A - Cybersecurity Glossary

This page is having a slideshow that uses Javascript. Your browser either doesn't support Javascript or you have it turned off. To see this page as it is meant to appear please use a Javascript enabled browser.Verticalis WordPress Slider Plugin.

Glossary A

Authenticity

The property that data originated from its purported source.See NIST SP 800-38B under Authenticity, NIST SP 800-38C under Authenticity, NIST SP 800-38D under Authenticity, NIST ...

Authorization

The process of granting or denying specific requests: 1) for obtaining and using information and related information processing services; and 2) to enter specific physical ...

Awareness

Awareness is not training. The purpose of awareness presentations is simply to focus attention on security. Awareness presentations are intended to allow individuals to recognize ...

Authentication, Authorization, and Accounting

The property that data originated from its purported source.See NIST SP 800-38B under Authenticity, NIST SP 800-38C under Authenticity, NIST SP 800-38D under Authenticity, NIST ...

Algorithm Identifier

A PIV algorithm identifier is a one-byte identifier that specifies a cryptographic algorithm and key size. For symmetric cryptographic operations, the algorithm identifier also specifies ...

Aggregated Information

Information elements collated on a number of individuals, typically used for the purposes of making comparisons or identifying patterns.See NIST SP 800-122 for more information.

Anonymozation

Process that removes the association between the identifying dataset and the data subject.See NISTIR 8053 (ISO/TS 25237:2008) for more information.

Aggregate

To combine several more-specific prefixes into a less-specific prefix.See NIST SP 800-54 for more information.

Agent

A host-based IPS program that monitors and analyzes activity and performs preventive actions; OR a program or plug-in that enables an SSL VPN to access ...

Antispyware Software

A program that specializes in detecting both malware and non-malware forms of spyware.See NIST SP 800-69 for more information.

Anti-Forensic

A technique for concealing or destroying data so that others cannot access it.See NIST SP 800-86 for more information.

ABAC

An access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together. The policies can use any ...

Acceptable Risk

The level of Residual Risk that has been determined to be a reasonable level of potential loss/disruption for a specific IT system. See NIST SP ...

Availability

Availability indicates that data and services are available when needed. For some organizations, this simply means that the data and services must be available between ...

Access Control

Procedures and controls that limit or detect access to critical information resources. This can be accomplished through software, biometrics devices, or physical access to a ...

Access Control List (ACL)

A list of permissions associated with an object. The list specifies who or what is allowed to access the object and what operations are allowed ...

Access Control Matrix

A table in which each row represents a subject, each column represents an object, and each entry is the set of access rights for that ...

Access Control Mechanism

Security safeguards (i.e., hardware and software features, physical controls, operating procedures, management procedures, and various combinations of these) designed to detect and deny unauthorized access ...

Access Control System

A set of procedures and/or processes, normally automated, which allows access to a controlled area or to information to be controlled, in accordance with ...

Access List

Roster of individuals authorized admittance to a controlled area. See CNSSI 4009-2015 for more information.

Access Point (AP)

A device that logically connects wireless client devices operating in infrastructure to one another and provides access to a distribution system, if connected, which is ...

Accountability

The principle that an individual is entrusted to safeguard and control equipment, keying material, and information and is answerable to proper authority for the loss ...

Active Content

Electronic documents that can carry out or trigger actions automatically on a computer platform without the intervention of a user. See CNSSI 4009-2015 (NIST SP 800-28) and NIST SP 800-28 ...

Active Attack

An attack on the authentication protocol where the Attacker transmits data to the Claimant, Credential Service Provider, Verifier, or Relaying Party. Examples of active attacks ...

Active Cyber Defense

Active Cyber Defense (ACD)Synchronized, real-time capability to discover, detect, analyze,and mitigate threats and vulnerabilities.See CNSSI 4009-2015 (DSOC 2011) for more information.

Active Security Testing

Security testing that involves direct interaction with a target, such as sending packets to a target.See NIST SP 800-115 for more information.

Administrative Account

A user account with full privileges on a computer.See NIST SP 800-69 for more information.

Advanced Persistent Threat

APTAn adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack ...

Adversary

Individual, group, organization, or government that conducts or has the intent to conduct detrimental activities. See CNSSI 4009-2015 (NIST SP 800-30 Rev. 1) under Adversary (DHS Risk Lexicon) for more ...

Adverse Consequence

An undesirable consequence associated with a loss. See (ISO/IEC 15026) for more information.

AES

The Advanced Encryption Standard (AES) specifies a FIPS-approved cryptographic algorithm that can be used to protect electronic data.See FIPS 197 for more information.AES encrypts and ...

Aggregation

The consolidation of similar log entries into a single entry containing a count of the number of occurrences of the event.See NIST SP 800-92 under ...

Air Gap

An interface between two systems at which (a) they are not connected physically and (b) any logical connection is not automated (i.e., data is transferred ...

Alarm

A device or function that signals the existence of an abnormal condition by making an audible or visible discrete change, or both, so as to ...

Alert

A brief, usually human-readable, technical notification regarding current vulnerabilities, exploits, and other security issues. Also known as an advisory, bulletin, or vulnerability note.See NIST SP ...