Recently updated

a cloud database offering that provides customers with access to a database without having to deploy and manage the underlying infrastructure

In the NICE Framework, cybersecurity work where a person: Manages and administers processes and tools that enable the organization to identify, document, and access intellectual capital and information content.

The methods and processes used to manage subjects and their authentication and authorizations to access specific objects.

An attack type targeted phishing attack where a malicious actor pretends to be someone else or other entities to steal sensitive data

the combination of cultural philosophies, practices, and tools that increases an organization's ability to deliver applications and services

Established in 2004 and strengthened by the EU Cybersecurity Act, the European Union Agency for Cybersecurity contributes to EU cyber policy, enhances the trustworthiness of ICT products, services and processes with cybersecurity certification schemes, cooperates with Member States and EU bodies, and helps Europe prepare for the cyber challenges of tomorrow.

The activities to build, sustain, and improve readiness capabilities to prevent, protect against, respond to, and recover from natural or manmade incidents.

Any information technology, equipment, or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information.

Comprehending information about the current and developing security posture and risks, based on information gathered, observation and analysis, and knowledge or experience.

In the NICE Framework, cybersecurity work where a person: Develops and administers databases and/or data management systems that allow for the storage, query, and utilization of data.

In the NICE Framework, cybersecurity work where a person: Develops and writes/codes new (or modifies existing) computer applications, software, or specialized utility programs following software assurance best practices.

A shortcoming or imperfection in software code, design, architecture, or deployment that, under proper conditions, could become a vulnerability or contribute to the introduction of vulnerabilities.

A systematic process of gathering near real time biological information to detect, monitor, and characterize threats to human, animal, plant, and environmental health, enabling early warning and identification of potential outbreaks.

The use of information technology in place of manual processes for cyber incident response and management.

The activities that address the short term, direct effects of an incident and may also support short term recovery.

A collection of computers compromised by malicious code and controlled across a network.

a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information

an open standard authorization protocol or framework that provides applications the ability for secure designated access

An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.

a set of techniques used to conceal or destroy evidence to frustrate or deceive digital forensic investigations

The set of ways in which an adversary can enter a system and potentially cause damage.

A NICE Framework category consisting of specialty areas providing leadership, management, direction, and/or development and advocacy so that all individuals and the organization may effectively conduct cybersecurity work.

criminal activity that involves the use of computers or networks such as the internet

an automated software testing method that injects invalid, malformed, or unexpected inputs into a system to reveal software defects and vulnerabilities

The systems and assets, whether physical or virtual, so vital to society that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters.

A small application program that is automatically downloaded and executed and that performs an unauthorized function on an information system.

a cloud computing service that allows customers to execute code in response to events, without managing the complex infrastructure

refers to the methods used to bypass or spoof biometric security systems

A branch of cryptography in which a cryptographic system or algorithms use two uniquely linked keys: a public key and a private key (a key pair).

The controller of a botnet that, from a remote location, provides direction to the compromised computers in the botnet.

knowing what security threats are and acting responsibly to avoid potential risks.

An aggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information.

A generic name for a computerized system that is capable of gathering and processing data and applying operational controls to geographically dispersed assets over long distances.

A program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents. Sometimes by removing or neutralizing the malicious code.

In the NICE Framework, cybersecurity work where a person: Develops and conducts tests of systems to evaluate compliance with specifications and requirements by applying principles and methods for cost effective planning, evaluating, verifying, and validating of technical, functional, and performance characteristics (including interoperability) of systems or elements of systems incorporating information technology.

a technique used in cybersecurity and digital forensics, where attackers modify the timestamps of files and directories on a computer system to hide their actions or impede investigations

A technology that allows a program to interact with the internals of another program running on a different machine

A planned event during which an organization simulates a cyber disruption to develop or test capabilities such as preventing, detecting, mitigating, responding to or recovering from the disruption.

a malicious and deliberate attempt to breach the information system

A set of principles, practices, and tools to design, develop, and evolve information systems and software that enhance resistance to vulnerabilities, flaws, and attacks.

The processes and specialized techniques for gathering, retaining, and analyzing system related data (digital evidence) for investigative purposes.

in the NICE Framework, cybersecurity work where a person: Performs in depth joint targeting and cyber planning process. Gathers information and develops detailed Operational Plans and Orders supporting requirements. Conducts strategic and operational level planning across the full range of operations for integrated information and cyberspace operations.

The attribute of an information system when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.

the extent to which an individual practices several types of cybersecurity measures to avoid or attenuate the types of cyber threats that they are vulnerable to

Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.

An estimate of the effort or time needed by a potential adversary, with specified expertise and resources, to overcome a protective measure.

The ability to adapt to changing conditions and prepare for, withstand, and rapidly recover from disruption.

making small, strategic changes to habits and behaviors to improve things like cognitive function and weight management.

A Data Protection Impact Assessment (DPIA) describes a process designed to identify risks arising out of the processing of personal data and to minimize these risks as far and as early as possible

a cloud based identity and access management (IAM) offered by a third party provider