 |
Letter: A - access
- Definition: The ability and means to communicate with or otherwise interact with a system, to use system resources to handle information, to gain knowledge of the information the system contains, or to control system components and functions.
- access and identity management
- Synonym(s): identity and access management
- access control
- Definition: The process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities.
- Related Term(s): access control mechanism
- access control mechanism
- Definition: Security measures designed to detect and deny unauthorized access and permit authorized access to an information system or a physical facility.
- active attack
- Definition: An actual assault perpetrated by an intentional threat source that attempts to alter a system, its resources, its data, or its operations.
- Related Term(s): passive attack
- active content
- Definition: Software that is able to automatically carry out or trigger actions without the explicit intervention of a user.
- adversary
- Definition: An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.
- Related Term(s): threat agent, attacker
- air gap
- Definition: To physically separate or isolate a system from other systems or networks (verb).
- Extended Definition: The physical separation or isolation of a system from other systems or networks (noun).
- alert
- Definition: A notification that a specific attack has been detected or directed at an organization’s information systems.
- allowlist
- Definition: A list of entities that are considered trustworthy and are granted access or privileges.
- Related Term(s): Blocklist
- all source intelligence
- Definition: In the NICE Framework, cybersecurity work where a person: Analyzes threat information from multiple sources, disciplines, and agencies across the Intelligence Community. Synthesizes and places intelligence information in context; draws insights about the possible implications.
- analyze
- Definition: A NICE Framework category consisting of specialty areas responsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.
- antispyware software
- Definition: A program that specializes in detecting and blocking or removing forms of spyware.
- Related Term(s): spyware
- antivirus software
- Definition: A program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents. Sometimes by removing or neutralizing the malicious code.
- asset
- Definition: A person, structure, facility, information, and records, information technology systems and resources, material, process, relationships, or reputation that has value.
- Extended Definition: Anything useful that contributes to the success of something, such as an organizational mission; assets are things of value or properties to which value can be assigned.
- asymmetric cryptography
- Synonym(s): public key cryptography
- attack
- Definition: An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity.
- Extended Definition: The intentional act of attempting to bypass one or more security services or controls of an information system.
- Related Term(s): active attack, passive attack
- attack method
- Definition: The manner or technique and means an adversary may use in an assault on information or an information system.
- attack mode
- Synonym(s): attack method
- attack path
- Definition: The steps that an adversary takes or may take to plan, prepare for, and execute an attack.
- attack pattern
- Definition: Similar cyber events or behaviors that may indicate an attack has occurred or is occurring, resulting in a security violation or a potential security violation.
- Extended Definition: For software, descriptions of common methods for exploiting software systems.
- Related Term(s): attack signature
- attack signature
- Definition: A characteristic or distinctive pattern that can be searched for or that can be used in matching to previously identified attacks.
- Extended Definition: An automated set of rules for identifying a potential threat (such as an exploit or the presence of an attacker tool) and possible responses to that threat.
- Related Term(s): attack pattern
- attack surface
- Definition: The set of ways in which an adversary can enter a system and potentially cause damage.
- Extended Definition: An information system's characteristics that permit an adversary to probe, attack, or maintain presence in the information system.
- attacker
- Definition: An individual, group, organization, or government that executes an attack.
- Extended Definition: A party acting with malicious intent to compromise an information system.
- Related Term(s): adversary, threat agent
- authenticate
- Related Term(s): authentication
- authentication
- Definition: The process of verifying the identity or other attributes of an entity (user, process, or device).
- Extended Definition: Also the process of verifying the source and integrity of data.
- authenticity
- Definition: A property achieved through cryptographic methods of being genuine and being able to be verified and trusted, resulting in confidence in the validity of a transmission, information or a message, or sender of information or a message.
- Related Term(s): integrity, non-repudiation
- authorization
- Definition: A process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource.
- Extended Definition: The process or act of granting access privileges or the access privileges as granted.
- availability
- Definition: The property of being accessible and usable upon demand.
- Extended Definition: In cybersecurity, applies to assets such as information or information systems.
- Related Term(s): confidentiality, integrity
- advanced persistent threat
- Definition: An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception).
|
|
|
