An attacker with high levels of expertise and significant resources which allow it to create opportunities to achieve its objectives through multiple attack vectors (e.g., cyber, physical, etc).
A notification that a specific attack against organization’s information systems has been detected.
A person, facility, information technology systems and resources, material, process, relationships, or reputation, etc that have value.
An unauthorized attempt to access systems, services, resources, or information or an attempt to compromise system integrity.
Distinctive characteristic or pattern that can be searched for or used for matching to previously identified attacks.
An individual, group, organization, or even a government that prepared and launched cyberattack.
Verification of the identity or other attributes of a user, process, or device.
Evaluation of applicable access control information in order to determine if a subject is allowed to have the specified access to some system or resource.
B
Observing activities of users, information systems, and processes to measure them against relevant policies and rules, patterns of normal activity, trends etc.
A computer having access to Internet and compromised with malicious software to perform activities under remote control.
On-demand remote access to a pool of configurable resources (networks, servers, storages, applications, services) that can be provisioned and released with relatively insignificant efforts or interaction with service provider.
A condition stating that information will not be disclosed unless requested be person, organization or process that have been authorized to access the information.
Physical or virtual systems and assets, vital to society or organization to such an extent that incapacity or destruction of these systems or assets may have a very serious negative impact on the security, economy, environment, etc or ability of organization to execute.
Protection from or state of being protected against damage, unauthorized use or modification, or exploitation for activity, process, ability, state.
D
Unauthorized disclosure of sensitive information to a party, in most cases outside the organization, that is not authorized to see the information. Unauthorized movement of information can be data breach as well.
The state of data being complete, intact, trusted and having not been subjected to modifications or destruction in an unauthorized or accidental manner.
Specialized processes and techniques used to gather, and analyze system or user related digital evidence for the purpose of investigation.
Unintentional or accidental deletion of data, forgetting location of its storage, exposure to a party which is not authorized to see or have it.
A combination of policies, procedures, mechanisms and systems to stop sensitive data from leaving a secure boundary.
Stealing of information in deliberate or intentional manner.
An attack that seriously complicates or makes impossible authorized use of information systems or services.
A special value generated with a cryptographic process. It uses special private key and then is appended to a data object, making it digitally signed.
A sophisticated type of denial-of-service technique that uses numerous systems and services to perform the attack simultaneously.
Conversion of data into a form that will not be easily understood by unauthorized parties.
A comprehensive and managed approach to risk management that involves people, processes, and systems across an organization. Directed at improvement of the quality of decision making to minimize risks lowering organization’s ability to achieve its objectives.
Any occurrence observed in an information system or network which can be an indication that an incident is occurring or at least a reason to suspect it.
A transfer of information from an information system which has not been authorized.
A technique used by cybercriminals or cybersecurity experts to breach the security of a network or information system in violation of security policy or to assess its security level.
The condition of unprotected system or network which allows access to information or access to capabilities which can be used to enter a system or network.
F
Inability of a service, system or component to perform its required functions within specified range of performance requirements.
A hardware or software device which function is to limit network traffic according to a set of rules defining what access is and is not allowed or authorized.
Set of processes, methods, procedures which can be used to manage subjects and their authentication and authorizations to access specific objects.
A situation or occurrence violating or posing threat of violation of security policies and procedures.
Coordinated and managed activities connected with actual or potential event posing threat to information or information systems.
Activities aimed at short-term, direct effects of an incident which may also include recovery.
A document describing procedures used to detect and respond to a cybersecurity incident.
Set of regulations, rules, recommendations and practices describing the way the organization manages, protects, and distributes information.
A person or group from within organization posing potential risk of violating security policies.
Unauthorized bypassing of security mechanisms of a network or other information system.
Procedures and methods for analyzing networks and information systems with the purpose of determining if a security breach or violation took place.
Formal inquiry into threat or incident through digital forensics and traditional criminal inquiry techniques to define cybersecurity details and collect evidence.
Software or hardware tracking keystrokes and keyboard events in secret manner to record actions of information system users.
Special type of malicious code that attaches itself to documents and uses the macro programming capabilities of the document’s application (Word, etc) to execute, replicate, and spread itself.
A small program that downloads itself automatically and performs any unauthorized function on an information system.
Software compromising the operation of an information system through unauthorized function or process.
Application of measures to reduce the probability of an unwanted occurrence and lessen its potential or real impact.
A person or group external to a company or organization who are not authorized to access its data or information systems and may pose a potential risk to company or organization.
P
Real assault executed by source of external or internal threat trying to study or use the information from a system, but does not alter the system, its resources, data or operations mode.
Set of characters (letters, numbers, symbols) used to check the identity or to verify access rights.
Special methodology providing vulnerabilities search and attempts to prevail over security features of a network or other information system.
Social engineering performed with digital tools and aimed at deceiving individuals into providing their sensitive information.
Assurance that access to certain information about an entity is protected and it is kept confidential.
Special cryptographic key that must be kept confidential. It is used to enable the operation of a public key cryptographic algorithm.
Special cryptographic key that may be widely published. It is used to enable the operation of a public key cryptographic algorithm.
Measures, steps, activities taken after security incident or event to restore at least essential services and operations in the short and medium term. Full restoration of capabilities is to be completed in the longer term, as a rule.
Additional systems, assets, processes that can be used to maintain certain degree of functionality in case another system, asset, or process fails or is lost.
Activities addressing short-term, direct effects of an incident and aimed at short-term recovery.
Degree of potential for an undesired or negative outcome of an incident or event. Likelihood that a particular threat will exploit a particular vulnerability and will bring about certain consequences.
Systematic examination of the risk, its components and characteristics.
Collection of information and quantitative/qualitative assessment risks with further informing of priorities, developing or updating courses of action, and keeping decision makers aware of the situation.
Identification, assessment, communication of risks and their acceptance, avoidance, or taking under control to reduce to an acceptable level considering incurred costs.
Set of rules that define acceptable use of an organization’s information and services to keep the risks at an acceptable level. Also defines systems, tools, processes to protect the organization’s information assets.
Some recognizable, distinguishing pattern of an attack, as a rule.
Information about the current and potential security situation and risks, based on observation, analysis, knowledge and experience.
Usage of electronic messaging systems to send unsolicited bulk messages in huge numbers and indiscriminately.
Making a transmission with faked sender’s address to get unauthorized entry into a secured system.
Software application that is secretly installed into an information system without the knowledge of the user or owner.
State of an information system in which it performs its intended function in proper manner and free from unauthorized manipulation of the system in any manner.
T
Event exploiting or having potential to exploit vulnerabilities and have negative impact on business or organization’s operations, systems, employees, customers, users.
Any individual, group or organization conducting or having intent to conduct criminal or unauthorized activities.
Detailed evaluation of the characteristics of a threat.
Identification and evaluation of actions or events that have potential of negative impact on life, information, operations, property etc.
Data that authenticates identity of a client or a service and forms a credential together with a temporary encryption key.
Any access that violates actual security policy.
V
Software application that can replicate itself and infects a computer to spread or propagate itself to another computer in unnoticed and unauthorized manner.
Specific characteristic that renders an organization or asset open to exploitation by specific threat.
Certain imperfection in code, design, architecture, or deployment of software that may turn into vulnerability or open way to introduction of vulnerability.
List of entities recognized trustworthy to be granted access or privileges.
Specific software code that replicates itself and uses network to spread itself.