An actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations.
A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization.
A colloquial term for penetration test or penetration testing.
An evaluation methodology whereby assessors search for vulnerabilities and attempt to circumvent the security features of a network and/or information system.
The information that permits the identity of an individual to be directly or indirectly inferred.
A digital form of social engineering to deceive individuals into providing sensitive information.
An observable occurrence or sign that an attacker may be preparing to cause an incident.
The activities to build, sustain, and improve readiness capabilities to prevent, protect against, respond to, and recover from natural or manmade incidents.
The assurance that the confidentiality of, and access to, certain information about an entity is protected. The ability of individuals to understand and exercise control over how information about themselves may be used by others.
A cryptographic key that must be kept confidential and is used to enable the operation of an asymmetric (public key) cryptographic algorithm. The secret part of an asymmetric key pair that is uniquely associated with an entity.
A cryptographic key that may be widely published and is used to enable the operation of an asymmetric (public key) cryptographic algorithm. The public part of an asymmetric key pair that is uniquely associated with an entity and that may be made public.
A branch of cryptography in which a cryptographic system or algorithms use two uniquely linked keys: a public key and a private key (a key pair).
A framework consisting of standards and services to enable secure, encrypted communication and authentication over potentially insecure networks such as the Internet. A framework and services for generating, producing, distributing, controlling, accounting for, and revoking (destroying) public key certificates.