Recently updated

The interconnected information infrastructure of interactions among persons, processes, data, and information and communications technologies, along with the environment and conditions that influence those interactions.

a general term encompassing all types of malicious software on computers and electronic devices

A characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard.

An individual, process, or device causing information to flow among objects or a change to the system state.

an attack tool designed to take down a server by flooding it with incomplete HTTP requests, without using much of bandwidth

a symbolic is a Linux/UNIX link that points to another file or folder on your computer, or a connected file system. Windows has a similar functionality called Shortcut

a tool that record what a person types on a device

In the NICE Framework, cybersecurity work where a person: Conducts the integration/testing, operations, and maintenance of systems security.

Responsible for the upkeep and maintenance of servers, networks, and other IT infrastructure.

password hashing function based on the Blowfish cipher and presented at USENIX in 1999

The ability of a network to: (1) provide continuous operation (i.e., highly resistant to disruption and able to operate in a degraded mode if damaged); (2) recover effectively if failure does occur; and (3) scale to meet rapid or unpredictable demands.

a novel cybersecurity attack technique that weaponizes legitimate, public facing Windows Domain Controllers (DCs) to form a powerful, stealthy distributed denial of service (DDoS) botnet

a malicious attack, spear phishing is a targeted form of phishing that uses personalized emails or messages to trick a specific individual or organization into revealing sensitive information or downloading malware

A notification that a specific attack has been detected or directed at an organization’s information systems.

In the NICE Framework, cybersecurity work where a person: Oversees, evaluates, and supports the documentation, validation, and accreditation processes necessary to assure that new IT systems meet the organization's information assurance and security requirements; ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.

The inability of a system or component to perform its required functions within specified performance requirements.

refers to anything that has the potential to cause serious harm to a computer system

Any equipment or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information.

a general category of services related to cloud computing and remote access

an undesirable machine learning behavior that occurs when the machine learning model gives accurate predictions for training data but not for new data

a software development methodology that places security concerns first in planning and development

A cyberspace environment that provides a user with confidence in its security, using automated mechanisms to ascertain security conditions and adjust the level of security based on the user's context and in the face of an evolving range of threats.

The process of gathering and combining data from different sources, so that the combined data reveals new information.

Adversaries may purchase online advertisements that can be abused to distribute malware to victims. Ads can be purchased to plant as well as favorably position artifacts in specific locations online, such as prominently placed within search engine results. These ads may make it more difficult for users to distinguish between actual search results and advertisements.(Citation: spamhaus malvertising) Purchased ads may also target specific audiences using the advertising network’s capabilities, potentially further taking advantage of the trust inherently given to search engines and popular websites.

A type of malicious code that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute, replicate, and spread or propagate itself.

a collaborative data management practice focused on improving the communication, integration and automation of data flows between data managers and data consumers across an organization

The emerging field that studies how the brain relates to performance in everyday settings and at work, integrating neuroscience and ergonomics to design safer and more efficient systems and understand brain performance relationships.

related pairs of tokens given to users to validate their requests and prevent issue requests from attackers via the victim

use unique physical or behavioral traits like fingerprints, facial features, and voice patterns for cybersecurity authentication

Implementations of formal AC policy such as AC model. Access control mechanisms can be designed to adhere to the properties of the model by machine implementation using protocols, architecture, or formal languages such as program code.

the process of hardening technologies, processes, and controls to protect systems, networks, programs, devices and data from cyber attacks

intentionally taking over the account of an owner or maintainer who hosts a repository

an interactive technique that immerses potential cyber incident responders in a simulated cyber scenario

A group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of information systems.

the distribution of mission critical components or infrastructures across multiple geographic locations

A system of organizations, people, activities, information and resources, for creating and moving products including product components and/or services from suppliers through to their customers.

The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man made, that have or indicate the potential to harm life, information, operations, and/or property.

In the NICE Framework, cybersecurity work where a person: Installs, configures, troubleshoots, and maintains server configurations (hardware and software) to ensure their confidentiality, integrity, and availability; also manages accounts, firewalls, and patches; responsible for access control, passwords, and account creation and administration.

A gathering of individuals from various backgrounds and different stages in their careers (hobbyist to professionals) to solve problems of common interest.

a person who is inexperienced in a particular sphere or activity, especially as related to computing

a man in the middle attack is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating

In the NICE Framework, cybersecurity work where a person: Works on the development phases of the systems development lifecycle.

The actions taken to defend against unauthorized activity within computer networks.

the process of collecting, analyzing, and preserving digital evidence to investigate cybercrimes and other incidents

synthetic media that have been digitally manipulated to replace one person's likeness convincingly with that of another

A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.

an IT architectural model for centrally ingesting and collecting any type of log files coming from any given source or location such as servers, applications, and devices

a type of cybercrime that involves the unauthorized use of a target's devices (computers, smartphones, tablets, or even servers) by cybercriminals to mine for cryptocurrency

A real time operating system (RTOS) is an OS that guarantees real time applications a certain capability within a specified deadline.

a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information