Plain text is simple text displayed in a readable format. Encryption converts plain text
Security testing that does not involve any direct interaction with the targets
An event involving the exposure of information to entities not authorized access
Data on a live system that is lost after a computer is powered down.
A digital certificate containing a public key for an entity and a name for that entity..
A flexible text format designed to describe data for electronic publishing.
Security exploit where the attacker infects websites that are frequently visited
An attack that exploits a previously unknown hardware, firmware, or software
A person gains logical or physical access without permission to a network,
A discussion-based exercise where personnel with roles and responsibilities
The means used to associate a set of security attributes with a specific information object
A process or mechanism for encrypting and decrypting XML documents or parts
A threat in which an adversary introduces a powerful RF signal to overwhelm the spectrum
Use of a set of methods, principles, or rules for assessing risk based on nonnumerical
Passive information system-related entity (e.g., devices, files, records, tables, processes,
An access control policy that is uniformly enforced across all subjects and objects
Special Publication – a designation for NIST documents
A string of characters (letters, numbers, and other symbols) used to authenticate an identity
An attack against an authentication protocol where the attacker intercepts data
A hidden, self-replicating section of computer software, usually malicious logic,
Weakness in an information system, system security procedures, internal controls
A logical portion of a media that functions as though it were physically separate from other
Protected information system link utilizing tunneling, security controls, and endpoint address
A simulated environment created by virtualization. See under Virtual Machine.
The simulation of the software and/or hardware upon which other software runs.
A commercial supplier of software or hardware. See NISTIR 4734
Software that observes and records network traffic. See CNSSI 4009-2015