A
Absolute File Path: The full file path, which starts from the root.
Access: The ability and means to communicate with or otherwise interact with a system, to use system resources to handle information, to gain knowledge of the information the system contains, or to control system components and functions.
Access Control: The process of granting or denying specific requests for or attempts to: 1) obtain and use the information and related information processing services, and 2) enter specific physical facilities.
Access Control List (ACL): A mechanism that implements access control for a system resource by listing the identities of the system entities that are permitted to access the resource.
Access Control Service: A security service that provides protection of system resources against unauthorized access. The two basic mechanisms for implementing this service are ACLs and tickets.
Active Packet Sniffing: A type of attack where data packets are manipulated in transit.
Address Resolution Protocol (ARP): A network protocol used to determine the MAC address of the next router or device on the path.
Advanced Encryption Standard (AES): An encryption standard being developed by NIST. Intended to specify an unclassified, publicly-disclosed, symmetric encryption algorithm.
Advanced Persistent Threat (APT): An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception).
Adversarial Artificial Intelligence (AI): A technique that manipulates artificial intelligence.
Adversary: An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.
Adware: A type of legitimate software that is sometimes used to display digital advertising.
Air Gap: The physical separation or isolation of a system from other systems or networks (noun).
Alert: A notification that a specific attack has been detected or directed at an organization’s information systems.
Algorithm: A finite set of step-by-step instructions for a problem-solving or computation procedure, especially one that can be implemented by a computer.
All Source Intelligence: In the NICE Framework, cybersecurity work where a person: Analyses threat information from multiple sources, disciplines, and agencies across the Intelligence Community. Synthesizes and places intelligence information in context; draws insights about the possible implications.
Allow List: A list of entities that are considered trustworthy and are granted access or privileges.
Analysis: The investigation and validation of alerts.
Analyze: A NICE Framework category consisting of specialty areas responsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.
Angler Phishing: A technique where attackers impersonate customer service.
Anomaly-based Analysis: A detection method that identifies abnormal behavior.
Antivirus Software: A program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents. Sometimes by removing or neutralizing the malicious code.
Application Programming Interface (API) token: A small block of encrypted code.
Application: A program that performs a specific task
Argument (Linux): Specific information needed by a command.
Argument (Python): The data is brought into a function when it is called.
ARPANET: Advanced Research Projects Agency Network, a pioneer packet-switched network that was built in the early 1970s under contract to the US Government, led to the development of today’s Internet and was decommissioned in June 1990.
Array: A data type that stores data in a comma-separated ordered list
Assess: The fifth step of the NIST RMF means to determine if established controls are implemented correctly.
Asset: A person, structure, facility, information, records, information technology systems and resources, material, process, relationships, or reputation that has value.
Asset Classification: The practice of labeling assets based on sensitivity.
Asset Inventory: A catalog of assets that need to be protected.
Asset management: The process of tracking assets and the risks that affect them.
Asymmetric Cryptography: Public-key cryptography; A modern branch of cryptography in which the algorithms employ a pair of keys (a public key and a private key) and use a different component of the pair for different steps of the algorithm.
Asymmetric Encryption: The use of a public and private key pair for encryption.
Asymmetric Warfare: Asymmetric warfare is the fact that a small investment, properly leveraged, can yield incredible results.
Attack: An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity.
Attack Surface: All the potential vulnerabilities that a threat actor could exploit
Attack Tree: A diagram that maps threats to assets
Attack Vectors: The pathways attackers use to penetrate security defenses
Attacker: An individual, group, organization, or nation-state that executes an attack.
Auditing: Auditing is the information gathering and analysis of assets to ensure such things as policy compliance and security from vulnerabilities.
Authentication: The process of verifying the identity or other attributes of an entity (user, process, or device).
Authenticity: A property achieved through cryptographic methods of being genuine and being able to be verified and trusted, resulting in confidence in the validity of a transmission, information or a message, or sender of information or a message.
Authorization: A process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource.
Authorize: The sixth step of the NIST RMF that refers to being accountable for the security and privacy risks that may exist in an organization.
Autonomous System: One network or series of networks that are all under one administrative control. An autonomous system is also sometimes referred to as a routing domain. An autonomous system is assigned a globally unique number, sometimes called an Autonomous System Number (ASN).
Availability: Availability is the need to ensure that the business purpose of the system can be met and that it is accessible to those who need to use it.
