| Active Attack | An actual assault perpetrated by an intentional threat source that attempts to alter a system, its resources, its data, or its operations. |
| Advanced Persistent Threat | An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). |
| Adware | Software or code that shows unwanted ads such as pop-ups on a device |
| Adversary | An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities. |
| Alert | A notification that a specific attack has been detected or directed at an organization’s information systems. |
| Allowlist | A list of entities that are considered trustworthy and are granted access or privileges. |
| Attack | An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity. |
| Attack Method | The manner or technique and means an adversary may use in an assault on information or an information system. |
| Attacker | An individual, group, organization, or government that executes an attack. |
| Authentication | The process of verifying the identity or other attributes of an entity (user, process, or device). |
| Blocklist | A list of entities that are blocked or denied privileges or access. |
| Business Email Compromise / CEO Fraud | A form of phishing in which the attacker obtains access to the business email account of a person in authority and sends emails to employees or students that appears to be from the person in authority, but instead are malicious attacks with the goal of financial gain |
| CIO | Chief Information Officer |
| Ciphertext | Data or information in its encrypted form. |
| CISO | Chief Information Security Officer |
| Confidentiality | A property that information is not disclosed to users, processes, or devices unless they have been authorized to access the information. |
| Cookie(s) | A small packet of software that lets a website or browser track users by storing some of their information, such as what clothing online shoppers like |
| Critical Infrastructure | The systems and assets, whether physical or virtual, so vital to society that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters. |
| Cyberattack | A malicious and deliberate attempt to breach the information system |
| Cybercrime | Any illegal activity done on the internet |
| Cybersecurity | The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation. |
| Cyberthreat | Refers to anything that has the potential to cause serious harm to a computer system |
| Data Breach | The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information. |
| Data Loss | The result of unintentionally or accidentally deleting data, forgetting where it is stored, or exposure to an unauthorized party. |
| Data Loss Prevention (DLP) | A set of procedures and mechanisms to stop sensitive data from leaving a security boundary. |
| Data Mining | The process or techniques used to analyze large sets of existing information to discover previously unrevealed patterns or correlations. |
| Data Theft | The deliberate or intentional act of stealing of information. |
| Deepfake | Synthetic media that have been digitally manipulated to replace one person's likeness convincingly with that of another |
| Digital Forensics | The processes and specialized techniques for gathering, retaining, and analyzing system-related data (digital evidence) for investigative purposes. |
| eCrime | Criminal activity that involves the use of computers or networks such as the internet |
| Encryption | The process of transforming plaintext into ciphertext. |
| Enterprise Risk Management | A comprehensive approach to risk management that engages people, processes, and systems across an organization to improve the quality of decision making for managing risks that may hinder an organization’s ability to achieve its objectives. |
| End of Life (EOL) | End of Life. The app has reached the end of its useful life. It may mean that a new version is available that supersedes the existing product or that the product is no longer supported. |
| Firewall | A capability to limit network traffic between networks and/or information systems. |
| Geofencing | To set up triggers so that when a device such as an internet-connected smartphone enters a defined geographical boundary, the user gets an alert |
| Hacker | An unauthorized user who attempts to or gains access to an information system. |
| Honeypot | A computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information |
| Identity and Access Management (IAM) | The methods and processes used to manage subjects and their authentication and authorizations to access specific objects. |
| Intrusion Detection and Prevention System (IDPS) | Software that automates the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents and attempting to stop detected possible incidents |
| Internet of Things (IOT) | The collection of sensors, instruments and autonomous devices connected through the internet to applications |
| Impersonization | An attack type targeted phishing attack where a malicious actor pretends to be someone else or other entities to steal sensitive data |
| Incident Response Plan (IRP) | A set of predetermined and documented procedures to detect and respond to a cyber incident. |
| Information Security (InfoSec) | The processes and tools designed and deployed to protect sensitive business information from modification, disruption, destruction, and inspection |
| Insider Threat | A person or group of persons within an organization who pose a potential risk through violating security policies. |
| Intrusion | An unauthorized act of bypassing the security mechanisms of a network or information system. |
| Intrusion Detection | The process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred. |
| Malvertising | A malicious attack that involves injecting harmful code into legitimate online advertising networks |
| Malware | Malicious software or code used to steal information and damage devices |
| Mitigation | The application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences. |
| Open Authorization Standard (OAuth) | An open-standard authorization protocol or framework that provides applications the ability for secure designated access |
| Outsider Threat | A person or group of persons external to an organization who are not authorized to access its assets and pose a potential risk to the organization and its assets. |
| Password | A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization. |
| Passwordless | An authentication method in which a user can log in to a computer system without the entering a password or any other knowledge-based secret |
| Personal Identifying Information (PII) | The information that permits the identity of an individual to be directly or indirectly inferred. |
| Pharming | A phishing attack that uses fake websites to trick users into entering their personal information |
| Phishing | A type of cyberattack in which someone pretends to be a trustworthy person, website or organization to get victims to share their username, password or other personal information |
| Ransomware | Malware designed to deny a user or organization access to files on their computer |
| Risk Analysis | The systematic examination of the components and characteristics of risk. |
| Risk Assessment | The product or process which collects information and assigns values to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making. |
| Risk Management | The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken. |
| SecOps | A combination of the terms security and operations, is a methodology that IT managers implement to enhance the connection, collaboration and communication between IT security and IT operations teams |
| Smishing/SMS Phishing | Uses text messages rather than email to carry out a phishing attack. The texts appear to be from legitimate sources, but they contain malicious links. |
| Search Engine Phishing | Involves hackers creating websites and getting them indexed on legitimate search engines. The websites often feature cheap products and incredible deals to lure unsuspecting online shoppers to their site, where the victim is prompted to register an account or enter their bank account information to complete a purchase. |
| Security Operations Center (SOC) | An intelligence hub for the company, gathering data from across the organization's networks, servers, endpoints and other digital assets and using intelligent automation to identify, prioritize and respond to potential cybersecurity threats |
| Social Engineering | The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes |
| Social Media Phishing | When attackers use social networking sites like Facebook, Twitter and Instagram to obtain victims' sensitive data or lure them into clicking on malicious links. Hackers may create fake accounts impersonating someone the victim knows |
| Spam | Any unwelcome and unwanted e-mail or junk mail, including repeated comments on another's post |
| Spear Phishing | Involves sending malicious emails to specific individuals within an organization, rather than sending out mass emails to thousands of recipients |
| Spidering | The process where hackers familiarize themselves with their targets in order to obtain credentials based on their activity |
| Spoofing | Faking the sending address of a transmission to gain illegal [unauthorized] entry into a secure system. |
| Spyware | Software put on a computer to spy and collect and send information to cybercriminals |
| Threat | A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society. |
| Threat Actor / Agent | An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities. |
| Threat Assessment | The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations, and/or property. |
| Threatware | A general term encompassing all types of malicious software on computers and electronic devices |
| Virus | A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer. |
| Vishing (Voice Phishing) | A type of cyberattack where fraudsters use phone calls to deceive individuals into providing sensitive information or performing certain actions. |
| Whaling | A type of cyberattack that targets high-profile individuals or executives. These types of attacks are highly targeted and personalized. |
Definitions from: NCDIT, NICCS, Panda Security