Home  Media  Glossary  Contact

eVestigator® clarifies some commonly used terms in the Cybersecurity science

Below is a continuously updated list of common words that you can expect to come across. As the industry changes, so too does the vocabulary.

Words and definitions

'access' ~ The ability and means to communicate with or otherwise interact with a system, to use system resources to handle information, to gain knowledge of the information the system contains, or to control system components and functions.


'access control' ~ The process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities.


'access control mechanism' ~ Security measures designed to detect and deny unauthorized access and permit authorized access to an information system or a physical facility.


'active attack' ~ An actual assault perpetrated by an intentional threat source that attempts to alter a system, its resources, its data, or its operations.


'active content' ~ Software that is able to automatically carry out or trigger actions without the explicit intervention of a user.


'Advanced Persistent Threat' ~ An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception).


'adversary' ~ An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.


'air gap' ~ To physically separate or isolate a system from other systems or networks (verb).


'alert' ~ A notification that a specific attack has been detected or directed at an organization's information systems.


'All Source Intelligence' ~ In the NICE Workforce Framework, cybersecurity work where a person: Analyzes threat information from multiple sources, disciplines, and agencies across the Intelligence Community. Synthesizes and places intelligence information in context; draws insights about the possible implications.


'Analyze' ~ A NICE Workforce Framework category consisting of specialty areas responsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.


'antispyware software' ~ A program that specializes in detecting and blocking or removing forms of spyware.


'antivirus software' ~ A program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents. Sometimes by removing or neutralizing the malicious code.


'asset' ~ A person, structure, facility, information, and records, information technology systems and resources, material, process, relationships, or reputation that has value.


'attack' ~ An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity.


'attack method' ~ The manner or technique and means an adversary may use in an assault on information or an information system.


'attack path' ~ The steps that an adversary takes or may take to plan, prepare for, and execute an attack.


'attack pattern' ~ Similar cyber events or behaviors that may indicate an attack has occurred or is occurring, resulting in a security violation or a potential security violation.


'attack signature' ~ A characteristic or distinctive pattern that can be searched for or that can be used in matching to previously identified attacks.


'attack surface' ~ The set of ways in which an adversary can enter a system and potentially cause damage.


'attacker' ~ An individual, group, organization, or government that executes an attack.


'authentication' ~ The process of verifying the identity or other attributes of an entity (user, process, or device).


'authenticity' ~ A property achieved through cryptographic methods of being genuine and being able to be verified and trusted, resulting in confidence in the validity of a transmission, information or a message, or sender of information or a message.


'authorization' ~ A process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource.


'availability' ~ The property of being accessible and usable upon demand.


'behavior monitoring' ~ Observing activities of users, information systems, and processes and measuring the activities against organizational policies and rule, baselines of normal activity, thresholds, and trends.


'blacklist' ~ A list of entities that are blocked or denied privileges or access.


'Blue Team' ~ A group that defends an enterprise's information systems when mock attackers (i.e., the Red Team) attack, typically as part of an operational exercise conducted according to rules established and monitored by a neutral group (i.e., the White Team).


'bot' ~ A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under remote the command and control of a remote administrator.


'bot master' ~ The controller of a botnet that, from a remote location, provides direction to the compromised computers in the botnet.


'botnet' ~ A collection of computers compromised by malicious code and controlled across a network.


'bug' ~ An unexpected and relatively small defect, fault, flaw, or imperfection in an information system or device.


'Build Security In' ~ A set of principles, practices, and tools to design, develop, and evolve information systems and software that enhance resistance to vulnerabilities, flaws, and attacks.


'capability' ~ The means to accomplish a mission, function, or objective.


'ciphertext' ~ Data or information in its encrypted form.


'cloud computing' ~ A model for enabling on-demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.


'Collect & Operate' ~ A NICE Workforce Framework category consisting of specialty areas responsible for specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence.


'Collection Operations' ~ In the NICE Workforce Framework, cybersecurity work where a person: Executes collection using appropriate strategies and within the priorities established through the collection management process.


'computer network defense' ~ The actions taken to defend against unauthorized activity within computer networks.


'Computer Network Defense Analysis' ~ In the NICE Workforce Framework, cybersecurity work where a person: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.


'Computer Network Defense Infrastructure Support' ~ In the NICE Workforce Framework, cybersecurity work where a person: Tests, implements, deploys, maintains, reviews, and administers the infrastructure hardware and software that are required to effectively manage the computer network defense service provider network and resources; monitors network to actively remediate unauthorized activities.


'confidentiality' ~ A property that information is not disclosed to users, processes, or devices unless they have been authorized to access the information.


'consequence' ~ The effect of an event, incident, or occurrence.


'Continuity of Operations Plan' ~ A document that sets forth procedures for the continued performance of core capabilities and critical operations during any disruption or potential disruption.


'cryptanalysis' ~ The operations performed in defeating or circumventing cryptographic protection of information by applying mathematical techniques and without an initial knowledge of the key employed in providing the protection.


'cryptographic algorithm' ~ A well-defined computational procedure that takes variable inputs, including a cryptographic key, and produces an output.


'cryptography' ~ The use of mathematical techniques to provide security services, such as confidentiality, data integrity, entity authentication, and data origin authentication.


'cryptology' ~ The mathematical science that deals with cryptanalysis and cryptography.


'Customer Service and Technical Support' ~ In the NICE Workforce Framework, cybersecurity work where a person: Addresses problems, installs, configures, troubleshoots, and provides maintenance and training in response to customer requirements or inquiries (e.g., tiered-level customer support).


'cyber ecosystem' ~ The interconnected information infrastructure of interactions among persons, processes, data, and information and communications technologies, along with the environment and conditions that influence those interactions.


'cyber exercise' ~ A planned event during which an organization simulates a cyber disruption to develop or test capabilities such as preventing, detecting, mitigating, responding to or recovering from the disruption.


'cyber infrastructure' ~ An electronic information and communications systems and services and the information contained therein.


'Cyber Operations' ~ In the NICE Workforce Framework, cybersecurity work where a person: Performs activities to gather evidence on criminal or foreign intelligence entities in order to mitigate possible or real-time threats, protect against espionage or insider threats, foreign sabotage, international terrorist activities, or to support other intelligence activities.


'Cyber Operations Planning' ~ in the NICE Workforce Framework, cybersecurity work where a person: Performs in-depth joint targeting and cyber planning process. Gathers information and develops detailed Operational Plans and Orders supporting requirements. Conducts strategic and operational-level planning across the full range of operations for integrated information and cyberspace operations


'cybersecurity' ~ The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation.


'cyberspace' ~ The interdependent network of information technology infrastructures, that includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers.


'Data Administration' ~ In the NICE Workforce Framework, cybersecurity work where a person: Develops and administers databases and/or data management systems that allow for the storage, query, and utilization of data.


'data aggregation' ~ The process of gathering and combining data from different sources, so that the combined data reveals new information.


'data breach' ~ The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information.


'data integrity' ~ The property that data is complete, intact, and trusted and has not been modified or destroyed in an unauthorized or accidental manner.


'data loss' ~ The result of unintentionally or accidentally deleting data, forgetting where it is stored, or exposure to an unauthorized party.


'data mining' ~ The process or techniques used to analyze large sets of existing information to discover previously unrevealed patterns or correlations.


'data theft' ~ The deliberate or intentional act of stealing of information.


'decipher' ~ To convert enciphered text to plain text by means of a cryptographic system.


'decode' ~ To convert encoded text to plain text by means of a code.


'decrypt' ~ A generic term encompassing decode and decipher.


'decryption' ~ The process of transforming ciphertext into its original plaintext.


'denial of service' ~ An attack that prevents or impairs the authorized use of information system resources or services.


'digital forensics' ~ The processes and specialized techniques for gathering, retaining, and analyzing system-related data (digital evidence) for investigative purposes.


'digital rights management' ~ A form of access control technology to protect and manage use of digital content or devices in accordance with the content or device provider's intentions.


'digital signature' ~ A value computed with a cryptographic process using a private key and then appended to a data object, thereby digitally signing the data.


'disruption' ~ An event which causes unplanned interruption in operations or functions for an unacceptable length of time.


'distributed denial of service' ~ A denial of service technique that uses numerous systems to perform the attack simultaneously.


'dynamic attack surface' ~ The automated, on-the-fly changes of an information system's characteristics to thwart actions of an adversary.


'electronic signature' ~ Any mark in electronic form associated with an electronic document, applied with the intent to sign the document.


'encipher' ~ To convert plaintext to ciphertext by means of a cryptographic system.


'encode' ~ To convert plaintext to ciphertext by means of a code.


'encrypt' ~ The generic term encompassing encipher and encode.


'encryption' ~ The process of transforming plaintext into ciphertext.


'enterprise risk management' ~ A comprehensive approach to risk management that engages people, processes, and systems across an organization to improve the quality of decision making for managing risks that may hinder an organization's ability to achieve its objectives.


'event' ~ An observable occurrence in an information system or network.


'exfiltration' ~ The unauthorized transfer of information from an information system.


'exploit' ~ A technique to breach the security of a network or information system in violation of security policy.


'Exploitation Analysis' ~ In the NICE Workforce Framework, cybersecurity work where a person: Analyzes collected information to identify vulnerabilities and potential for exploitation.


'exposure' ~ The condition of being unprotected, thereby allowing access to information or access to capabilities that an attacker can use to enter a system or network.


'Failure' ~ The inability of a system or component to perform its required functions within specified performance requirements.


'hacker' ~ An unauthorized user who attempts to or gains access to an information system.


'hash value' ~ A numeric value resulting from applying a mathematical algorithm against a set of data such as a file.


'hashing' ~ A process of applying a mathematical algorithm against a set of data to produce a numeric value (a 'hash value') that represents the data.


'hazard' ~ A natural or man-made source or cause of harm or difficulty.


'ICT supply chain threat' ~ A man-made threat achieved through exploitation of the information and communications technology (ICT) system's supply chain, including acquisition processes.


'identity and access management' ~ The methods and processes used to manage subjects and their authentication and authorizations to access specific objects.


'incident' ~ An occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences.


'incident management' ~ The management and coordination of activities associated with an actual or potential occurrence of an event that may result in adverse consequences to information or information systems.


'incident response' ~ The activities that address the short-term, direct effects of an incident and may also support short-term recovery.


'incident response plan' ~ A set of predetermined and documented procedures to detect and respond to a cyber incident.


'indicator' ~ An occurrence or sign that an incident may have occurred or may be in progress.


'Industrial Control System' ~ An information system used to control industrial processes such as manufacturing, product handling, production, and distribution or to control infrastructure assets.


'information and communication(s) technology' ~ Any information technology, equipment, or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information.


'Information Assurance Compliance' ~ In the NICE Workforce Framework, cybersecurity work where a person: Oversees, evaluates, and supports the documentation, validation, and accreditation processes necessary to assure that new IT systems meet the organization's information assurance and security requirements; ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.


'information security policy' ~ An aggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information.


'information sharing' ~ An exchange of data, information, and/or knowledge to manage risks or respond to incidents.


'information system resilience' ~ The ability of an information system to: (1) continue to operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (2) recover effectively in a timely manner.


'Information Systems Security Operations' ~ In the NICE Workforce Framework, cybersecurity work where a person: Oversees the information assurance program of an information system in or outside the network environment; may include procurement duties (e.g., Information Systems Security Officer).


'information technology' ~ Any equipment or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information.


'inside( r) threat' ~ A person or group of persons within an organization who pose a potential risk through violating security policies.


'integrated risk management' ~ The structured approach that enables an enterprise or organization to share risk information and risk analysis and to synchronize independent yet complementary risk management strategies to unify efforts across the enterprise.


'integrity' ~ The property whereby information, an information system, or a component of a system has not been modified or destroyed in an unauthorized manner.


'intent' ~ A state of mind or desire to achieve an objective.


'interoperability' ~ The ability of two or more systems or components to exchange information and to use the information that has been exchanged.


'intrusion' ~ An unauthorized act of bypassing the security mechanisms of a network or information system.


'intrusion detection' ~ The process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred.


'Investigate' ~ a NICE Workforce Framework category consisting of specialty areas responsible for the investigation of cyber events and/or crimes of IT systems, networks, and digital evidence


'investigation' ~ A systematic and formal inquiry into a qualified threat or incident using digital forensics and perhaps other traditional criminal inquiry techniques to determine the events that transpired and to collect evidence.


'key' ~ The numerical value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification.


'key pair' ~ A public key and its corresponding private key.


'key resource' ~ A publicly or privately controlled asset necessary to sustain continuity of government and/or economic operations, or an asset that is of great historical significance.


'keylogger' ~ Software or hardware that tracks keystrokes and keyboard events, usually surreptitiously / secretly, to monitor actions by the user of an information system.


'Knowledge Management' ~ In the NICE Workforce Framework, cybersecurity work where a person: Manages and administers processes and tools that enable the organization to identify, document, and access intellectual capital and information content.


'Legal Advice and Advocacy' ~ In the NICE Workforce Framework, cybersecurity work where a person: Provides legally sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain; advocates legal and policy changes and makes a case on behalf of client via a wide range of written and oral work products, including legal briefs and proceedings.


'machine learning and evolution' ~ A field concerned with designing and developing artificial intelligence algorithms for automated knowledge discovery and innovation by information systems.


'macro virus' ~ A type of malicious code that attaches itself to documents and uses the macro programming capabilities of the document's application to execute, replicate, and spread or propagate itself.


'malicious applet' ~ A small application program that is automatically downloaded and executed and that performs an unauthorized function on an information system.


'malicious code' ~ Program code intended to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system.


'malicious logic' ~ Hardware, firmware, or software that is intentionally included or inserted in a system to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system.


'mitigation' ~ The application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences.


'moving target defense' ~ The presentation of a dynamic attack surface, increasing an adversary's work factor necessary to probe, attack, or maintain presence in a cyber target.


'network resilience' ~ The ability of a network to: (1) provide continuous operation (i.e., highly resistant to disruption and able to operate in a degraded mode if damaged); (2) recover effectively if failure does occur; and (3) scale to meet rapid or unpredictable demands.


'Network Services' ~ In the NICE Workforce Framework, cybersecurity work where a person: Installs, configures, tests, operates, maintains, and manages networks and their firewalls, including hardware (e.g., hubs, bridges, switches, multiplexers, routers, cables, proxy servers, and protective distributor systems) and software that permit the sharing and transmission of all spectrum transmissions of information to support the security of information and information systems.


'object' ~ A passive information system-related entity containing or receiving information.


'Operate & Maintain' ~ A NICE Workforce Framework category consisting of specialty areas responsible for providing the support, administration, and maintenance necessary to ensure effective and efficient IT system performance and security.


'operational exercise' ~ An action-based exercise where personnel rehearse reactions to an incident scenario, drawing on their understanding of plans and procedures, roles, and responsibilities.


'Operations Technology' ~ The hardware and software systems used to operate industrial control devices.


'outside( r) threat' ~ A person or group of persons external to an organization who are not authorized to access its assets and pose a potential risk to the organization and its assets.


'Oversight & Development' ~ A NICE Workforce Framework category consisting of specialty areas providing leadership, management, direction, and/or development and advocacy so that all individuals and the organization may effectively conduct cybersecurity work.


'passive attack' ~ An actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations.


'password' ~ A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization.


'pen test' ~ A colloquial term for penetration test or penetration testing.


'penetration testing' ~ An evaluation methodology whereby assessors search for vulnerabilities and attempt to circumvent the security features of a network and/or information system.


'Personal Identifying Information / Personally Identifiable Information' ~ The information that permits the identity of an individual to be directly or indirectly inferred.


'phishing' ~ A digital form of social engineering to deceive individuals into providing sensitive information.


'plaintext' ~ Unencrypted information.


'precursor' ~ An observable occurrence or sign that an attacker may be preparing to cause an incident.


'Preparedness' ~ The activities to build, sustain, and improve readiness capabilities to prevent, protect against, respond to, and recover from natural or manmade incidents.


'privacy' ~ The assurance that the confidentiality of, and access to, certain information about an entity is protected.


'private key' ~ A cryptographic key that must be kept confidential and is used to enable the operation of an asymmetric (public key) cryptographic algorithm.


'Protect & Defend' ~ A NICE Workforce Framework category consisting of specialty areas responsible for the identification, analysis, and mitigation of threats to internal IT systems or networks.


'public key' ~ A cryptographic key that may be widely published and is used to enable the operation of an asymmetric (public key) cryptographic algorithm.


'public key cryptography' ~ A branch of cryptography in which a cryptographic system or algorithms use two uniquely linked keys: a public key and a private key (a key pair).


'Public Key Infrastructure' ~ A framework consisting of standards and services to enable secure, encrypted communication and authentication over potentially insecure networks such as the Internet.


'Recovery' ~ The activities after an incident or event to restore essential services and operations in the short and medium term and fully restore all capabilities in the longer term.


'Red Team' ~ A group authorized and organized to emulate a potential adversary's attack or exploitation capabilities against an enterprise's cybersecurity posture.


'Red Team exercise' ~ An exercise, reflecting real-world conditions, that is conducted as a simulated attempt by an adversary to attack or exploit vulnerabilities in an enterprise's information systems.


'redundancy' ~ Additional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process.


'resilience' ~ The ability to adapt to changing conditions and prepare for, withstand, and rapidly recover from disruption.


'response' ~ The activities that address the short-term, direct effects of an incident and may also support short-term recovery.


'risk' ~ The potential for an unwanted or adverse outcome resulting from an incident, event, or occurrence, as determined by the likelihood that a particular threat will exploit a particular vulnerability, with the associated consequences.


'risk analysis' ~ The systematic examination of the components and characteristics of risk.


'risk assessment' ~ The product or process which collects information and assigns values to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making.


'risk management' ~ The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.


'rootkit' ~ A set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges, and conceal the activities conducted by the tools.


'secret key' ~ A cryptographic key that is used for both encryption and decryption, enabling the operation of a symmetric key cryptography scheme.


'Securely Provision' ~ A NICE Workforce Framework category consisting of specialty areas concerned with conceptualizing, designing, and building secure IT systems, with responsibility for some aspect of the systems' development.


'security automation' ~ The use of information technology in place of manual processes for cyber incident response and management.


'security policy' ~ A rule or set of rules that govern the acceptable use of an organization's information and services to a level of acceptable risk and the means for protecting the organization's information assets.


'Security Program Management' ~ In the NICE Workforce Framework, cybersecurity work where a person: Manages information security (e.g., information security) implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and other resources (e.g., the role of a Chief Information Security Officer).


'signature' ~ A recognizable, distinguishing pattern.


'situational awareness' ~ Comprehending information about the current and developing security posture and risks, based on information gathered, observation and analysis, and knowledge or experience.


'software assurance' ~ The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner.


'Software Assurance and Security Engineering' ~ In the NICE Workforce Framework, cybersecurity work where a person: Develops and writes/codes new (or modifies existing) computer applications, software, or specialized utility programs following software assurance best practices.


'spam' ~ The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.


'Spoofing' ~ Faking the sending address of a transmission to gain illegal (unauthorized) entry into a secure system.


'spyware' ~ Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.


'Strategic Planning and Policy Development' ~ In the NICE Workforce Framework, cybersecurity work where a person: Applies knowledge of priorities to define an entity.


'subject' ~ An individual, process, or device causing information to flow among objects or a change to the system state.


'supply chain' ~ A system of organizations, people, activities, information and resources, for creating and moving products including product components and/or services from suppliers through to their customers.


'Supply Chain Risk Management' ~ The process of identifying, analyzing, and assessing supply chain risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.


'symmetric cryptography' ~ A branch of cryptography in which a cryptographic system or algorithms use the same secret key (a shared secret key).


'symmetric key' ~ A cryptographic key that is used to perform both the cryptographic operation and its inverse, for example to encrypt plaintext and decrypt ciphertext, or create a message authentication code and to verify the code.


'System Administration' ~ In the NICE Workforce Framework, cybersecurity work where a person: Installs, configures, troubleshoots, and maintains server configurations (hardware and software) to ensure their confidentiality, integrity, and availability; also manages accounts, firewalls, and patches; responsible for access control, passwords, and account creation and administration.


'system integrity' ~ The attribute of an information system when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.


'Systems Development' ~ In the NICE Workforce Framework, cybersecurity work where a person: Works on the development phases of the systems development lifecycle.


'Systems Requirements Planning' ~ In the NICE Workforce Framework, cybersecurity work where a person: Consults with customers to gather and evaluate functional requirements and translates these requirements into technical solutions; provides guidance to customers about applicability of information systems to meet business needs.


'Systems Security Analysis' ~ In the NICE Workforce Framework, cybersecurity work where a person: Conducts the integration/testing, operations, and maintenance of systems security.


'tabletop exercise' ~ A discussion-based exercise where personnel meet in a classroom setting or breakout groups and are presented with a scenario to validate the content of plans, procedures, policies, cooperative agreements or other information for managing an incident.


'tailored trustworthy space' ~ A cyberspace environment that provides a user with confidence in its security, using automated mechanisms to ascertain security conditions and adjust the level of security based on the user's context and in the face of an evolving range of threats.


'Targets' ~ In the NICE Workforce Framework, cybersecurity work where a person: Applies current knowledge of one or more regions, countries, non-state entities, and/or technologies.


'Technology Research and Development' ~ In the NICE Workforce Framework, cybersecurity work where a person: Conducts technology assessment and integration processes; provides and supports a prototype capability and/or evaluates its utility.


'Test and Evaluation' ~ In the NICE Workforce Framework, cybersecurity work where a person: Develops and conducts tests of systems to evaluate compliance with specifications and requirements by applying principles and methods for cost-effective planning, evaluating, verifying, and validating of technical, functional, and performance characteristics (including interoperability) of systems or elements of systems incorporating information technology.


'threat' ~ A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society.


'threat agent' ~ An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.


'threat analysis' ~ The detailed evaluation of the characteristics of individual threats.


'ticket' ~ In access control, data that authenticates the identity of a client or a service and, together with a temporary encryption key (a session key), forms a credential.


'traffic light protocol' ~ A set of designations employing four colors (RED, AMBER, GREEN, and WHITE) used to ensure that sensitive information is shared with the correct audience.


'Trojan horse' ~ A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.


'unauthorized access' ~ Any access that violates the stated security policy.


'virus' ~ A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer.


'vulnerability' ~ A characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard.


'Vulnerability Assessment and Management' ~ In the NICE Workforce Framework, cybersecurity work where a person: Conducts assessments of threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.


'weakness' ~ A shortcoming or imperfection in software code, design, architecture, or deployment that, under proper conditions, could become a vulnerability or contribute to the introduction of vulnerabilities.


'White Team' ~ A group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of information systems.


'whitelist' ~ A list of entities that are considered trustworthy and are granted access or privileges.


'work factor' ~ An estimate of the effort or time needed by a potential adversary, with specified expertise and resources, to overcome a protective measure.


'worm' ~ A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.