Security Terms



Access Control

Controlling who has access to a computer or online service and the information it stores.

Active Attack

Any attack that involves actions that are detectable as an attack by the target.

Antivirus Scanner

A software application which scans for malicious software and prevents malware from executing.


Something of value to a person, business or organization.

Attack Surface

The sum of the different points where an unauthorized user can try to enter data to or extract data from an environment.


The process to verify that someone is who they claim to be when they try to access a computer or online service.


The computing systems used to store and process information, the security controls used to protect it, and the communication channels used to access it must be functioning correctly at all times.


Knowledge and attitude members of an organization possess regarding the protection of the physical, and especially informational, assets of that organization.


Backing Up

To make a copy of data stored on a computer or server to lessen the potential impact of failure or loss.

Blue Team

A group of individuals who perform an analysis of information systems to ensure security, identify security flaws, verify the effectiveness of each security measure, and to make certain all security measures will continue to be effective after implementation.


A number of internet-connected devices controlled by a malicious actor using command & control (C&C) software to execute tasks which may steal data, send spam, or perform a distributed denial-of-service attack (DDoS attack).

Bring Your Own Device (BYOD)

The authorized use of personally owned mobile devices such as smartphones or tablets in the workplace.


Cloud Computing

Delivery of storage or computing services from remote servers online (ie via the internet).


Data that requires extra sensitivity due to the significant potential for misuse and costly reporting requirements in the event of unauthorized access.


Ensuring that information is not made available or disclosed to unauthorized individuals, entities, or processes.

Cyber Operations

Activities that, through the use of cyberspace, actively gather information from computers, information systems, or networks, or manipulate, disrupt, deny, degrade, or destroy targeted computers, information systems, or networks.

Cyber Resilience

An organization's ability to continuously deliver the intended outcome despite adverse cyber events.


Data Aggregation

Any process in which information is gathered and expressed in a summary form, for purposes such as statistical analysis.

Data Breach

Intentional or unintentional release of secure or private/confidential information to an untrusted environment.

Data Loss

An error condition in information systems in which information is destroyed by failures or neglect in storage, transmission, or processing.

Data Loss Prevention (DLP)

A set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users.

Data Recovery

The process of restoring data that has been lost, accidentally deleted, corrupted or made inaccessible. In enterprise IT, data recovery typically refers to the restoration of data to a desktop, laptop, server or external storage system from a backup.

Data Server

A computer or program that provides other computers with access to shared files over a network.

Data Stewards

A role within an organization responsible for utilizing an organization's data governance processes to ensure fitness of data elements - both the content and metadata.


Discover or identify the presence or existence of a vulnerability, risk, or threat.

Digital Forensics

A branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime.

Distributed Denial-of-Service Attack (DDoS)

A cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.

Domain Name

The part of a network address that identifies it as belonging to a particular domain.



The transformation of data to hide its information content.


Refer to Security Event


A software tool designed to take advantage of a flaw in a computer system, typically for malicious purposes such as installing malware.



The omission of expected or required action.


Hardware or software designed to prevent unauthorized access to a computer or network from another computer or network.



Someone who violates computer security for malicious reasons, kudos or personal gain.


A function that converts one value to another. Hashing data is a common practice in computer science and is used for several different purposes. Examples include cryptography, compression, checksum generation, and data indexing.


Store (a website or other data) on a server or other computer so that it can be accessed over the Internet.



The process of recognizing a particular user of a computer or online service.


Refer to  Security Incident

Incident Response

An organized approach to addressing and managing the aftermath of a security breach or cyber attack.

Indicator of Compromise

An artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion.

Information Security (IS) Policy

A set of rules enacted by an organization to ensure that all users or networks of the IT structure within the organization's domain abide by the prescriptions regarding the security of data stored digitally within the boundaries the organization stretches its authority.

Information Technology (IT) Asset

Gathering a detailed inventory of an organization's hardware, software and network assets.

Information Technology (IT) Directive

Foundational documents with the authority to issue Governance Directives as needed to regulate the user of IT resources.  More information can be found here.

Insider Threat

A security threat that originates from within the organization being attacked or targeted, often an employee or officer of an organization or enterprise.


Maintaining and assuring the accuracy and completeness of data over its entire lifecycle. This means that data cannot be modified in an unauthorized or undetected manner.

Internal Data

Data retrieved from inside the organization to make decisions for successful operations.

Intrusion Detection

A device or software application that monitors a network or systems for malicious activity or policy violations.


The process law enforcement officers use to track criminals via the computer. This process may be to investigate computer crimes or it may be to track records of criminals using computer forensics.


Keyboard Logger / Keylogger

A virus or physical device that logs keystrokes to secretly capture private information such as passwords or credit card details.



Software intended to infiltrate and damage or disable computers. Shortened form of malicious software.


A set of data that describes and gives information about other data.


The action of reducing the severity, seriousness, or painfulness of something.



The assurance that someone cannot deny the validity of something. Non-repudiation is a legal concept that is widely used in information security and refers to a service, which provides proof of the origin of data and the integrity of the data.


Passive Attack

A network attack in which a system is monitored and sometimes scanned for open ports and vulnerabilities. The purpose is solely to gain information about the target and no data is changed on the target. Passive attacks include active reconnaissance and passive reconnaissance.


A secret series of characters used to authenticate a person's identity.

Penetration Test

An authorized simulated cyber attack on a computer system, performed to evaluate the security of the system. The test is performed to identify both weaknesses (also referred to as vulnerabilities), including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed.

Personal Information

Personal data relating to an identifiable living individual.


Method used by criminals to try to obtain financial or other confidential information (including usernames and passwords) from internet users, usually by sending an email that looks as though it has been sent by a legitimate organization. The email usually contains a link to a fake website that looks authentic.


A person's right to control access to his or her personal information. The right to be free from intrusion or interference is a key element of privacy.

Public Data

Information that can be freely used, reused and redistributed by anyone with no existing local, national or international legal restrictions on access or usage.



A type of malicious software that cyber-criminals use to extort money from their victims.

Red Team

An independent group that challenges an organization to improve its effectiveness by assuming an adversarial role or point of view.


The recovery of data following computer failure or loss.


Possibility of something that could cause an organization not to meet one of its objectives.

Risk Assessment

The process of identifying, analyzing and evaluating risk.


Screen Scraper

A virus or physical device that logs information sent to a visual display to capture private or personal information.

Security Control

Something that modifies or reduces one or more security risks.

Security Event

Any observable security-related occurrence in a network or system, not yet determined to have negative ramifications.

Security Incident

A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices.

Sensitive Data

Information that is protected against unwarranted disclosure. Access to sensitive data should be safeguarded. Protection of sensitive data may be required for legal or ethical reasons, for issues pertaining to personal privacy, or for proprietary considerations.


A computer or computer program which manages access to a centralized resource or service in a network.


A mobile phone built on a mobile computing platform that offers more advanced computing ability and connectivity than a standard mobile phone.


A fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver.


Malware that passes information about a computer user's activities to an external party.


Tabletop Exercise

Activity in which key personnel assigned emergency management roles and responsibilities are gathered to discuss, in a non-threatening environment, various simulated emergency situations.


A person, object, or place selected as the aim of an attack.

Third-Party Risk Management (TPRM)

The process of analyzing and controlling risks presented to your company, your data, your operations and your finances by parties other than your own company.


Something that could cause harm to a system or organization.

Threat Actor

A person who performs a cyber attack or causes an accident.


Malicious programs that pretend to be legitimate software, but actually carry out hidden, harmful functions.

Two-Factor Authentication

Obtaining evidence of identity by two independent means, such as knowing a password and successfully completing a smart-card transaction.


Uniform Resource Locator (URL)

A location or address identifying where documents can be found on the Internet.

User Account

The record of a user kept by a computer to control their access to files and programs.


The short name, usually meaningful in some way, associated with a particular computer user.


Virtual Private Network (VPN)

Link(s) between computers or local area networks across different locations using a wide area network that cannot access or be accessed by other users of the wide area network.


Malware that is loaded onto a computer and then run without the user's knowledge or knowledge of its full effects.


A flaw or weakness that can be used to attack a system or organization.



Wireless local area network based upon IEEE 802.11standards.


Malware that replicates itself so it can spread to infiltrate other computers.