Recently updated

Integrity is the property that data is accurate and has not been improperly modified or destroyed.

Confidentiality is the property that information is not disclosed to unauthorized parties.

the physical opening where a data cable can be plugged in

refers to the use of biometric data for authentication and access control to improve cybersecurity

a technique for identifying and dropping packets that have a false source address.

In the NICE Framework, cybersecurity work where a person: Applies current knowledge of one or more regions, countries, non state entities, and/or technologies.

a practice of using public cloud storage resources to store your data

Unencrypted information.

The unauthorized transfer of information from an information system.

In the NICE Framework, cybersecurity work where a person: Conducts assessments of threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non operational situations.

Any access that violates the stated security policy.

A man made threat achieved through exploitation of the information and communications technology (ICT) system’s supply chain, including acquisition processes.

a cloud based service offering artificial intelligence (AI) outsourcing

The steps that an adversary takes or may take to plan, prepare for, and execute an attack.

the proactive approach to securing networks and systems from attacks by actively seeking out vulnerabilities and weaknesses

relational database system that bridges the gap between SQL and NoSQL. NewSQL databases aim to scale and stay consistent.

A set of procedures and mechanisms to stop sensitive data from leaving a security boundary.

The assurance that the confidentiality of, and access to, certain information about an entity is protected.

A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization.

A NICE Framework category consisting of specialty areas concerned with conceptualizing, designing, and building secure IT systems, with responsibility for some aspect of the systems' development.

A person or group of persons within an organization who pose a potential risk through violating security policies.

a malware designed to deny a user or organization access to files on their computer

an attacker creates malware or malicious payloads to use against the target by designing new forms of malware. Modifying existing programs to better match the vulnerabilities they're trying to exploit

The hardware and software systems used to operate industrial control devices.

One who propagates disinformation

The manner or technique and means an adversary may use in an assault on information or an information system.

In the NICE Framework, cybersecurity work where a person: Installs, configures, tests, operates, maintains, and manages networks and their firewalls, including hardware (e.g., hubs, bridges, switches, multiplexers, routers, cables, proxy servers, and protective distributor systems) and software that permit the sharing and transmission of all spectrum transmissions of information to support the security of information and information systems.

An action based exercise where personnel rehearse reactions to an incident scenario, drawing on their understanding of plans and procedures, roles, and responsibilities.

The detailed evaluation of the characteristics of individual threats.

An individual, group, organization, or government that executes an attack.

A program that specializes in detecting and blocking or removing forms of spyware.

In the NICE Framework, cybersecurity work where a person: Provides legally sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain; advocates legal and policy changes and makes a case on behalf of client via a wide range of written and oral work products, including legal briefs and proceedings.

The collecting, processing, organizing, and analyzing data into actionable information that relates to capabilities, opportunities, actions, and intent of adversaries in the cyber domain to meet a specific requirement determined by and informing decision makers.

a cloud based method of outsourcing your cybersecurity

a hybrid solution that combines the breadth of automation with the depth of human assessment, while integrated with advanced vulnerability management and analytics

A NICE Framework category consisting of specialty areas responsible for providing the support, administration, and maintenance necessary to ensure effective and efficient IT system performance and security.

a class of malware designed specifically to automate cybercrime

a form of cybersquatting (sitting on sites under someone else's brand or copyright) that targets Internet users who incorrectly type a website address into their web browser

generates a list of similarly looking domain names for a given domain name and performs DNS queries for them (A, AAAA, NS and MX) which can be used to intercept misdirected traffic.

A property achieved through cryptographic methods to protect against an individual or entity falsely denying having performed a particular action related to data.

A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under remote the command and control of a remote administrator.

A rule or set of rules that govern the acceptable use of an organization's information and services to a level of acceptable risk and the means for protecting the organization's information assets.

The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.

The ability of an information system to: (1) continue to operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (2) recover effectively in a timely manner.

The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner.

the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes

An extensible XML schema that enables you to describe the technical characteristics that identify a known threat, an attacker's methodology, or other evidence of compromise.

In the NICE Framework, cybersecurity work where a person: Develops system concepts and works on the capabilities phases of the systems development lifecycle; translates technology and environmental conditions (e.g., law and regulation) into system and security designs and processes.

The deliberate or intentional act of stealing of information.

The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.