This guide is based on the Official ISC2 CC (Certified in Cybersecurity) Self-paced Training.
| Terms | Definitions |
|---|---|
| Adequate Security | Security matching the risk and potential harm from information loss, misuse, or unauthorized access. (Source: OMB Circular A-130) |
| Administrative Controls | Controls through policies and procedures, e.g., access control and multi-personnel requirements for specific operations. |
| Adverse Events | Negative consequences events, such as system crashes, network floods, or unauthorized system access. |
| Application Programming Interface (API) | Routines, protocols, and tools for building software applications to access web-based applications or tools. |
| Application Server | A computer hosting applications to user workstations. (Source: NIST SP 800-82 Rev.2) |
| Artificial Intelligence | Computers and robots simulating human intelligence and behavior. |
| Asset | Anything of value owned by an organization, tangible or intangible. |
| Asymmetric Encryption | An algorithm using different keys for encryption and decryption. |
| Audit | Independent review of records and activities to assess system controls and ensure policy compliance. (Source: NIST SP 1800-15B) |
| Authentication | Confirming eligibility to access specific information. |
| Authorization | Granting a system entity the right or permission to access a system resource. (Source: NIST 800-82 Rev.2) |
| Availability | Ensuring timely and reliable information access for authorized users. |
| Baseline | The documented minimum security configuration allowed by a standard or organization. |
| Biometric | Biological characteristics like fingerprints or iris patterns used for identification. |
| Bit | The fundamental data representation (zero or one) in the OSI model. |
| Bot | Malicious code acting as a remotely controlled "robot" with Trojan and worm capabilities. |
| Breach | Loss of control or compromise, unauthorized disclosure, or acquisition of personally identifiable information. (Source: NIST SP 800-53 Rev. 5) |
| Broadcast | One-to-many internet traffic transmission. |
| Business Continuity (BC) | Ensuring critical operations continue during contingencies. |
| Business Continuity Plan (BCP) | Documented instructions for sustaining operations during disruptions. |
| Business Impact Analysis (BIA) | Analyzing system requirements, functions, and interdependencies for contingency planning. (Source: NIST SP 800-34 Rev. 1) |
| Byte | A unit of digital information consisting of eight bits. |
| Checksum | A digit representing the sum of correct digits in digital data to detect errors. |
| Ciphertext | Altered form of plaintext for unreadability, turned into a secret. |
| Classification | Identifying harm levels if information is disclosed to unauthorized entities, focused on data confidentiality. |
| Classified or Sensitive Information | Information requiring protection against unauthorized disclosure, marked to indicate its classified status. |
| Cloud Computing | Enabling on-demand access to configurable computing resources. (Source: NIST 800-145) |
| Community Cloud | Cloud infrastructure provisioned for exclusive use by a specific community of consumers. (Source: NIST 800-145) |
| Confidentiality | Data or information characteristic when not available or disclosed to unauthorized persons. (Source: NIST 800-66) |
| Configuration Management | Ensuring authorized and validated changes to a system. |
| Crime Prevention through Environmental Design (CPTED) | Architectural approach emphasizing passive features to reduce criminal activity. |
| Criticality | Measure of an organization's dependence on information for mission or business success. (Source: NIST SP 800-60 Vol. 1, Rev. 1) |
| Cryptanalyst | One performing cryptanalysis, studying techniques to defeat cryptographic methods and/or information systems security. |
| Cryptography | The study or application of methods to secure messages or information content. |
| Data Integrity | The property that data has not been altered in an unauthorized manner. Data integrity covers data in storage, during processing, and while in transit. (Source: NIST SP 800-27 Rev A) |
| Data Loss Prevention (DLP) | System capabilities designed to detect and prevent the unauthorized use and transmission of information. |
| Decryption | The reverse process from encryption. It is the process of converting a ciphertext message back into plaintext through the use of the cryptographic algorithm and the appropriate key for decryption. This term is also used interchangeably with “deciphering.” |
| De-encapsulation | The opposite process of encapsulation, in which bundles of data are unpacked or revealed. |
| Defense in Depth | Information security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of the organization. (Source: NIST SP 800-53 Rev 4 ) |
| Degaussing | A technique of erasing data on disk or tape (including video tapes) that, when performed properly, ensures that there is insufficient magnetic remanence to reconstruct data. |
| Denial-of-Service (DoS) | The prevention of authorized access to resources or the delaying of time-critical operations. (Time-critical may be milliseconds or it may be hours, depending upon the service provided.) (Source: NIST SP 800-27 Rev A) |
| Digital Signature | The result of a cryptographic transformation of data which, when properly implemented, provides the services of origin authentication, data integrity, and signer non-repudiation. (Source: NIST SP 800-12 Rev. 1) |
| Disaster Recovery (DR) | In information systems terms, the activities necessary to restore IT and communications services to an organization during and after an outage, disruption or disturbance of any kind or scale. |
| Disaster Recovery Plan (DRP) | The processes, policies, and procedures related to preparing for recovery or continuation of an organization's critical business functions, technology infrastructure, systems and applications after the organization experiences a disaster. A disaster is when an organization’s critical business function(s) cannot be performed at an acceptable level within a predetermined period following a disruption. |
| Discretionary Access Control (DAC) | A certain amount of access control is left to the discretion of the object’s owner, or anyone else who is authorized to control the object’s access. The owner can determine who should have access rights to an object and what those rights should be. (Source: NIST SP 800-192) |
| Domain Name Service (DNS) | This acronym can be applied to three interrelated elements: a service, a physical server, and a network protocol. |
| Egress Monitoring | Monitoring of outgoing network traffic. |
| Encapsulation | Enforcement of data hiding and code hiding during all phases of software development and operational use. Bundling together data and methods is the process of encapsulation; its opposite process may be called unpacking, revealing, or using other terms. Also used to refer to taking any set of data and packaging it or hiding it in another data structure, as is common in network protocols and encryption. |
| Encrypt | To protect private information by putting it into a form that can only be read by people who have permission to do so. |
| Encryption | The process and act of converting the message from its plaintext to ciphertext. Sometimes it is also referred to as enciphering. The two terms are sometimes used interchangeably in literature and have similar meanings. |
| Encryption System | The total set of algorithms, processes, hardware, software, and procedures that taken together provide an encryption and decryption capability. |
| Event | Any observable occurrence in a network or system. (Source: NIST SP 800-61 Rev 2 ) |
| Exploit | A particular attack. It is named this way because these attacks exploit system vulnerabilities. |
| File Transfer Protocol (FTP) | The internet protocol (and program) used to transfer files between hosts. |
| Firewalls | Devices that enforce administrative security policies by filtering incoming traffic based on a set of rules. |
| Fragment Attack | In a fragment attack, an attacker fragments traffic in such a way that a system is unable to put data packets back together. |
| General Data Protection Regulation (GDPR) | In 2016, the European Union passed comprehensive legislation that addresses personal privacy, deeming it an individual human right. |
| Governance | The process of how an organization is managed; usually includes all aspects of how decisions are made for that organization, such as policies, roles, and procedures the organization uses to make those decisions. |
| Hardening | A reference to the process of applying secure configurations (to reduce the attack surface) and locking down various hardware, communications systems, and software, including operating system, web server, application server, application, etc. Hardening is normally performed based on industry guidelines and benchmarks, such as those provided by the Center for Internet Security (CIS). |
| Hardware | The physical parts of a computer and related devices. |
| Hash Function | An algorithm that computes a numerical value (called the hash value) on a data file or electronic message that is used to represent that file or message and depends on the entire contents of the file or message. A hash function can be considered to be a fingerprint of the file or message. (Source: NIST SP 800-152 ) |
| Hashing | The process of using a mathematical algorithm against data to produce a numeric value that is representative of that data. (Source CNSSI 4009-2015) |
| Health Insurance Portability and Accountability Act (HIPAA) | This U.S. federal law is the most important healthcare information regulation in the United States. It directs the adoption of national standards for electronic healthcare transactions while protecting the privacy of individual's health information. Other provisions address fraud reduction, protections for individuals with health insurance and a wide range of other healthcare-related activities. Est. 1996. |
| Hybrid Cloud | A combination of public cloud storage and private cloud storage where some critical data resides in the enterprise’s private cloud while other data is stored and accessible from a public cloud storage provider. |
| Impact | The magnitude of harm that could be caused by a threat’s exercise of a vulnerability. |
| Incident | An event that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits. |
| Incident Handling or Incident Response (IR) | The process of detecting and analyzing incidents to limit the incident's effect. |
| Incident Response Plan (IRP) | The documentation of a predetermined set of instructions or procedures to detect, respond to and limit consequences of a malicious cyberattack against an organization’s information systems(s). (Source: NIST SP 800-34 Rev 1) |
| Information Security Risk | The potential adverse impacts to an organization’s operations, assets, individuals, other organizations, and even the nation, which results from the possibility of unauthorized access, use, disclosure, disruption, modification, or destruction of information and/or information systems. |
| Infrastructure as a Service (IaaS) | The provider of the core computing, storage and network hardware and software that is the foundation upon which organizations can build and then deploy applications. IaaS is popular in the data center where software and servers are purchased as a fully outsourced service and usually billed on usage and how much of the resource is used. |
| Ingress Monitoring | Monitoring of incoming network traffic. |
| Insider Threat | An entity with authorized access that has the potential to harm an information system through destruction, disclosure, modification of data, and/or denial of service. (Source: NIST SP 800-32 ) |
| Institute of Electrical and Electronics Engineers (IEEE) | IEEE is a professional organization that sets standards for telecommunications, computer engineering and similar disciplines. |
| Integrity | The property of information whereby it is recorded, used and maintained in a way that ensures its completeness, accuracy, internal consistency and usefulness for a stated purpose. |
| International Organization of Standards (ISO) | The ISO develops voluntary international standards in collaboration with its partners in international standardization, the International Electro-technical Commission (IEC) and the International Telecommunication Union (ITU), particularly in the field of information and communication technologies. |
| Internet Control Message Protocol (ICMP) | An IP network protocol standardized by the Internet Engineering Task Force (IETF) through RFC 792 to determine if a particular service or host is available. |
| Internet Engineering Task Force (IETF) | The internet standards organization, made up of network designers, operators, vendors and researchers, that defines protocol standards (e.g., IP, TCP, DNS) through a process of collaboration and consensus. (Source: NIST SP 1800-16B ) |
| Internet Protocol (IPv4) | Standard protocol for transmission of data from source to destinations in packet-switched communications networks and interconnected systems of such networks. (CNSSI 4009-2015 ) |
| Intrusion | A security event, or combination of security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system or system resource without authorization. (Source: IETF RFC 4949 Ver 2 ) |
| iOS | An operating system manufactured by Apple Inc. Used for mobile devices. |
| Layered Defense | The use of multiple controls arranged in series to provide several consecutive controls to protect an asset; also called defense in depth. |
| Likelihood | The probability that a potential vulnerability may be exercised within the construct of the associated threat environment. |
| Likelihood of Occurrence | A weighted factor based on a subjective analysis of the probability that a given threat is capable of exploiting a given vulnerability or set of vulnerabilities. |
| Linux | An operating system that is open source, making its source code legally available to end users. |
| Log Anomaly | A system irregularity that is identified when studying log entries which could represent events of interest for further surveillance. |
| Logging | Collecting and storing user activities in a log, which is a record of the events occurring within an organization’s systems and networks. (NIST SP 1800-25B) |
| Logical Access Control Systems | An automated system that controls an individual’s ability to access one or more computer system resources, such as a workstation, network, application, or database. Requires the validation of an individual’s identity through mechanisms like PIN, card, biometric, or other token. (NIST SP 800-53 Rev.5. ) |
| Man-in-the-Middle | An attack where the adversary positions himself between the user and the system to intercept and alter data traveling between them. (Source: NISTIR 7711) |
| Mandatory Access Control | Access control that requires the system itself to manage access controls in accordance with the organization’s security policies. |
| Mantrap | An entrance to a building or area that requires people to pass through two doors with only one door opened at a time. |
| Message Digest | A digital signature that uniquely identifies data and changes even with a single-bit alteration in the data. (Source: NISTIR-8011 Vol.3 ) |
| Microsegmentation | Part of a zero-trust strategy that breaks LANs into very small, highly localized zones using firewalls or similar technologies. This places a firewall at every connection point. |
| Multi-Factor Authentication | Using two or more distinct instances of the three factors of authentication (something you know, something you have, something you are) for identity verification. |
| National Institutes of Standards and Technology (NIST) | NIST is part of the U.S. Department of Commerce and addresses the measurement infrastructure within science and technology efforts within the U.S. federal government. NIST sets standards in various areas, including information security within the Computer Security Resource Center of the Computer Security Divisions. |
| Non-repudiation | The inability to deny taking an action, such as creating information, approving information, and sending or receiving a message. |
| Object | A passive information system-related entity (e.g., devices, files, records, tables, processes, programs, domains) containing or receiving information. Access to an object implies access to the information it contains. (Source: NIST SP 800-53 Rev 4) |
| Operating System | The software “master control application” that runs the computer, setting standards for application programs and managing user interface and file operations. (Source: NIST SP 800-44 Version 2 ) |
| Oversized Packet Attack | Purposely sending a network packet larger than expected, causing the receiving system to fail unexpectedly. |
| Packet | Representation of data at Layer 3 of the Open Systems Interconnection (OSI) model. |
| Patch | A software component that directly modifies files or device settings related to a different software component without changing the version number or release details for the related software component. (Source: ISO/IEC 19770-2) |
| Patch Management | The systematic notification, identification, deployment, installation, and verification of operating system and application software code revisions (patches, hot fixes, and service packs). (Source: CNSSI 4009) |
| Payload | The primary action of a malicious code attack. |
| Payment Card Industry Data Security Standard (PCI DSS) | An information security standard administered by the Payment Card Industry Security Standards Council that applies to merchants and service providers processing credit or debit card transactions. |
| Personally Identifiable Information (PII) | Any information about an individual maintained by an agency, including information that can be used to distinguish or trace an individual’s identity, as defined by NIST SP 800-122. |
| Physical Controls | Controls implemented through a tangible mechanism, such as walls, fences, guards, locks. Modern organizations often link physical control systems to technical/logical systems. Also known as Physical Access Controls. |
| Plaintext | A message or data in its natural format and readable form, extremely vulnerable from a confidentiality perspective. |
| Platform as a Service (PaaS) | The web-authoring or application development middleware environment that allows applications to be built in the cloud before deployment as SaaS assets. |
| Privacy | The right of an individual to control the distribution of information about themselves. |
| Private Cloud | A cloud computing platform implemented within the corporate firewall, under IT department control, offering cloud benefits while addressing objections to the cloud computing model. |
| Principle of Least Privilege | The principle that users and programs should have only the minimum privileges necessary to complete their tasks. (Source: NIST SP 800-179) |
| Privileged Account | An information system account with approved authorizations of a privileged user. (Source: NIST SP 800-53 Rev. 4) |
| Probability | The chances or likelihood that a given threat is capable of exploiting a given vulnerability or set of vulnerabilities. (Source: NIST SP 800-30 Rev. 1) |
| Protected Health Information (PHI) | Information regarding health status, healthcare provision, or payment for healthcare as defined in HIPAA (Health Insurance Portability and Accountability Act). |
| Protocols | A set of rules (formats and procedures) to implement and control some type of association (communication) between systems. (Source: NIST SP 800-82 Rev. 2) |
| Public Cloud | Cloud infrastructure provisioned for open use by the general public, owned, managed, and operated by various entities, existing on the premises of the cloud provider. (Source: NIST SP 800-145 ) |
| Terms | Definitions |
| ------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Qualitative Risk Analysis | A method for risk analysis based on the assignment of a descriptor such as low, medium, or high. (Source: NISTIR 8286) |
| Quantitative Risk Analysis | A method for risk analysis where numerical values are assigned to both impact and likelihood based on statistical probabilities and monetarized valuation of loss or gain. (Source: NISTIR 8286) |
| Ransomware | A type of malicious software that locks the computer screen or files, preventing or limiting a user from accessing their system and data until money is paid. |
| Records | The recordings (automated and/or manual) of evidence of activities performed or results achieved, serving as a basis for verifying that the organization and the information system are performing as intended. (Source: NIST SP 800-53 Rev. 4) |
| Records Retention | A practice based on the records life cycle, where records are retained as long as necessary and then destroyed after the appropriate time interval has elapsed. |
| Remanence | Residual information remaining on storage media after clearing. (Source: NIST SP 800-88 Rev. 1) |
| Request for Change (RFC) | The first stage of change management, wherein a change in procedure or product is sought by a stakeholder. |
| Risk | A measure of the extent to which an entity is threatened by a potential circumstance or event. |
| Risk Acceptance | Determining that the potential benefits of a business function outweigh the possible risk impact/likelihood and performing that business function with no other action. |
| Risk Assessment | The process of identifying and analyzing risks to organizational operations, assets, individuals, and other organizations. It incorporates threat and vulnerability analyses and considers mitigations provided by security controls. (Source: NIST SP 800-30 Rev. 1) |
| Risk Avoidance | Determining that the impact and/or likelihood of a specific risk are too great to be offset by potential benefits and not performing a certain business function because of that determination. |
| Risk Management | The process of identifying, evaluating, and controlling threats, including all phases of risk context, assessment, treatment, and monitoring. |
| Risk Management Framework | A structured approach used to oversee and manage risk for an enterprise. (Source: CNSSI 4009) |
| Risk Mitigation | Putting security controls in place to reduce the possible impact and/or likelihood of a specific risk. |
| Risk Tolerance | The level of risk an entity is willing to assume to achieve a potential desired result. (Source: NIST SP 800-32) |
| Risk Transference | Paying an external party to accept the financial impact of a given risk. |
| Risk Treatment | The determination of the best way to address an identified risk. |
| Role-Based Access Control (RBAC) | An access control system that sets up user permissions based on roles. |
| Rule | An instruction developed to allow or deny access to a system by comparing the validated identity of the subject to an access control list. |
| Security Controls | The management, operational, and technical controls (safeguards or countermeasures) prescribed for an information system to protect its confidentiality, integrity, and availability. (Source: FIPS PUB 199) |
| Security Governance | The entirety of the policies, roles, and processes the organization uses to make security decisions. |
| Security Operations Center | A centralized organizational function fulfilled by an information security team that monitors, detects, and analyzes events on the network or system to prevent and resolve issues before they result in business disruptions. |
| Segregation of Duties | The practice of ensuring that an organizational process cannot be completed by a single person; forces collusion as a means to reduce insider threats. Also known as Separation of Duties. |
| Sensitivity | A measure of the importance assigned to information by its owner, denoting its need for protection. (Source: NIST SP 800-60 Vol 1 Rev 1) |
| Simple Mail Transport Protocol (SMTP) | The standard communication protocol for sending and receiving emails between senders and receivers. |
| Single-Factor Authentication | Use of just one of the three available factors (something you know, something you have, something you are) to carry out the authentication process being requested. |
| Social Engineering | Tactics to infiltrate systems via email, phone, text, or social media, often impersonating a person or agency in authority or offering a gift. |
| Software | Computer programs and associated data that may be dynamically written or modified during execution. (Source: NIST SP 80-37 Rev. 2) |
| Software as a Service (SaaS) | The cloud customer uses the cloud provider’s applications running within a cloud infrastructure. The consumer does not manage or control the underlying cloud infrastructure. (Derived from NIST 800-145) |
| Spoofing | Faking the sending address of a transmission to gain illegal entry into a secure system. (CNSSI 4009-2015) |
| State | The condition an entity is in at a point in time. |
| Subject | Generally an individual, process, or device causing information to flow among objects or change to the system state. (Source: NIST SP800-53 R4) |
| Symmetric Encryption | An algorithm that uses the same key in both the encryption and the decryption processes. |
| System Integrity | The quality that a system has when it performs its intended function in an unimpaired manner, free from unauthorized manipulation of the system, whether intentional or accidental. (Source: NIST SP 800-27 Rev. A) |
| Technical Controls | Security controls primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components. |
| Threat | Any circumstance or event with the potential to adversely impact organizational operations, assets, individuals, other organizations, or the nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. (Source: NIST SP 800-30 Rev 1) |
| Threat Actor | An individual or a group attempting to exploit vulnerabilities to cause or force a threat to occur. |
| Threat Vector | The means by which a threat actor carries out their objectives. |
| Token | A physical object a user possesses and controls, used to authenticate the user’s identity. (Source: NISTIR 7711) |
| Transport Control Protocol/Internet Protocol (TCP/IP) Model | Internetworking protocol model created by the IETF, specifying four layers of functionality: Link layer (physical communications), Internet Layer (network-to-network communication), Transport Layer (basic channels for connections and connectionless exchange of data between hosts), and Application Layer (where other protocols and user applications make use of network services). |
| Turnstile | A one-way spinning door or barrier allowing only one person at a time to enter a building or pass through an area. |
| Unix | An operating system used in software development. |
| User Provisioning | The process of creating, maintaining, and deactivating user identities on a system. |
| Virtual Local Area Network (VLAN) | A logical group of workstations, servers, and network devices appearing to be on the same LAN despite geographical distribution. |
| Virtual Private Network (VPN) | A virtual private network, built on top of existing networks, providing a secure communications mechanism for transmission between networks. |
| Vulnerability | Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source. (Source: NIST SP 800-128) |
| Web Server | A computer providing World Wide Web (WWW) services on the Internet, including hardware, operating system, Web server software, and Web site content. (If used internally, it may be known as an “intranet server.”) (Source: NIST SP 800-44 Version 2) |
| Whaling Attack | Phishing attacks attempting to trick highly placed officials or private individuals with sizable assets into authorizing large fund wire transfers to previously unknown entities. |
| Wireless Area Network (WLAN) | A group of computers and devices located in the same vicinity, forming a network based on radio transmissions rather than wired connections. (A Wi-Fi network is a type of WLAN.) |
| Zenmap | The graphical user interface (GUI) for the Nmap Security Scanner, an open-source application that scans networks to determine everything connected and other information. |
| Zero Day | A previously unknown system vulnerability with the potential for exploitation without risk of detection or prevention because it does not fit recognized patterns, signatures, or methods. |
| Zero Trust | Removing the design belief that the network has any trusted space. Security is managed at each possible level, representing the most granular asset. Microsegmentation of workloads is a tool of the model. |