Documents

Glossary

Common Cybersecurity Terminology

Posted: Sep 21, 2017


Related Documents (1)

Summary

Access

The ability and means to communicate with or otherwise interact with a system, to use system resources to handle information, to gain knowledge of the information the system contains, or to control system components and functions.

From: CNSSI 4009

Access control

The process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities.

Related Term(s): access control mechanism Adapted from: CNSSI 4009

Access control mechanism

Security measures designed to detect and deny unauthorized access and permit authorized access to an information system or a physical facility.

Adapted from: CNSSI 4009

Active attack

An actual assault perpetrated by an intentional threat source that attempts to alter a system, its resources, its data, or its operations.

Related Term(s): passive attack

Adapted from: IETF RFC 4949, NIST SP 800-63 Rev 1

Advanced persistent threat

An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception).

From: NIST SP 800-53 Rev 4

Adversary

An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.

Related Term(s): threat agent, attacker From: DHS Risk Lexicon

Air gap

To physically separate or isolate a system from other systems or networks (verb).

The physical separation or isolation of a system from other systems or networks (noun).

Alert

A notification that a specific attack has been detected or directed at an organization’s information systems.

Adapted from: CNSSI 4009

Antispyware software

A program that specializes in detecting and blocking or removing forms of spyware.

Related Term(s): spyware Adapted from: NCSD Glossary

Antivirus software

A program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents. Sometimes by removing or neutralizing the malicious code.

Adapted from: NCSD Glossary

Asset

A person, structure, facility, information, and records, information technology systems and resources, material, process, relationships, or reputation that has value.

Adapted from: DHS Risk Lexicon

Attack

An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity.

The intentional act of attempting to bypass one or more security services or controls of an information system.

Related Term(s): active attack, passive attack Synonym(s): hack

From: NCSD Glossary. NTSSI 4009 (2000), CNSSI 4009

Attack method

The manner or technique and means an adversary may use in an assault on information or an information system.

Synonym(s): attack mode

Adapted from: DHS Risk Lexicon, NCSD Glossary

Attack path

The steps that an adversary takes or may take to plan, prepare for, and execute an attack.

Adapted from: DHS Risk Lexicon, NCSD Glossary

Attack pattern

Similar cyber events or behaviors that may indicate an attack has occurred or is occurring, resulting in a security violation or a potential security violation.

For software, descriptions of common methods for exploiting software systems.

Related Term(s): attack signature

Adapted from: Oak Ridge National Laboratory Visualization Techniques for Computer Network Defense, MITRE's CAPEC web site

Attack signature

A characteristic or distinctive pattern that can be searched for or that can be used in matching to previously identified attacks.

Related Term(s): attack pattern

Adapted from: NCSD Glossary, CNSSI 4009, ISSG V1.2 Database

Attack surface

The set of ways in which an adversary can enter a system and potentially cause damage.

An information system's characteristics that permit an adversary to probe, attack, or maintain presence in the information system.

Adapted from: Manadhata, P.K., & Wing, J.M. in Attack Surface Measurement; DHS personnel

Attacker

An individual, group, organization, or government that executes an attack.

A party acting with malicious intent to compromise an information system.

Related Term(s): adversary, threat agent

Adapted from: Barnum & Sethi (2006), NIST SP 800- 63 Rev 1

Authentication

The process of verifying the identity or other attributes of an entity (user, process, or device).

Also the process of verifying the source and integrity of data.

Adapted from: CNSSI 4009, NIST SP 800-21, NISTIR 7298

Authenticity

A property achieved through cryptographic methods of being genuine and being able to be verified and trusted, resulting in confidence in the validity of a transmission, information or a message, or sender of information or a message.

Related Term(s): integrity, non-repudiation

Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4

Authorization

A process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource.

The process or act of granting access privileges or the access privileges as granted.

From: OASIS SAML Glossary 2.0; Adapted from CNSSI 4009

Availability

The property of being accessible and usable upon demand. In cybersecurity, applies to assets such as information or information systems.

Related Term(s): confidentiality, integrity

Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4,

44 U.S.C., Sec 3542

Black-box testing

A test methodology that assumes no knowledge of the internal structure and implementation detail of the assessment object.

Synonym(s): basic testing Adapted from: NIST SP 800-53A

Behavior monitoring

Observing activities of users, information systems, and processes and measuring the activities against organizational policies and rule, baselines of normal activity, thresholds, and trends.

Adapted from: DHS personnel

Blacklist

A list of entities that are blocked or denied privileges or access.

Related Term(s): whitelist Adapted from: DHS personnel Bot

A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under remote the command and control of a remote administrator.

A member of a larger collection of compromised computers known as a botnet.

Related Term(s): botnet

Botnet

A collection of computers compromised by malicious code and controlled across a network.

Breach

Compromise of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to protected information.

Adapted from: ISO/IEC 27040 Related Term(s): data breach Synonym(s): compromise

Buffer Overflow

A condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information. Attackers exploit such a condition to crash a system or to insert specially crafted code that allows them to gain control of the system.

From: SP 800-28; CNSSI-4009

Bug

An unexpected and relatively small defect, fault, flaw, or imperfection in an information system or device.

Adapted from: NCSD Glossary

Build Security In

A set of principles, practices, and tools to design, develop, and evolve information systems and software that enhance resistance to vulnerabilities, flaws, and attacks.

Adapted from: Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program (2011), US-CERT's Build Security In website.

Capability

The means to accomplish a mission, function, or objective.

Related Term(s): intent

Adapted from: DHS Risk Lexicon

Ciphertext

Data or information in its encrypted form. Related Term(s): plaintext

From: CNSSI 4009

Cloud computing

A model for enabling on-demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Adapted from: CNSSI 4009, NIST SP 800-145

Common Vulnerabilities and Exposures (CVE) A dictionary of common names for publicly known information system vulnerabilities.

From: SP 800-51; CNSSI-4009

Compromise

Disclosure of information to unauthorized persons, or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred.

From: SP 800-32, CNSSI-4009

Synonym(s): breach

Computer network defense

The actions taken to defend against unauthorized activity within computer networks.

From: CNSSI 4009

Confidentiality

A property that information is not disclosed to users, processes, or devices unless they have been authorized to access the information.

Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.

Related Term(s): availability, integrity

Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4,

44 U.S.C., Sec 3542

Consequence

The effect of an event, incident, or occurrence.

In cybersecurity, the effect of a loss of confidentiality, integrity or availability of information or an information system on an organization's operations, its assets, on individuals, other organizations, or on national interests.

Adapted from: DHS Risk Lexicon, National Infrastructure Protection Plan, NIST SP 800-53 Rev 4

Continuity of operations plan

A document that sets forth procedures for the continued performance of core capabilities and critical operations during any disruption or potential disruption.

Related Term(s): Business Continuity Plan, Disaster Recovery Plan, Contingency Plan

Adapted from: CPG 101, CNSSI 4009

Critical infrastructure

The systems and assets, whether physical or virtual, so vital to society that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters.

Related Term(s): key resource

Adapted from: National Infrastructure Protection Plan

Cryptographic algorithm

A well-defined computational procedure that takes variable inputs, including a cryptographic key, and produces an output.

Related Term(s): key, encryption, decryption, symmetric key, asymmetric key

From: CNSSI 4009

Cryptography

The use of mathematical techniques to provide security services, such as confidentiality, data integrity, entity authentication, and data origin authentication.

The art or science concerning the principles, means, and methods for converting plaintext into ciphertext and for restoring encrypted ciphertext to plaintext.

Related Term(s): plaintext, ciphertext, encryption, decryption

From: NIST SP 800-130; Adapted from: CNSSI 4009

Cyber ecosystem

The interconnected information infrastructure of interactions among persons, processes, data, and information and communications technologies, along with the environment and conditions that influence those interactions.

Adapted from: DHS personnel

Cyber exercise

A planned event during which an organization simulates a cyber disruption to develop or test capabilities such as preventing, detecting, mitigating, responding to or recovering from the disruption.

Adapted from: NCSD Glossary, DHS Homeland Security Exercise and Evaluation Program

Cyber infrastructure

An electronic information and communications systems and services and the information contained therein.

The information and communications systems and services composed of all hardware and software that process, store, and communicate information, or any combination of all of these elements:

  • Processing includes the creation, access, modification, and destruction of information.
  • Storage includes paper, magnetic, electronic, and all other media types.
  • Communications include sharing and distribution of information.

Adapted from: NIPP

Cybersecurity

The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation.

Strategy, policy, and standards regarding the security of and operations in cyberspace, and encompass[ing] the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure.

Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4, NIPP, DHS National Preparedness Goal; White House Cyberspace Policy Review, May 2009

Cyberspace

The interdependent network of information technology infrastructures, that includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers.

Adapted from: NSPD 54/HSPD -23, CNSSI 4009, NIST SP 800-53 Rev 4

Data aggregation

The process of gathering and combining data from different sources, so that the combined data reveals new information.

The new information is more sensitive than the individual data elements themselves and the person who aggregates the data was not granted access to the totality of the information.

Related Term(s): data mining Adapted from: CNSSI 4009

Data breach

The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information.

Related Term(s): data loss, data theft, exfiltration

Data integrity

The property that data is complete, intact, and trusted and has not been modified or destroyed in an unauthorized or accidental manner.

Related Term(s): integrity, system integrity Adapted from: CNSSI 4009, NIST SP 800-27

Data loss

The result of unintentionally or accidentally deleting data, forgetting where it is stored, or exposure to an unauthorized party.

Related Term(s): data leakage, data theft

Data loss prevention

A set of procedures and mechanisms to stop sensitive data from leaving a security boundary.

Related Term(s): data loss, data theft, data leak

Adapted from: Liu, S., & Kuhn, R. (2010, March/April). Data loss prevention. IEEE IT Professional, 11(2), pp. 10-13.

Data mining

The process or techniques used to analyze large sets of existing information to discover previously unrevealed patterns or correlations.

Related Term(s): data aggregation Adapted from: DHS personnel

Data theft

The deliberate or intentional act of stealing of information.

Related Term(s): data aggregation, data leakage, data loss

Decipher

To convert enciphered text to plain text by means of a cryptographic system.

Synonym(s): decode, decrypt From: CNSSI 4009

Decode

To convert encoded text to plain text by means of a code.

Synonym(s): decipher, decrypt From: CNSSI 4009

Decrypt

A generic term encompassing decode and decipher. Synonym(s): decipher, decode

From: CNSSI 4009

Decryption

The process of transforming ciphertext into its original plaintext.

The process of converting encrypted data back into its original form, so it can be understood.

Synonym(s): decode, decrypt, decipher

Adapted from: ICAM SAML 2.0 WB SSO Profile 1.0.2

Denial of service

An attack that prevents or impairs the authorized use of information system resources or services.

Adapted from: NCSD Glossary

Digital forensics

The processes and specialized techniques for gathering, retaining, and analyzing system-related data (digital evidence) for investigative purposes.

Synonym(s): computer forensics, forensics Adapted from: CNSSI 4009;

Digital rights management

A form of access control technology to protect and manage use of digital content or devices in accordance with the content or device provider's intentions.

Digital signature

A value computed with a cryptographic process using a private key and then appended to a data object, thereby digitally signing the data.

Related Term(s): electronic signature

Adapted from: CNSSI 4009, IETF RFC 2828, ICAM

SAML 2.0 WB SSO Profile 1.0.2, InCommon Glossary, NIST SP 800-63 Rev 1

Disruption

An event which causes unplanned interruption in operations or functions for an unacceptable length of time.

Adapted from: CNSSI 4009

Distributed denial of service

A denial of service technique that uses numerous systems to perform the attack simultaneously.

Related Term(s): denial of service, botnet Adapted from: CNSSI 4009

Dynamic attack surface

The automated, on-the-fly changes of an information system's characteristics to thwart actions of an adversary.

Adapted from: DHS personnel

Easter Egg

Hidden functionality within an application program, which becomes activated when an undocumented, and often convoluted, set of commands and keystrokes are entered. Easter eggs are typically used to display the credits for the development team and are intended to be nonthreatening.

From: SP 800-28

Electronic signature

Any mark in electronic form associated with an electronic document, applied with the intent to sign the document.

Related Term(s): digital signature Adapted from: CNSSI 4009

Encipher

To convert plaintext to ciphertext by means of a cryptographic system.

Synonym(s): encode, encrypt From: CNSSI 4009

Encode

To convert plaintext to ciphertext by means of a code. Synonym(s): encipher, encrypt

From: CNSSI 4009

Encrypt

The generic term encompassing encipher and encode. Synonym(s): encipher, encode

From: CNSSI 4009

Encryption

The process of transforming plaintext into ciphertext.

Converting data into a form that cannot be easily understood by unauthorized people.

Synonym(s): encode, encrypt, encipher

Adapted from: CNSSI 4009, ICAM SAML 2.0 WB

SSO Profile 1.0.2

Enterprise risk management

A comprehensive approach to risk management that engages people, processes, and systems across an organization to improve the quality of decision making for managing risks that may hinder an organization’s ability to achieve its objectives.

Involves identifying mission dependencies on enterprise capabilities, identifying and prioritizing risks due to defined threats, implementing countermeasures to provide both a static risk posture and an effective dynamic response to active threats; and assessing enterprise performance against threats and adjusts countermeasures as necessary.

Related Term(s): risk management, integrated risk management, risk

Adapted from: DHS Risk Lexicon, CNSSI 4009

Event

An observable occurrence in an information system or network.

Sometimes provides an indication that an incident is occurring or at least raise the suspicion that an incident may be occurring.

Related Term(s): incident Adapted from: CNSSI 4009

Exfiltration

The unauthorized transfer of information from an information system.

Related Term(s): data breach From: NIST SP 800-53 Rev 4

Exploit

A technique to breach the security of a network or information system in violation of security policy.

Adapted from: ISO/IEC 27039 (draft), DHS personnel

Exposure

The condition of being unprotected, thereby allowing access to information or access to capabilities that an attacker can use to enter a system or network.

Adapted from: NCSD glossary

Failure

The inability of a system or component to perform its required functions within specified performance requirements.

From: NCSD Glossary

Firewall

A capability to limit network traffic between networks and/or information systems.

A hardware/software device or a software program that limits network traffic according to a set of rules of what access is and is not allowed or authorized.

Adapted from: CNSSI 4009

Hack

An unauthorized attempt to or gains access to an information system.

Related Term(s): hacker Synonym(s): attack Adapted from: CNSSI 4009

Hacker

An unauthorized user who attempts to or gains access to an information system.

From: CNSSI 4009

Hash value

A numeric value resulting from applying a mathematical algorithm against a set of data such as a file.

Synonym(s): cryptographic hash value Related Term(s): hashing

Adapted from: CNSSI 4009

Hashing

A process of applying a mathematical algorithm against a set of data to produce a numeric value (a 'hash value') that represents the data.

Mapping a bit string of arbitrary length to a fixed length bit string to produce the hash value.

Related Term(s): hash value

Adapted from: CNSSI 4009, FIPS 201-2

Hazard

A natural or man-made source or cause of harm or difficulty.

Related Term(s): threat From: DHS Risk Lexicon

ICT supply chain threat

A man-made threat achieved through exploitation of the information and communications technology (ICT) system’s supply chain, including acquisition processes.

Related Term(s): supply chain, threat From: DHS SCRM PMO

Identity and access management

The methods and processes used to manage subjects and their authentication and authorizations to access specific objects.

Incident

An occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences.

An occurrence that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.

Related Term(s): event

Adapted from: CNSSI 4009, FIPS 200, NIST SP 800-

53 Rev 4, ISSG

Incident management

The management and coordination of activities associated with an actual or potential occurrence of an event that may result in adverse consequences to information or information systems.

Adapted from: NCSD Glossary, ISSG NCPS Target Architecture Glossary

Incident response

The activities that address the short-term, direct effects of an incident and may also support short-term recovery.

Synonym(s): response Related Term(s): recovery Incident response plan

A set of predetermined and documented procedures to detect and respond to a cyber incident.

Adapted from: CNSSI 4009

Indicator

An occurrence or sign that an incident may have occurred or may be in progress.

Related Term(s): precursor

Adapted from: CNSSI 4009, NIST SP 800-61 Rev 2 (DRAFT), ISSG V1.2 Database

Information and communication(s) technology Any information technology, equipment, or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information.

Related Term(s): information technology

Adapted from: The Access Board's 2011 Advance Notice of Proposed Rulemaking for Section 508

Information assurance

The measures that protect and defend information and information systems by ensuring their availability, integrity, and confidentiality.

Related Term(s): information security Adapted from: CNSSI 4009 Information security policy

An aggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information.

Related Term(s): security policy

From: CNSSI 4009; NIST SP 800-53 Rev 4

Information sharing

An exchange of data, information, and/or knowledge to manage risks or respond to incidents.

Adapted from: NCSD glossary

Information system resilience

The ability of an information system to: (1) continue to operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (2) recover effectively in a timely manner.

Related Term(s): resilience

Adapted from: NIST SP 800-53 Rev 4

Information technology

Any equipment or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information.

Related Term(s): information and communication(s) technology

Adapted from: CNSSI 4009, NIST SP 800-53 rev. 4,

based on 40 U.S.C. sec. 1401

Inside(r) threat

A person or group of persons within an organization who pose a potential risk through violating security policies.

One or more individuals with the access and/or inside knowledge of a company, organization, or enterprise that would allow them to exploit the vulnerabilities of that entity's security, systems, services, products, or facilities with the intent to cause harm.

Adapted from: CNSSI 4009; From: NIAC Final Report and Recommendations on the Insider Threat to Critical Infrastructure, 2008

Integrated risk management

The structured approach that enables an enterprise or organization to share risk information and risk analysis and to synchronize independent yet complementary risk management strategies to unify efforts across the enterprise.

Related Term(s): risk management, enterprise risk management

Adapted from: DHS Risk Lexicon

Integrity

The property whereby information, an information system, or a component of a system has not been modified or destroyed in an unauthorized manner.

A state in which information has remained unaltered from the point it was produced by a source, during transmission, storage, and eventual receipt by the destination.

Related Term(s): availability, confidentiality, data integrity, system integrity

Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4, 44 U.S.C., Sec 3542, SANS; From SAFE-BioPharma Certificate Policy 2.5

Interoperability

The ability of two or more systems or components to exchange information and to use the information that has been exchanged.

Adapted from: IEEE Standard Computer Dictionary, DHS personnel

Intrusion

An unauthorized act of bypassing the security mechanisms of a network or information system.

Synonym(s): penetration Adapted from: CNSSI 4009

Intrusion detection

The process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred.

Adapted from: CNSSI 4009, ISO/IEC 27039 (draft)

Investigation

A systematic and formal inquiry into a qualified threat or incident using digital forensics and perhaps other traditional criminal inquiry techniques to determine the events that transpired and to collect evidence.

Adapted from: ISSG V1.2 Database; Conrad, E., Misenauer, S., & Feldman, J. (2010). CISSP® Study Guide. Burlington, MA: Syngress;

Key

The numerical value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification.

Related Term(s): private key, public key, secret key, symmetric key

From: CNSSI 4009

Key pair

A public key and its corresponding private key. Two mathematically related keys having the property that one key can be used to encrypt a message that can only be decrypted using the other key.

Related Term(s): private key, public key

Adapted from: CNSSI 4009, Federal Bridge Certificate Authority Certification Policy 2.25

Key resource

A publicly or privately controlled asset necessary to sustain continuity of government and/or economic operations, or an asset that is of great historical significance.

Related Term(s): critical infrastructure From: NCSD glossary

Keylogger

Software or hardware that tracks keystrokes and keyboard events, usually surreptitiously / secretly, to monitor actions by the user of an information system.

Related Term(s): spyware

Macro virus

A type of malicious code that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute, replicate, and spread or propagate itself.

Related Term(s): virus Adapted from: CNSSI 4009

Malicious applet

A small application program that is automatically downloaded and executed and that performs an unauthorized function on an information system.

Related Term(s): malicious code From: CNSSI 4009

Malicious code

Program code intended to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system.

Related Term(s): malicious logic

Adapted from: CNSSI 4009. NIST SP 800-53 Rev 4

Malicious logic

Hardware, firmware, or software that is intentionally included or inserted in a system to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system.

Related Term(s): malicious code Adapted from: CNSSI 4009

Malware

Software that compromises the operation of a system by performing an unauthorized function or process.

Synonym(s): malicious code, malicious applet, malicious logic

Adapted from: CNSSI 4009, NIST SP 800-83

Mitigation

The application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences.

Implementing appropriate risk-reduction controls based on risk management priorities and analysis of alternatives.

Adapted from: DHS Risk Lexicon, CNSSI 4009, NIST SP 800-53 Rev 4

Moving target defense

The presentation of a dynamic attack surface, increasing an adversary's work factor necessary to probe, attack, or maintain presence in a cyber target.

From: DHS personnel

Network resilience

The ability of a network to: (1) provide continuous operation (i.e., highly resistant to disruption and able to operate in a degraded mode if damaged); (2) recover effectively if failure does occur; and (3) scale to meet rapid or unpredictable demands.

Adapted from: CNSSI 4009

Non-repudiation

A property achieved through cryptographic methods to protect against an individual or entity falsely denying having performed a particular action related to data.

Provides the capability to determine whether a given individual took a particular action such as creating information, sending a message, approving information, and receiving a message.

Related Term(s): integrity, authenticity

Adapted from: CNSSI 4009; From: NIST SP 800-53 Rev 4

Object

A passive information system-related entity containing or receiving information.

Related Term(s): subject, access, access control Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4

Operational exercise

An action-based exercise where personnel rehearse reactions to an incident scenario, drawing on their understanding of plans and procedures, roles, and responsibilities.

Adapted from: DHS Homeland Security Exercise and Evaluation Program

Outside(r) threat

A person or group of persons external to an organization who are not authorized to access its assets and pose a potential risk to the organization and its assets.

Related Term(s): inside(r) threat Adapted from: CNSSI 4009

Packet sniffer

Software that observes and records network traffic. From: CNSSI-4009

Passive attack

An actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations.

Related Term(s): active attack

Adapted from: IETF RFC 4949, NIST SP 800-63 Rev 1

Password

A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization.

From: FIPS 140-2

Penetration testing

An evaluation methodology whereby assessors search for vulnerabilities and attempt to circumvent the security features of a network and/or information system.

Adapted from: NCSD Glossary, CNSSI 4009, NIST SP 800-53 Rev 4

Personal identifying information / Personally identifiable information (PII)

The information that permits the identity of an individual to be directly or indirectly inferred.

Adapted from: NCSD Glossary, CNSSI 4009, GAO Report 08-356, as cited in NIST SP 800-63 Rev 1

Phishing

A digital form of social engineering to deceive individuals into providing sensitive information.

Adapted from: NCSD Glossary, CNSSI 4009, NIST SP 800-63 Rev 1

Plaintext

Unencrypted information. Related Term(s): ciphertext From: CNSSI 4009

Port

A physical entry or exit point of a cryptographic module that provides access to the module for physical signals, represented by logical information flows (physically separated ports do not share the same physical pin or wire).

From: FIPS 140-2

Port Scanning

Using a program to remotely determine which ports on a system are open (e.g., whether systems allow connections through those ports).

From: CNSSI-4009

Precursor

An observable occurrence or sign that an attacker may be preparing to cause an incident.

Related Term(s): indicator

Adapted from: CNSSI 4009, NIST SP 800-61 Rev 2 (DRAFT)

Preparedness

The activities to build, sustain, and improve readiness capabilities to prevent, protect against, respond to, and recover from natural or manmade incidents.

Adapted from: NIPP

Privacy

The assurance that the confidentiality of, and access to, certain information about an entity is protected.

The ability of individuals to understand and exercise control over how information about themselves may be used by others.

From: NIST SP 800-130; Adapted from: DHS personnel

Private key

A cryptographic key that must be kept confidential and is used to enable the operation of an asymmetric (public key) cryptographic algorithm.

The secret part of an asymmetric key pair that is uniquely associated with an entity.

Related Term(s): public key, asymmetric cryptography

Adapted from: CNSSI 4009, NIST SP 800-63 Rev 1, FIPS 201-2, FIPS 140-2, Federal Bridge Certificate Authority Certification Policy 2.25

Probe

A technique that attempts to access a system to learn something about the system.

From: CNSSI-4009

Public key

A cryptographic key that may be widely published and is used to enable the operation of an asymmetric (public key) cryptographic algorithm.

The public part of an asymmetric key pair that is uniquely associated with an entity and that may be made public.

Related Term(s): private key, asymmetric cryptography

Adapted from: CNSSI 4009, NIST SP 800-63 Rev 1, FIPS 201-2, FIPS 140-2, Federal Bridge Certificate Authority Certification Policy 2.25

Public key cryptography

A branch of cryptography in which a cryptographic system or algorithms use two uniquely linked keys: a public key and a private key (a key pair).

Synonym(s): asymmetric cryptography, public key encryption

Adapted from: CNSSI 4009, FIPS 140-2, InCommon Glossary

Public key infrastructure

A framework consisting of standards and services to enable secure, encrypted communication and authentication over potentially insecure networks such as the Internet.

A framework and services for generating, producing, distributing, controlling, accounting for, and revoking (destroying) public key certificates.

Adapted from: CNSSI 4009, IETF RFC 2828, Federal Bridge Certificate Authority Cross-certification

Methodology 3.0, InCommon Glossary, Kantara Identity Assurance Framework 1100, NIST SP 800-63 Rev 1

Quarantine

Store files containing malware in isolation for future disinfection or examination.

From: SP 800-69

Recovery

The activities after an incident or event to restore essential services and operations in the short and medium term and fully restore all capabilities in the longer term.

Adapted from: NIPP

Red Team

A group authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s cybersecurity posture.

Related Term(s): Blue Team, White Team Adapted from: CNSSI 4009

Red Team exercise

An exercise, reflecting real-world conditions, that is conducted as a simulated attempt by an adversary to attack or exploit vulnerabilities in an enterprise's information systems.

Related Term(s): cyber exercise Adapted from: NIST SP 800-53 Rev 4

Redundancy

Additional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process.

From: DHS Risk Lexicon

Resilience

The ability to adapt to changing conditions and prepare for, withstand, and rapidly recover from disruption.

From: DHS Risk Lexicon

Response

The activities that address the short-term, direct effects of an incident and may also support short-term recovery.

In cybersecurity, response encompasses both automated and manual activities.

Related Term(s): recovery

Adapted from: National Infrastructure Protection Plan, NCPS Target Architecture Glossary

Risk

The potential for an unwanted or adverse outcome resulting from an incident, event, or occurrence, as determined by the likelihood that a particular threat will exploit a particular vulnerability, with the associated consequences.

Adapted from: DHS Risk Lexicon, NIPP and adapted from: CNSSI 4009, FIPS 200, NIST SP 800-53 Rev 4,

SAFE-BioPharma Certificate Policy 2.5

Risk analysis

The systematic examination of the components and characteristics of risk.

Related Term(s): risk assessment, risk From: DHS Risk Lexicon

Risk assessment

The product or process which collects information and assigns values to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making.

The appraisal of the risks facing an entity, asset, system, or network, organizational operations, individuals, geographic area, other organizations, or society, and includes determining the extent to which adverse circumstances or events could result in harmful consequences.

Related Term(s): risk analysis, risk

Adapted from: DHS Risk Lexicon, CNSSI 4009, NIST SP 800-53 Rev 4

Risk management

The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.

Risk management includes: 1) conducting a risk assessment; 2) implementing strategies to mitigate risks; 3) continuous monitoring of risk over time; and

4) documenting the overall risk management program.

Related Term(s): enterprise risk management, integrated risk management, risk

From: DHS Risk Lexicon and Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4

Risk-based data management

A structured approach to managing risks to data and information by which an organization selects and applies appropriate security controls in compliance with policy and commensurate with the sensitivity and value of the data.

Adapted from: DHS personnel

Rootkit

A set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges, and conceal the activities conducted by the tools.

Adapted from: CNSSI 4009

Secret key

A cryptographic key that is used for both encryption and decryption, enabling the operation of a symmetric key cryptography scheme.

Also, a cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption of plaintext and decryption of ciphertext.

Related Term(s): symmetric key Adapted from: CNSSI 4009

Security automation

The use of information technology in place of manual processes for cyber incident response and management.

Adapted from: DHS personnel

Security policy

A rule or set of rules that govern the acceptable use of an organization's information and services to a level of acceptable risk and the means for protecting the organization's information assets.

A rule or set of rules applied to an information system to provide security services.

Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4, NIST SP 800-130, OASIS SAML Glossary 2.0

Signature

A recognizable, distinguishing pattern. Types of signatures: attack signature, digital signature, electronic signature.

From: CNSSI 4009; Adapted from: NIST SP 800-94

Situational awareness

Comprehending information about the current and developing security posture and risks, based on information gathered, observation and analysis, and knowledge or experience.

In cybersecurity, comprehending the current status and security posture with respect to availability, confidentiality, and integrity of networks, systems, users, and data, as well as projecting future states of these.

Adapted from: CNSSI 4009, DHS personnel, National Response Framework

Software assurance

The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner.

From: CNSSI 4009

Spam

The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.

Adapted from: CNSSI 4009

Spoofing

Faking the sending address of a transmission to gain illegal [unauthorized] entry into a secure system.

The deliberate inducement of a user or resource to take incorrect action. Note: Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing.

From: CNSSI 4009

Spyware

Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.

Related Term(s): keylogger

Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4

Subject

An individual, process, or device causing information to flow among objects or a change to the system state. An active entity.

Related Term(s): object, access, access control Adapted from: NIST SP 800-53 Rev 4., CNSSI 4009

 

Supply chain

A system of organizations, people, activities, information and resources, for creating and moving products including product components and/or services from suppliers through to their customers.

Related Term(s): supply chain risk management Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4 Supply Chain Risk Management

The process of identifying, analyzing, and assessing supply chain risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.

Related Term(s): supply chain

Adapted from: DHS Risk Lexicon, CNSSD 505

Symmetric cryptography

A branch of cryptography in which a cryptographic system or algorithms use the same secret key (a shared secret key).

Adapted from: CNSSI 4009, SANS

Symmetric key

A cryptographic key that is used to perform both the cryptographic operation and its inverse, for example to encrypt plaintext and decrypt ciphertext, or create a message authentication code and to verify the code.

Also, a cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption of plaintext and decryption of ciphertext.

Related Term(s): secret key From: CNSSI 4009

System integrity

The attribute of an information system when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.

Related Term(s): integrity, data integrity From: CNSSI 4009

System owner

Person or organization having responsibility for the development, procurement, integration, modification, operation and maintenance, and/or final disposition of an information system.

From: CNSSI-4009

Tabletop exercise

A discussion-based exercise where personnel meet in a classroom setting or breakout groups and are presented with a scenario to validate the content of plans, procedures, policies, cooperative agreements or other information for managing an incident.

Adapted from: NCSD Glossary, DHS Homeland Security Exercise and Evaluation Program

Tailored trustworthy space

A cyberspace environment that provides a user with confidence in its security, using automated mechanisms to ascertain security conditions and adjust the level of security based on the user's context and in the face of an evolving range of threats.

Adapted from: National Science and Technology Council's Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program

Target of Attack

An information system, part of a system, or product, and all associated documentation, that is the subject of an attack.

Adapted from: CNSSI-4009

Threat

A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society.

Includes an individual or group of individuals, entity such as an organization or a nation), action, or occurrence.

Adapted from: DHS Risk Lexicon, NIPP, CNSSI 4009, NIST SP 800-53 Rev 4

Threat agent

An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.

Related Term(s): adversary, attacker Adapted from: DHS Risk Lexicon

Threat analysis

The detailed evaluation of the characteristics of individual threats.

Adapted from: DHS personnel

Threat assessment

The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations, and/or property.

Related Term(s): threat analysis

From: DHS Risk Lexicon and adapted from: CNSSI 4009, NIST SP 800-53, Rev 4

Ticket

In access control, data that authenticates the identity of a client or a service and, together with a temporary encryption key (a session key), forms a credential.

Adapted from: IETF RFC 4120 Kerberos V5, July 2005; Conrad, E., Misenauer, S., & Feldman, J. (2010). CISSP® Study Guide. Burlington, MA: Syngress

Traffic light protocol

A set of designations employing four colors (RED, AMBER, GREEN, and WHITE) used to ensure that sensitive information is shared with the correct audience.

Adapted from: US-CERT

Trojan horse

A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.

From: CNSSI 4009

Unauthorized access

Any access that violates the stated security policy. From: CNSSI 4009

Virus

A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer.

Related Term(s): macro virus Adapted from: CNSSI 4009

Vulnerability

A characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard.

Characteristic of location or security posture or of design, security procedures, internal controls, or the implementation of any of these that permit a threat or hazard to occur. Vulnerability (expressing degree of vulnerability): qualitative or quantitative expression of the level of susceptibility to harm when a threat or hazard is realized.

Related Term(s): weakness

Adapted from: DHS Risk Lexicon, CNSSI 4009, NIST SP 800-53 Rev 4

Weakness

A shortcoming or imperfection in software code, design, architecture, or deployment that, under proper conditions, could become a vulnerability or contribute to the introduction of vulnerabilities.

Related Term(s): vulnerability

Adapted from: ITU-T X.1520 CWE, FY 2013 CIO

FISMA Reporting Metrics

Whitelist

A list of entities that are considered trustworthy and are granted access or privileges.

Related Term(s): blacklist Adapted from: DHS personnel

Work factor

An estimate of the effort or time needed by a potential adversary, with specified expertise and resources, to overcome a protective measure.

Adapted from: CNSSI 4009

Worm

A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.

From: CNSSI 4009


Tags:

security
 
 
Close