers infected by malware that are under the control of a single threat actor, known as the “bot-herder"

Bracket notation

The indices placed in square brackets

Broken chain of custody

Inconsistencies in the collection and logging of evidence in the chain of custody

Brute force attack

The trial and error process of discovering private information

Bug bounty

Programs that encourage freelance hackers to find and report vulnerabilities

Built-in function

A function that exists within Python and can be called directly

Business continuity

An organization's ability to maintain their everyday productivity by establishing risk disaster recovery plans

Business continuity plan (BCP)

A document that outlines the procedures to sustain business operations during and after a significant disruption

Business Email Compromise (BEC)

A type of phishing attack where a threat actor impersonates a known source to obtain financial advantage

Categorize

The second step of the NIST RMF that is used to develop risk management processes and tasks

Central Processing Unit (CPU)

A computer’s main processor, which is used to perform general computing tasks on a computer

Chain of custody

The process of documenting evidence possession and control during an incident lifecycle

Cipher

An algorithm that encrypts information

Cloud-based firewalls

Software firewalls that are hosted by the cloud service provider

Cloud computing

The practice of using remote servers, applications, and network services that are hosted on the internet instead of on local physical devices

Cloud network

A collection of servers or computers that stores resources and data in remote data centers that can be accessed via the internet

Cloud security

The process of ensuring that assets stored in the cloud are properly configured and access to those assets is limited to authorized users

Command

An instruction telling the computer to do something

Command and control (C2)

The techniques used by malicious actors to maintain communications with compromised systems

Command-line interface (CLI)

A text-based user interface that uses commands to interact with the computer

Comment

A note programmers make about the intention behind their code

Common Event Format (CEF

A log format that uses key-value pairs to structure data and identify fields and their corresponding values

Common Vulnerabilities and Exposures (CVE®) list

An openly accessible dictionary of known vulnerabilities and exposures

Common Vulnerability Scoring System (CVSS)

A measurement system that scores the severity of a vulnerability

Compliance

The process of adhering to internal standards and external regulations

Computer security incident response teams (CSIRT)

A specialized group of security professionals that are trained in incident management and response

Computer virus

Malicious code written to interfere with computer operations and cause damage to data and software

Conditional statement

A statement that evaluates code to determine if it meets a specified set of conditions

Confidentiality

The idea that only authorized users can access specific assets or data

Confidential data

Data that often has limits on the number of people who have access to it

Confidentiality, integrity, availability (CIA) triad

A model that helps inform how organizations consider risk when setting up systems and security policies

Configuration file

A file used to configure the settings of an application

Containment

The act of limiting and preventing additional damage caused by an incident

Controlled zone

A subnet that protects the internal network from the uncontrolled zone

Cross-site scripting (XSS)

An injection attack that inserts code into a vulnerable website or web application

Crowdsourcing

The practice of gathering information using public input and collaboration

Cryptographic attack

An attack that affects secure forms of communication between a sender and intended recipient

Cryptographic key

A mechanism that decrypts ciphertext

Cryptography

The process of transforming information into a form that unintended readers can’t understand

Cryptojacking

A form of malware that installs software to illegally mine cryptocurrencies

CVE Numbering Authority (CNA)

An organization that volunteers to analyze and distribute information on eligible CVEs

Cybersecurity (or security)

the practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation

Data

Information that is translated, processed, or stored by a computer

Data at rest

Data not currently being accessed

Database

An organized collection of information or data

Data controller

A person that determines the procedure and purpose for processing data

Data custodian

Anyone or anything that’s responsible for the safe handling, transport, and storage of information

Data exfiltration

Unauthorized transmission of data from a system

Data in transit

Data traveling from one point to another

Data in use

Data being accessed by one or more users

Data owner

The person who decides who can access, edit, use, or destroy their information

Data packet

A basic unit of information that travels from one device to another within a network

Data point

A specific piece of information

Data processor

A person that is responsible for processing data on behalf of the data controller

Data protection officer (DPO)

An individual that is responsible for monitoring the compliance of an organization's data protection procedures

Data type

A category for a particular type of data item

Date and time data

Data representing a date and/or time

Debugger

A software tool that helps to locate the source of an error and assess its causes

Debugging

The practice of identifying and fixing errors in code

Defense in depth

A layered approach to vulnerability management that reduces risk