A generic term that refers to a wireless local area network that observes the IEEE 802.11


Any circumstance or event with the potential to adversely impact organizational operations


A name referring to the investigation, study, and control of unintentional compromising

Third-Party Providers

Service providers, integrators, vendors, telecommunications, and infrastructure support

Technical Controls

The security controls (i.e., safeguards or countermeasures) for an information system

Threat Actor

An individual or a group posing a threat. See NIST SP 800-150 under Threat Actor


The ability for an organization’s employees and contractors to conduct work

Blue Team

The group responsible for defending an enterprise’s use of information systems

Block Cipher

A symmetric-key cryptographic algorithm that transforms one block of information

User ID

Unique symbol or character string used by an information system

Web Server

A computer that provides World Wide Web (WWW) services on the Internet.


Store files containing malware in isolation for future disinfection or examination.


The transmission of packetized voice using the internet protocol (IP)


Individual or (system) process authorized to access an information system.


The ability for an organization’s employees and contractors to conduct work


A uniform resource locator, or URL, is a short string containing an address


Information that does not require safeguarding or dissemination controls

POODLE attack

POODLE is referred to as both a downgrade attack, and a man-in-the-middle exploit.

MITM Attack

Man in the Middle. An attack using active interception or eavesdropping.

Plain text

Plain text is simple text displayed in a readable format. Encryption converts plain text

Volatile Data

Data on a live system that is lost after a computer is powered down.