Recently updated

The process of identifying, analyzing, and assessing supply chain risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.

a cybercrime business model in which ransomware developers sell ransomware code or malware to other hackers, called “affiliates,” who then use the code to initiate their own ransomware attacks.

the fraudulent practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information

A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer.

A field concerned with designing and developing artificial intelligence algorithms for automated knowledge discovery and innovation by information systems.

typically defined as a set of actions by a nation or organization to attack countries or institutions' computer network systems with the intention of disrupting, damaging, or destroying infrastructure by computer viruses or denial of service attacks

The product or process which collects information and assigns values to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making.

a hacking technique of defrauding target's over the phone, enticing them to divulge sensitive information

In the NICE Framework, cybersecurity work where a person: Applies knowledge of priorities to define an entity.

a digital currency in which transactions are verified and records maintained by a decentralized system using cryptography, rather than by a centralized authority.

The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information.

In the NICE Framework, cybersecurity work where a person: Addresses problems, installs, configures, troubleshoots, and provides maintenance and training in response to customer requirements or inquiries (e.g., tiered level customer support).

a cyberattack tactic that scares people into visiting spoofed or infected websites or downloading malicious software (malware)

a clue that a malicious entity has gained, or is attempting to gain, unauthorised access to the network or assets connected to the network

a number of roles that have cybersecurity responsibilities which typically form only part of their overall responsibilities within an organization.

An observable occurrence or sign that an attacker may be preparing to cause an incident.

Software that automates the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents and attempting to stop detected possible incidents

a hacking technique in which a hacker accesses a wireless device through a Bluetooth connection

In the NICE Framework, cybersecurity work where a person: Conducts training of personnel within pertinent subject domain; develop, plan, coordinate, deliver, and/or evaluate training courses, methods, and techniques as appropriate.

An observable occurrence in an information system or network.

an identification card issued by a federal agency that contains a computer chip, which allows it to receive, store, recall, and send information in a secure method

An occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences.

A Linux distribution is an operating system made from a software collection that includes the Linux kernel and often a package management system.

a combination of the terms security and operations, is a methodology that IT managers implement to enhance the connection, collaboration and communication between IT security and IT operations teams

Similar cyber events or behaviors that may indicate an attack has occurred or is occurring, resulting in a security violation or a potential security violation.

Faking the sending address of a transmission to gain illegal [unauthorized] entry into a secure system.

An information security expert who performs penetration tests

an internal control designed to prevent error and fraud by ensuring that at least two individuals are responsible for the separate parts of any task.

A comprehensive approach to risk management that engages people, processes, and systems across an organization to improve the quality of decision making for managing risks that may hinder an organization’s ability to achieve its objectives.

an attack in which someone sends unsolicited messages to a Bluetooth enabled device

refers to the series of behaviors that a cybercriminal exhibits prior to executing a cyberattack.

the collection of sensors, instruments and autonomous devices connected through the internet to industrial applications

In the NICE Framework, cybersecurity work where a person: Consults with customers to gather and evaluate functional requirements and translates these requirements into technical solutions; provides guidance to customers about applicability of information systems to meet business needs.

A person or group of persons external to an organization who are not authorized to access its assets and pose a potential risk to the organization and its assets.

or cyber spying, is a type of cyberattack in which an unauthorized user attempts to access sensitive or classified data or intellectual property (IP) for economic gain, competitive advantage or political reasons

An exercise, reflecting real world conditions, that is conducted as a simulated attempt by an adversary to attack or exploit vulnerabilities in an enterprise's information systems.

search for and publish private or identifying information about (a particular individual) on the internet, typically with malicious intent.

A natural or man made source or cause of harm or difficulty.

A group authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s cybersecurity posture.

A model where cybercriminals offer pre packaged phishing tools and resources, like malicious email templates, landing pages, and hosting, to others, effectively lowering the barrier to entry for launching phishing campaigns.

A set of designations employing four colors (RED, AMBER, GREEN, and WHITE) used to ensure that sensitive information is shared with the correct audience.

Cryptomining is an online threat that hides on a computer or mobile device and uses the machine’s resources to “mine” cryptocurrencies.

An unexpected and relatively small defect, fault, flaw, or imperfection in an information system or device.

attackers searching for wireless networks with vulnerabilities while moving around an area in a moving vehicle

An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception).

In the NICE Framework, cybersecurity work where a person: Executes collection using appropriate strategies and within the priorities established through the collection management process.

A NICE Framework category consisting of specialty areas responsible for the identification, analysis, and mitigation of threats to internal IT systems or networks.

refers to everything in a web application that is displayed or takes place on the client (end user device)

A state of mind or desire to achieve an objective.

a type of malware that conceals its true content to fool a user into thinking it's a harmless file