Recently updated

The structured approach that enables an enterprise or organization to share risk information and risk analysis and to synchronize independent yet complementary risk management strategies to unify efforts across the enterprise.

The presentation of a dynamic attack surface, increasing an adversary's work factor necessary to probe, attack, or maintain presence in a cyber target.

In the NICE Framework, cybersecurity work where a person: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats.

In the NICE Framework, cybersecurity work where a person: Manages information security (e.g., information security) implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and other resources (e.g., the role of a Chief Information Security Officer).

A model for enabling on demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

A process of applying a mathematical algorithm against a set of data to produce a numeric value (a 'hash value') that represents the data.

A shared, immersive, persistent, 3D virtual space where humans experience life in ways they could not in the physical world

The process or techniques used to analyze large sets of existing information to discover previously unrevealed patterns or correlations.

a malicious technique where an attacker gains control over a target's proxy server, allowing them to intercept and manipulate the targets internet traffic

The effect of an event, incident, or occurrence.

The application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences.

The means to accomplish a mission, function, or objective.

A characteristic or distinctive pattern that can be searched for or that can be used in matching to previously identified attacks.

A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society.

A framework consisting of standards and services to enable secure, encrypted communication and authentication over potentially insecure networks such as the Internet.

a security solution that helps organizations detect threats before they disrupt business

a cloud computing model where a third party provider delivers hardware and software tools to users over the internet

A NICE Framework category consisting of specialty areas responsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.

Using search techniques to hack into vulnerable sites or search for information that is not available in public search results.

A cryptographic key that must be kept confidential and is used to enable the operation of an asymmetric (public key) cryptographic algorithm.

A list of entities that are considered trustworthy and are granted access or privileges.

A self replicating, self propagating, self contained program that uses networking mechanisms to spread itself.

an information security strategy to strengthens an organization's security posture by implementing multiple levels of protection, including inherently secure computer systems and protocols, high level encryption, and authentication

A recognizable, distinguishing pattern.

In the NICE Framework, cybersecurity work where a person: Tests, implements, deploys, maintains, reviews, and administers the infrastructure hardware and software that are required to effectively manage the computer network defense service provider network and resources; monitors network to actively remediate unauthorized activities.

a form of testing that is performed with knowledge of a target system's internals

A systematic and formal inquiry into a qualified threat or incident using digital forensics and perhaps other traditional criminal inquiry techniques to determine the events that transpired and to collect evidence.

a term borrowed from military doctrine that refers to the process of analyzing target vulnerabilities and matching them with specific cyber capabilities (weapons) to achieve a desired effect or objective

a NICE Framework category consisting of specialty areas responsible for the investigation of cyber events and/or crimes of IT systems, networks, and digital evidence

A group that defends an enterprise's information systems when mock attackers (i.e., the Red Team) attack, typically as part of an operational exercise conducted according to rules established and monitored by a neutral group (i.e., the White Team).

The result of unintentionally or accidentally deleting data, forgetting where it is stored, or exposure to an unauthorized party.

the fabrication of a false online identity by a cybercriminal for the purposes of deception, fraud, or exploitation

The process of managing and provisioning an organization’s IT infrastructure using machine readable configuration files, rather than employing physical hardware configuration or interactive configuration tools.

an emerging field that addresses the intersection of cybersecurity and biosecurity, focusing on protecting biological data, processes, and systems from cyber threats and malicious activities

The management and coordination of activities associated with an actual or potential occurrence of an event that may result in adverse consequences to information or information systems.

A tool, or set of tools, used to decrypt encrypted files. Either for recovery or anti ransomware purposes.

In the NICE Framework, cybersecurity work where a person: Analyzes collected information to identify vulnerabilities and potential for exploitation.

The activities that address the short term, direct effects of an incident and may also support short term recovery.

A form of access control technology to protect and manage use of digital content or devices in accordance with the content or device provider's intentions.

In the NICE Framework, cybersecurity work where a person: Conducts technology assessment and integration processes; provides and supports a prototype capability and/or evaluates its utility.

In the NICE Framework, cybersecurity work where a person: Analyzes threat information from multiple sources, disciplines, and agencies across the Intelligence Community. Synthesizes and places intelligence information in context; draws insights about the possible implications.

an ethical hacking technique used to gather as much data as possible about a specific targeted computer system, an infrastructure and networks to identify opportunities to penetrate them

The systematic examination of the components and characteristics of risk.

A NIST public private partnership that enables the creation of practical cybersecurity solutions for specific industries or broad, cross sector technology challenges

an authentication method in which a user can log in to a computer system without the entering a password or any other knowledge based secret

a set of communication rules or protocols for setting up secure connections over a network

The information that permits the identity of an individual to be directly or indirectly inferred.

A set of predetermined and documented procedures to detect and respond to a cyber incident.

a government wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services

creating virtual representations of servers, storage, networks, and other physical machines