Term | Definition |
Acceptance | Acknowledging a risk but taking no action to address it |
Accounting | The ability that provides tracking of events |
Advanced Persistent Threat | Multi-year intrusion campaign that targets highly sensitive economic, proprietary, or national security information |
Asset | An item that has a value |
Authentication | The steps that ensure that the individual is who he or she claims to be |
Authorization | The act of providing permission or approval to technology resources |
Availability | Security actions that ensure that data is accessible to authorized users |
Broker | Attacker who sells knowledge of a vulnerability to other attackers or governments |
BYOD | The practice of allowing users to use their own personal devices to connect to an organizational network |
California’s Database Security Breach Notification Act | The first state electronic privacy law, which covers any state agency, person, or company that does business in California |
Confidentiality | Security actions that ensure that only authorized parties can view the information |
Cyber kill chain | A systematic outline of the steps of a cyber attack, introduced at Lockheed Martin in 2011 |
Cybercrime | Targeted attacks against financial networks, unauthorized access to information, and the theft of personal information |
Cybercriminals | A network of attackers, identity thieves, spammers, and financial fraudsters |
Cyberterrorism | A premeditated, politically motivated attack against info, computer systems, computer programs, and data, which often results in violence |
Cyberterrorist | Attacker whose motivation may be defined as ideological, or attacking for the sake of principles or beliefs |
Deterrence | Understanding the attacker and then informing him of the consequences of the action |
Exploit Kit | Automated attack package that can be used without an advanced knowledge of computers |
Gramm-Leach-Bliley Act | A US law that requires banks and financial institutions to alert customers of their policies and practices in disclosing customer information. |
Hactivist | Attacker who attacks for ideological reasons that are generally not as well-defined as a cyber terrorist's motivation |
Health Insurance Portability and Accountability Act | A US law designed to guard protected health information and implement policies and procedures to safeguard it |
Identity Theft | Stealing another person's personal info, such as a social security number, and then using that info to impersonate the victim, generally for financial gain |
Information Security | The tasks of protecting the integrity, confidentiality, and availability of info on devices that store, manipulate, and transmit the info through products, people, and procedures |
Insiders | Employees, contractors, and business partners who can be responsible for an attack |
Integrity | Security actions that ensure that the info is correct and no unauthorized person or malicious software has altered the data |
Mitigation | Addressing a risk by making it less serious |
Payment Card Industry Data Security Standard | A set of security standards that all US companies processing, storing, or transmitting credit card info must follow |
Risk | A situation that involves exposure to danger |
Risk Avoidance | Identifying the risk but making the decision to not engage in the activity |
Sarbanes-Oxley Act | A US law designed to fight corporate corruption |
Script Kiddie | Individual who lacks advanced knowledge of computers and networks and so uses downloaded automated attack software to attack info systems |
State-Sponsored Attacker | Attacker commissioned by governments to attack enemies' info systems |
Threat | A type of action that has the potential to cause harm |
Threat Agent | A person or element that has the power to carry out a threat |
Threat Likelihood | The probability that a threat will actually occur |
Threat Vector | the means by which an attack could occur |
Transference | Transferring the risk to a third party |
Vulnerability | A flaw or weakness that allows a threat agent to bypass security |