An actual assault perpetrated by an intentional threat source that attempts to alter a system, its resources, its data, or its operations.
Software that is able to automatically carry out or trigger actions without the explicit intervention of a user.
An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception).
An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.
To physically separate or isolate a system from other systems or networks (verb). The physical separation or isolation of a system from other systems or networks (noun).
A notification that a specific attack has been detected or directed at an organization’s information systems.
In the NICE Framework, cybersecurity work where a person: analyzes threat information from multiple sources, disciplines, and agencies across the intelligence community. Synthesizes and places intelligence information in context; draws insights about the possible implications.
A program that specializes in detecting and blocking or removing forms of spyware.
A program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents. Sometimes by removing or neutralizing the malicious code.
A person, structure, facility, information, and records, information technology systems and resources, material, process, relationships, or reputation that has value. Anything useful that contributes to the success of something, such as an organizational mission; assets are things of value or properties to which value can be assigned.
Synonym(s): public key cryptography
An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity. The intentional act of attempting to bypass one or more security services or controls of an information system.
The manner or technique and means an adversary may use in an assault on information or an information system.
Synonym(s): attack method
The steps that an adversary takes or may take to plan, prepare for, and execute an attack.
Similar cyber events or behaviors that may indicate an attack has occurred or is occurring, resulting in a security violation or a potential security violation. For software, descriptions of common methods for exploiting software systems.
A characteristic or distinctive pattern that can be searched for or that can be used in matching to previously identified attacks. An automated set of rules for identifying a potential threat (such as an exploit or the presence of an attacker tool) and possible responses to that threat.
The set of ways in which an adversary can enter a system and potentially cause damage. An information system's characteristics that permit an adversary to probe, attack, or maintain presence in the information system.
An individual, group, organization, or government that executes an attack. A party acting with malicious intent to compromise an information system.
The process of verifying the identity or other attributes of an entity (user, process, or device). Also the process of verifying the source and integrity of data.
A property achieved through cryptographic methods of being genuine and being able to be verified and trusted, resulting in confidence in the validity of a transmission, information or a message, or sender of information or a message.
A process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource. The process or act of granting access privileges or the access privileges as granted.
The use of electronics, software, and/or computer-controlled devices to assume control of processes. The aim of automation is to boost efficiency and reliability. In the context of security policy, automation is used to describe two concepts. Network Policy Automation: Relates to the “automation” of the change management process associated with networking devices such as firewalls. Automation describes the workflows and processes associated with access requests, risk analysis, rule design, deployment, and validation. Cloud Security Automation: Relates to the “automation” of applying policy-based security controls within the build and configuration pipelines often used in cloud-native environments, through the use of Infrastructure as code (IaC) and Security as Code (SaC)
The property of being accessible and usable upon demand. In cybersecurity, applies to assets such as information or information systems.
The ability and means to communicate with or otherwise interact with a system, to use system resources to handle information, to gain knowledge of the information the system contains, or to control system components and functions.
Synonym(s): identity and access management
The process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities.
Security measures designed to detect and deny unauthorized access and permit authorized access to an information system or a physical facility.