Find definitions for IT security and compliance in our online glossary of key terms, acronyms, and vocabulary.

• Term
  Definition
• Access
  Definition: The ability and means to communicate with or otherwise interact with a system, to use system resources to handle information, to gain knowledge of the information the system contains, or to control system components and functions. Synonym(s): identity and access management
• Access Control
  Definition: The process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities. Related Term(s): access control mechanism
• Access Control Mechanism
  Definition: Security measures designed to detect and deny unauthorized access and permit authorized access to an information system or a physical facility.
• Active Attack
  Definition: An actual assault perpetrated by an intentional threat source that attempts to alter a system, its resources, its data, or its operations. Related Term(s): passive attack
• Active Content
  Definition: Software that is able to automatically carry out or trigger actions without the explicit intervention of a user.
• Active Data
  Active data is information residing on the direct access storage media of computer systems, which is readily visible to the operating system and/or application software with which it was created and immediately accessible to users without undeletion, modification or reconstruction (i.e., word(...)
• Active Files
  Files residing on disk drives of PCs, LAN file servers, laptops, etc. Include backup files created by application software such as Microsoft Word.
• Active Records
  Active records are records related to current, ongoing or in process activities and are referred to on a regular basis to respond to day-to-day operational requirements. An active record resides in native application format and is accessible for purposes of business processing with no(...)
• Address
  The term address can be used to mean:  • An Internet address - a unique location on the Internet.  • An e-mail address or  • A web page address (also known as a URL)
• Advanced Persistent Threat
  Definition: An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception).
• Adversary
  Definition: An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities. Related Term(s): threat agent, attacker
• Air Gap
  Definition: The physical separation or isolation of a system from other systems or networks.
• Alert
  Definition: A notification that a specific attack has been detected or directed at an organization’s information systems.
• All Source Intelligence
  Definition: In the NICE Framework, cybersecurity work where a person: Analyzes threat information from multiple sources, disciplines, and agencies across the Intelligence Community. Synthesizes and places intelligence information in context; draws insights about the possible implications.
• Allowlist
  Definition: A list of entities that are considered trustworthy and are granted access or privileges. Related Term(s): Blocklist
• Analyze
  Definition: A NICE Framework category consisting of specialty areas responsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.
• Antispyware Software
  Definition: A program that specializes in detecting and blocking or removing forms of spyware. Related Term(s): spyware
• Antivirus Software
  Definition: A program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents. Sometimes by removing or neutralizing the malicious code.
• Application
  An application is a collection of one or more related software programs that enables a user to enter, store, view, modify or extract information from files or databases. The term is commonly used in place of “program,” or “software.” Applications may include word processors, Internet browsing(...)
• Archival Data
  Archival data is information that is not directly accessible to the user of a computer system but that the organization maintains for long-term storage and record keeping purposes. Archival data may be written to removable media such as a CD, magneto-optical media, tape or other electronic(...)
• Archive/Electronic Archive
  Archives are long term repositories for the storage of records. Electronic archives preserve the content, prevent or track alterations and control access to electronic records.
• Asset
  Definition: Anything useful that contributes to the success of something, such as an organizational mission; assets are things of value or properties to which value can be assigned.
• Asymmetric Cryptography
  Synonym(s): public key cryptography
• Attachment
  An attachment is a record or file associated with another record for the purpose of storage or transfer. There may be multiple attachments associated with a single “parent” or “master” record. The attachments and associated record may be managed and processed as a single unit. In common use,(...)
• Attack
  Definition: An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity. Related Term(s): active attack, passive attack
• Attack Method
  Definition: The manner or technique and means an adversary may use in an assault on information or an information system.
• Attack Path
  Definition: The steps that an adversary takes or may take to plan, prepare for, and execute an attack.
• Attack Signature
  Definition: A characteristic or distinctive pattern that can be searched for or that can be used in matching to previously identified attacks. Related Term(s): attack pattern
• Attack Surface
  Definition: An information system's characteristics that permit an adversary to probe, attack, or maintain presence in the information system.
• Attacker
  Definition: An individual, group, organization, or government that executes an attack. Related Term(s): adversary, threat agent
• Attribute
  An attribute is a characteristic of data that sets it apart from other data, such as location, length, or type. The term attribute is sometimes used synonymously with “data element” or “property.”  ASCII (Acronym for American Standard Code): ASCII is a code that assigns a number to each(...)
• Authentication
  Definition: The process of verifying the identity or other attributes of an entity (user, process, or device). Extended Definition: Also the process of verifying the source and integrity of data.
• Authenticity
  Definition: A property achieved through cryptographic methods of being genuine and being able to be verified and trusted, resulting in confidence in the validity of a transmission, information or a message, or sender of information or a message. Related Term(s): integrity, non-repudiation
• Author /Originator
  The author of a document is the person, office or designated position responsible for its creation or issuance. In the case of a document in the form of a letter, the author or originator is usually indicated on the letterhead or by signature. In some cases, the software application producing(...)
• Authorization
  Definition: A process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource. Extended Definition: The process or act of granting access privileges or the access privileges as granted.
• Availability
  Definition: In cybersecurity, applies to assets such as information or information systems. Related Term(s): confidentiality, integrity
• Backup
  To create a copy of data as a precaution against the loss or damage of the original data. Most users backup some of their files, and many computer networks utilize automatic backup software to make regular copies of some or all of the data on the network. Some backup systems use digital audio(...)
• Backup Data
  Backup data is information that is not presently in use by an organization and is routinely stored separately upon portable media, to free up space and permit data recovery in the event of disaster.
• Backup Files
  Files copied to diskettes, portable disk drives, backup tapes and compact disks, providing the user with access to data in case of emergency. Some backup files are created automatically by certain applications or operating systems, are not readily apparent to the user and are maintained (as(...)
• Backup Tape
  Backup or disaster recovery tapes are portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery.
• Backup Tape Recycling
  Backup tape recycling is the process whereby an organization’s backup tapes are overwritten with new backup data, usually on a fixed schedule (i.e., the use of nightly backup tapes for each day of the week with the daily backup tape for a particular day being overwritten on the same day the(...)
• Bandwidth
  The amount of information or data that can be sent over a network connection in a given period of time. Bandwidth is usually stated in bits per second (bps), kilobits per second (kbps), or megabits per second (mps).
• Bates Production Number:
  A bates production number is a tracking number assigned to each page of each document in the production set.
• Behavior Monitoring
  Definition: Observing activities of users, information systems, and processes and measuring the activities against organizational policies and rule, baselines of normal activity, thresholds, and trends.
• Best Evidence Rule
  The Best Evidence Rule states that to prove the content of a written document, recording, or photograph, the "original" writing, recording, or photograph is ordinarily required.
• Binary
  Mathematical base 2, or numbers composed of a series of zeros and ones. Since zero's and one's can be easily represented by two voltage levels on an electronic device, the binary number system is widely used in digital computing.
• BIOS
  Basic input output system
• Bit
  A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code. A collection of bits is put together to form a byte.
• Blocklist
  Definition: A list of entities that are blocked or denied privileges or access. Related Term(s): Allowlist
• Blog
  Blogs, also referred to as Web logs, are frequent, chronological Web publications consisting of links and postings. The most recent posting appears at the top of the page.
• Blue Team
  Definition: A group that defends an enterprise's information systems when mock attackers (i.e., the Red Team) attack, typically as part of an operational exercise conducted according to rules established and monitored by a neutral group (i.e., the White Team). Related Term(s): Red Team,(...)
• Bot
  Definition: A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under remote the command and control of a remote administrator. Synonym(s): zombie Related Term(s): botnet
• Bot Master
  Definition: The controller of a botnet that, from a remote location, provides direction to the compromised computers in the botnet. Synonym(s): bot herder
• Botnet
  Definition: A collection of computers compromised by malicious code and controlled across a network.
• Bug
  Definition: An unexpected and relatively small defect, fault, flaw, or imperfection in an information system or device. Can lead to application errors, crash, or vulnerablity
• Build Security In
  Definition: A set of principles, practices, and tools to design, develop, and evolve information systems and software that enhance resistance to vulnerabilities, flaws, and attacks.
• Burn
  Slang for making (burning) a CD-ROM copy of data, whether it is music, software, or other data.
• Byte
  Eight bits. The byte is the basis for measurement of most computer data as multiples of the byte value. A "megabyte" is one million bytes or eight million bits or a "gigabyte" is one billion bytes or eight billion bits. 1 gigabyte = 1,000 megabytes 1 terabyte = 1,000 gigabytes
• Cache
  A fast storage buffer in the central processing unit of a computer that temporarily stores frequently used information for quick access.
• Capability
  Definition: The means to accomplish a mission, function, or objective. Related Term(s): intent
• CD-ROM
  Data storage medium that uses compact discs to store about 1,500 floppy discs worth of data.
• Chain of Custody
  A chain of custody tracks evidence from its original source to what is offered as evidence in court
• Cipher
  Synonym(s): cryptographic algorithm
• Ciphertext
  Definition: Data or information in its encrypted form. Related Term(s): plaintext
• Client/Server Architecture
  A computer network design involving desktop PCs that depend on other (generally larger) computers to provide the PCs with information and/or applications. In the client/server environment, the client (PC) and the server are symbiotic and processing occurs in both places. Client- server(...)
• Cloud Computing
  Definition: A model for enabling on-demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
• Coding
  Document coding is the process of capturing case-relevant information (i.e. author, date authored, date sent, recipient, date opened, etc.) from a paper document.
• Collect & Operate
  Definition: A NICE Framework category consisting of specialty areas responsible for specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence.
• Collection Operations
  Definition: In the NICE Framework, cybersecurity work where a person: Executes collection using appropriate strategies and within the priorities established through the collection management process.
• Compression
  A technology that reduces the size of a file. Compression programs are valuable to network users because they help save both time and bandwidth.
• Computer Forensics
  Computer forensics is the use of specialized techniques for recovery, authentication, and analysis of electronic data when a case involves issues relating to reconstruction of computer usage, examination of residual data, authentication of data by technical analysis or explanation of(...)
• Computer Forensics
  The science of obtaining, preserving, and documenting evidence from digital electronic storage devices, such as computers, pagers, PDAs, digital cameras, cell phones, and various memory storage devices. All must be done in a manner designed to preserve the probative value of the evidence and(...)
• Computer Network Defense
  Definition: The actions taken to defend against unauthorized activity within computer networks.
• Computer Network Defense Analysis
  Definition: In the NICE Framework, cybersecurity work where a person: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and(...)
• Computer Network Defense Infrastructure Support
  Definition: In the NICE Framework, cybersecurity work where a person: Tests, implements, deploys, maintains, reviews, and administers the infrastructure hardware and software that are required to effectively manage the computer network defense service provider network and resources; monitors(...)
• Computer System
  Refers to the entire computing environment. This environment may consist of one large computer serving many users (e.g. a mainframe or mini- computer) or one or more personal computers working individually or linked together through a network. A computer system includes all hardware and(...)
• Confidentiality
  Definition: A property that information is not disclosed to users, processes, or devices unless they have been authorized to access the information.Related Term(s): availability, integrity
• Consequence
  Definition: In cybersecurity, the effect of a loss of confidentiality, integrity or availability of information or an information system on an organization's operations, its assets, on individuals, other organizations, or on national interests.
• Continuity of Operations Plan
  Definition: A document that sets forth procedures for the continued performance of core capabilities and critical operations during any disruption or potential disruption.Related Term(s): Business Continuity Plan, Disaster Recovery Plan, Contingency Plan
• Cookie
  Small data files written to a user's hard drive by a Web server. These files contain specific information that identifies users (i.e., passwords and lists of pages visited). 
• Copy
  A copy is an accurate reproduction of information contained in the data objects independent of the original physical
• Critical Infrastructure
  Definition: The systems and assets, whether physical or virtual, so vital to society that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters. Related Term(s): key resource
• Cryptanalysis
  Definition: The operations performed in defeating or circumventing cryptographic protection of information by applying mathematical techniques and without an initial knowledge of the key employed in providing the protection.
• Cryptographic Algorithm
  Definition: A well-defined computational procedure that takes variable inputs, including a cryptographic key, and produces an output. Related Term(s): key, encryption, decryption, symmetric key, asymmetric key
• Cryptography
  Definition: The use of mathematical techniques to provide security services, such as confidentiality, data integrity, entity authentication, and data origin authentication. Extended Definition: The art or science concerning the principles, means, and methods for converting plaintext into(...)
• Cryptology
  Definition: The mathematical science that deals with cryptanalysis and cryptography. Related Term(s): cryptanalysis, cryptography
• Customer Service and Technical Support
  Definition: In the NICE Framework, cybersecurity work where a person: Addresses problems, installs, configures, troubleshoots, and provides maintenance and training in response to customer requirements or inquiries (e.g., tiered-level customer support).
• Cyber Ecosystem
  Definition: The interconnected information infrastructure of interactions among persons, processes, data, and information and communications technologies, along with the environment and conditions that influence those interactions.
• Cyber Exercise
  Definition: A planned event during which an organization simulates a cyber disruption to develop or test capabilities such as preventing, detecting, mitigating, responding to or recovering from the disruption.
• Cyber Infrastructure
  Definition: The information and communications systems and services composed of all hardware and software that process, store, and communicate information, or any combination of all of these elements:  Processing includes the creation, access, modification, and destruction of(...)
• Cyber Operations
  Definition: In the NICE Framework, cybersecurity work where a person: Performs activities to gather evidence on criminal or foreign intelligence entities in order to mitigate possible or real-time threats, protect against espionage or insider threats, foreign sabotage, international terrorist(...)
• Cyber Operations Planning
  Definition: in the NICE Framework, cybersecurity work where a person: Performs in-depth joint targeting and cyber planning process. Gathers information and develops detailed Operational Plans and Orders supporting requirements. Conducts strategic and operational-level planning across the full(...)
• Cyber Threat Intelligence (CTI)
  Definition: The collecting, processing, organizing, and analyzing data into actionable information that relates to capabilities, opportunities, actions, and intent of adversaries in the cyber domain to meet a specific requirement determined by and informing decision-makers.
• Cybersecurity
  Definition: Strategy, policy, and standards regarding the security of and operations in cyberspace, and encompass[ing] the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities,(...)
• Cyberspace
  Definition: The interdependent network of information technology infrastructures, that includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers.
• DAT (Digital Audio Tape)
  Used as a storage medium in some backup systems.
• Data
  Information stored on the computer system and used by applications to accomplish tasks. 3
• Data Administration
  Definition: In the NICE Framework, cybersecurity work where a person: Develops and administers databases and/or data management systems that allow for the storage, query, and utilization of data.
• Data Aggregation
  Definition: The process of gathering and combining data from different sources, so that the combined data reveals new information. Related Term(s): data mining
• Data Breach
  Definition: The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information. Related Term(s): data loss, data theft, exfiltration
• Data File
   See File
• Data Integrity
  Definition: The property that data is complete, intact, and trusted and has not been modified or destroyed in an unauthorized or accidental manner. Related Term(s): integrity, system integrity
• Data Loss
  Definition: The result of unintentionally or accidentally deleting data, forgetting where it is stored, or exposure to an unauthorized party. Related Term(s): data leakage, data theft
• Data Loss Prevention
  Definition: A set of procedures and mechanisms to stop sensitive data from leaving a security boundary. Related Term(s): data loss, data theft, data leak
• Data Mining
  Definition: The process or techniques used to analyze large sets of existing information to discover previously unrevealed patterns or correlations. Related Term(s): data aggregation
• Data Theft
  Definition: The deliberate or intentional act of stealing of information. Related Term(s): data aggregation, data leakage, data loss
• De-Duplication
  De-Duplication (“De-Duping”) is the process of comparing electronic records based on their characteristics and removing duplicate records from the data set. 
• Decipher
  Definition: To convert enciphered text to plain text by means of a cryptographic system. Synonym(s): decode, decrypt
• Decode
  Definition: To convert encoded text to plain text by means of a code. Synonym(s): decipher, decrypt
• Decrypt
  Definition: A generic term encompassing decode and decipher. Synonym(s): decipher, decode
• Decryption
  Definition: The process of transforming ciphertext into its original plaintext. Extended Definition: The process of converting encrypted data back into its original form, so it can be understood.Synonym(s): decode, decrypt, decipher
• Deleted Data
  Deleted data is data that, in the past, existed on the computer as live data and which has been deleted by the computer system or end-user activity. Deleted data remains on storage media in whole or in part until it is overwritten by ongoing usage or “wiped” with a software program(...)
• Deleted file
  A file with disk space that has been designated as available for reuse. The deleted file remains intact until it has been overwritten with a new file. 
• Deletion
  Deletion is the process whereby data is removed from active files and other data storage structures on computers and rendered inaccessible except using special data recovery tools designed to recover deleted data.
• Denial of Service
  Definition: An attack that prevents or impairs the authorized use of information system resources or services.
• Desktop
  Usually refers to an individual PC -- a user's desktop computer.
• Digital
  Storing information as a string of digits – namely “1”s and “0”s. 
• Digital Evidence
  Information stored or transmitted in binary form that may be relied upon in court.
• Digital Forensics
  Definition: The processes and specialized techniques for gathering, retaining, and analyzing system-related data (digital evidence) for investigative purposes.Synonym(s): computer forensics, forensics
• Digital Rights Management
  Definition: A form of access control technology to protect and manage use of digital content or devices in accordance with the content or device provider's intentions.
• Digital Signature
  Definition: A value computed with a cryptographic process using a private key and then appended to a data object, thereby digitally signing the data.Related Term(s): electronic signature
• Disc (disk)
  It may be a floppy disk, or it may be a hard disk. Either way, it is a magnetic storage medium on which data is digitally stored. A disc may also refer to a CD-ROM.  Distributed Data: Distributed data is that information belonging to an organization which resides on portable media and(...)
• Disruption
  Definition: An event which causes unplanned interruption in operations or functions for an unacceptable length of time.
• Distributed Denial of Service
  Definition: A denial of service technique that uses numerous systems to perform the attack simultaneously. Related Term(s): denial of service, botnet
• Document
  Fed. R. Civ. P. 34(a) defines a document as “including writings, drawings, graphs, charts, photographs, phonorecords, and other data compilations.” In the electronic discovery world, a document also refers to a collection of pages representing an electronic file. E-mails, attachments,(...)
• Dongle
  An external hardware devices with some memory inside it.
• Duplicate Digital Evidence
  A duplicate is an accurate digital reproduction of all data objects contained on the original physical item.
• Dynamic Attack Surface
  Definition: The automated, on-the-fly changes of an information system's characteristics to thwart actions of an adversary.
• E-mail Message Store
  A top most e-mail message store is the location in which an e-mail system stores its data. For instance, an Outlook PST (personal storage folder) is a type of top most file that is created when a user’s Microsoft Outlook mail account is set up. Additional Outlook PST files for that user can(...)
• Education and Training
  Definition: In the NICE Framework, cybersecurity work where a person: Conducts training of personnel within pertinent subject domain; develop, plan, coordinate, deliver, and/or evaluate training courses, methods, and techniques as appropriate.
• Electronic Discovery
  The discovery of electronic documents and data including e-mail, Web pages, word processing files, computer databases, and virtually anything that is stored on a computer. Technically, documents and data are “electronic” if they exist in a medium that can only be read through the use of(...)
• Electronic Mail Message
  Commonly referred to as “e-mail”, an electronic mail message is a document created or received via an electronic mail system, including brief notes, formal or substantive narrative documents, and any attachments, such as word processing and other electronic documents, which may be transmitted(...)
• Electronic Record
  Information recorded in a form that requires a computer or other machine to process it and that otherwise satisfies the definition of a record. 
• Electronic Signature
  Definition: Any mark in electronic form associated with an electronic document, applied with the intent to sign the document.Related Term(s): digital signature
• Encipher
  Definition: To convert plaintext to ciphertext by means of a cryptographic system.Synonym(s): encode, encrypt
• Encode
  Definition: To convert plaintext to ciphertext by means of a code.Synonym(s): encipher, encrypt
• Encrypt
  Definition: The generic term encompassing encipher and encode.Synonym(s): encipher, encode
• Encryption
  Definition: The process of transforming plaintext into ciphertext. Converting data into a form that cannot be easily understood by unauthorized people.Synonym(s): encode, encrypt, encipher
• Encryption
  A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
• Enterprise Risk Management
  Definition: A comprehensive approach to risk management that engages people, processes, and systems across an organization to improve the quality of decision making for managing risks that may hinder an organization’s ability to achieve its objectives.Related Term(s): risk management,(...)
• Ethernet
  A common way of networking PCs to create a LAN. 
• Event
  Definition: An observable occurrence in an information system or network. Sometimes provides an indication that an incident is occurring or at least raises the suspicion that an incident may be occurring.Related Term(s): incident
• Exfiltration
  Definition: The unauthorized transfer of information from an information system.Related Term(s): data breach
• Exploit
  Definition: A technique to breach the security of a network or information system in violation of security policy.
• Exploitation Analysis
  Definition: In the NICE Framework, cybersecurity work where a person: Analyzes collected information to identify vulnerabilities and potential for exploitation.
• Exposure
  Definition: The condition of being unprotected, thereby allowing access to information or access to capabilities that an attacker can use to enter a system or network.
• Extranet
  An Internet based access method to a corporate intranet site by limited or total access through a security firewall. This type of access is typically utilized in cases of joint venture and vendor client relationships. 
• Failure
  Definition: The inability of a system or component to perform its required functions within specified performance requirements.
• Family Range
  A family range describes the range of documents from the first Bates production number assigned to the first page of the top most parent document through the last Bates production number assigned to the last page of the last child document. 
• Family Relationship
  A family relationship is formed among two or more documents that have a connection or relatedness because of some factor. 
• File Allocation Table (FAT)
  Where the operating system stores information about a disk's structure. The FAT is a road map, which allows a computer to save information on the disk, locate and retrieve it. Different operating systems have more or less sophisticated FAT 4 capabilities and therefore are more or less(...)
• File Extension
  A tag of three or four letters, preceded by a period, which identifies a data file's format or the application used to create the file. File extensions can streamline the process of locating data. For example, if one is looking for incriminating pictures stored on a computer, one might begin(...)
• File Server
  When several or many computers are networked together in a LAN situation, one computer may be utilized as a storage location for files for the group. File servers may be employed to store e-mail, financial data, word processing information or to back-up the network.
• File Sharing
  One of the key benefits of a network is the ability to share files stored on the server among several users.
• Files
  Groups of information collectively placed under a name and stored on the computer. Files are organized in various directories and subdirectories. 
• Firewall
  Definition: A hardware/software device or a software program that limits network traffic according to a set of rules of what access is and is not allowed or authorized.
• Firewall
  A set of related programs that protect the resources of a private network from users from other networks.
• Floppy
  Once the standard and now an increasingly rare storage medium consisting of a thin magnetic film disk housed in a protective sleeve. 
• Format
  The internal structure of a file, which defines the way it is stored and used. Specific applications may define unique formats for their data (i.e., “MS Word document file format”). Many files may only be viewed or printed using their originating application or an application designed to work(...)
• Fragmented Data
  Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.
• FTP (File Transfer Protocol)
  An Internet protocol that enables you to transfer files between computers on the Internet. 
• GIF (Graphic Interchange Format)
  A computer compression format for pictures. 
• Gigabyte (GB)
  A gigabyte is a measure of computer data storage capacity and is a billion (1,000,000,000) bytes.
• GUI (Graphical User Interface)
  A set of screen presentations and metaphors that utilize graphic elements such as icons in an attempt to make an operating system easier to use. 
• Hacker
  Definition: An unauthorized user who attempts to or gains access to an information system.
• Hard Drive
  The primary storage unit on PCs and servers, consisting of one or more magnetic media platters on which digital data can be written and erased magnetically. Hearsay evidence; Hearsay can be defined as "a statement , other than one made by the declarant while testifying at the trial or hearing(...)
• Hash Value
  Definition: A numeric value resulting from applying a mathematical algorithm against a set of data such as a file. Synonym(s): cryptographic hash value Related Term(s): hashing
• Hashing
  Definition: A process of applying a mathematical algorithm against a set of data to produce a numeric value (a 'hash value') that represents the data. Extended Definition: Mapping a bit string of arbitrary length to a fixed length bit string to produce the hash value.Related Term(s): hash value
• Hazard
  Definition: A natural or man-made source or cause of harm or difficulty.Related Term(s): threat
• HTML (Hypertext Markup Language)
   The tag-based ASCII language used to create pages on the Web. 
• ICT Supply Chain Threat
  Definition: A man-made threat achieved through exploitation of the information and communications technology (ICT) system’s supply chain, including acquisition processes.Related Term(s): supply chain, threat
• Identity and Access Management
  Definition: The methods and processes used to manage subjects and their authentication and authorizations to access specific objects.  Synonym(s): consequence
• Inactive Record
  Inactive records are those Records related to closed, completed, or concluded activities. Inactive Records are no longer routinely referenced, but must be retained in order to fulfill reporting requirements or for purposes of audit or analysis. Inactive records generally reside in a long-term(...)
• Incident
  Definition: An occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the(...)
• Incident Management
  Definition: The management and coordination of activities associated with an actual or potential occurrence of an event that may result in adverse consequences to information or information systems.
• Incident Response
  Definition: In the Workforce framework, cybersecurity work where a person: Responds to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats; uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of(...)
• Incident Response Plan
  Definition: A set of predetermined and documented procedures to detect and respond to a cyber incident.
• Indicator
  Definition: An occurrence or sign that an incident may have occurred or may be in progress.Related Term(s): precursor
• Industrial Control System
  Definition: An information system used to control industrial processes such as manufacturing, product handling, production, and distribution or to control infrastructure assets.Related Term(s): Supervisory Control and Data Acquisition, Operations Technology
• Information and Communication(s) Technology
  Definition: Any information technology, equipment, or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information.Related Term(s): information technology
• Information Assurance
  Definition: The measures that protect and defend information and information systems by ensuring their availability, integrity, and confidentiality.Related Term(s): information security
• Information Assurance Compliance
  Definition: In the NICE Framework, cybersecurity work where a person: Oversees, evaluates, and supports the documentation, validation, and accreditation processes necessary to assure that new IT systems meet the organization's information assurance and security requirements; ensures(...)
• Information Security Policy
  Definition: An aggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information.Related Term(s): security policy
• Information Sharing
  Definition: An exchange of data, information, and/or knowledge to manage risks or respond to incidents.
• Information System Resilience
  Definition: The ability of an information system to: 1) continue to operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and  2) recover effectively in a timely manner.Related Term(s): resilience
• Information Systems Security Operations
  Definition: In the NICE Framework, cybersecurity work where a person: Oversees the information assurance program of an information system in or outside the network environment; may include procurement duties (e.g., Information Systems Security Officer).
• Information Technology
  Definition: Any equipment or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information.Related Term(s): information and communication(s) technology
• Insider Threat
  Definition: One or more individuals with the access and/or inside knowledge of a company, organization, or enterprise that would allow them to exploit the vulnerabilities of that entity's security, systems, services, products, or facilities with the intent to cause harm.Related Term: outsider(...)
• Instant Messaging (“IM”)
  Instant Messaging is a form of electronic communication which involves immediate correspondence between two or more users who are all online simultaneously. 
• Integrated Risk Management
  Definition: The structured approach that enables an enterprise or organization to share risk information and risk analysis and to synchronize independent yet complementary risk management strategies to unify efforts across the enterprise.Related Term(s): risk management, enterprise risk management
• Integrity
  Definition: The property whereby information, an information system, or a component of a system has not been modified or destroyed in an unauthorized manner.Related Term(s): availability, confidentiality, data integrity, system integrity
• Intent
  Definition: A state of mind or desire to achieve an objective.Related Term(s): capability
• Internet
  The interconnecting global public network made by connecting smaller shared public networks. The most well-known Internet is the Internet, the worldwide network of networks which use the TCP/IP protocol to facilitate information exchange. 
• Interoperability
  Definition: The ability of two or more systems or components to exchange information and to use the information that has been exchanged.
• Intranet
  A network of interconnecting smaller private networks that are isolated from the public Internet. 
• Intrusion
  Definition: An unauthorized act of bypassing the security mechanisms of a network or information system.Synonym(s): penetration
• Intrusion Detection
  Definition: The process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred.
• Investigate
  Definition: a NICE Framework category consisting of specialty areas responsible for the investigation of cyber events and/or crimes of IT systems, networks, and digital evidence
• Investigation
  Definition: A systematic and formal inquiry into a qualified threat or incident using digital forensics and perhaps other traditional criminal inquiry techniques to determine the events that transpired and to collect evidence.
• IP address
  A string of four numbers separated by periods used to represent a computer on the Internet. 
• IS/IT (Information Systems or Information Technology)
  Usually refers to the people who make computers and computer systems run. 
• ISP (Internet Service Provider)
  A business that delivers access to the Internet.
• JPEG (Joint Photographic Experts Group)
  An image compression standard for photographs. 
• Key
  Definition: The numerical value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification. Related Term(s): private key, public key, secret key, symmetric key
• Key Pair
  Definition: Two mathematically related keys having the property that one key can be used to encrypt a message that can only be decrypted using the other key.Related Term(s): private key, public key
• Key Resource
  Definition: A publicly or privately controlled asset necessary to sustain continuity of government and/or economic operations, or an asset that is of great historical significance.Related Term(s): critical infrastructure
• Keylogger
  Definition: Software or hardware that tracks keystrokes and keyboard events, usually surreptitiously / secretly, to monitor actions by the user of an information system.Related Term(s): spyware
• Keyword Search
  A search for documents containing one or more words that are specified by a user. 
• Kilobyte (K)
  One thousand bytes of data is 1K of data.
• Knowledge Management
  Definition: In the NICE Framework, cybersecurity work where a person: Manages and administers processes and tools that enable the organization to identify, document, and access intellectual capital and information content.
• LAN (Local area network)
  Usually refers to a network of computers in a single building or other discrete location.
• Legacy Data
  Legacy Data is information in the development of which an organization may have invested significant resources and which has retained its importance, but which has been created or stored by the use of software and/or hardware that has been rendered outmoded or obsolete.
• Legal Advice and Advocacy
  Definition: In the NICE Framework, cybersecurity work where a person: Provides legally sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain; advocates legal and policy changes and makes a case on behalf of client via a(...)
• Legal Hold
  A legal hold is a communication issued as a result of current or anticipated litigation, audit, government investigation or other such matter that suspends the normal disposition or processing of records. The specific communication to business or IT organizations may also be called a “hold,”(...)
• Machine Learning and Evolution
  Definition: A field concerned with designing and developing artificial intelligence algorithms for automated knowledge discovery and innovation by information systems.
• Macro Virus
  Definition: A type of malicious code that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute, replicate, and spread or propagate itself.Related Term(s): virus
• Main Frame Architecture
  A computer network design where large (main frame) computers maintain and process data and send information to users' terminals. In a classic mainframe set up, no processing occurs at the desktop, which is merely a means of viewing information contained in and processed on the main frame(...)
• Malicious Applet
  Definition: A small application program that is automatically downloaded and executed and that performs an unauthorized function on an information system.Related Term(s): malicious code
• Malicious Code
  Definition: Program code intended to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system. Extended Definition: Includes software, firmware, and scripts.Related Term(s): malicious logic
• Malicious Logic
  Definition: Hardware, firmware, or software that is intentionally included or inserted in a system to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system.Related Term(s): malicious code
• Malware
  Definition: Software that compromises the operation of a system by performing an unauthorized function or process.Synonym(s): malicious code, malicious applet, malicious logic
• Megabyte (Meg)
  A million bytes of data is a megabyte, or simply a meg. 
• Memory Card
  Memory cards, sometimes referred to as Flash Memory Cards, are removable solid-state storage devices employing flash memory technology. Some popular types of flash memory cards for use in digital cameras are: CompactFlash (CF), SmartMedia (SM), Memory Stick (MS), MultiMediaCard (MMC) Secure(...)
• Metadata
  Metadata is information about a particular data set which may describe, for example, how, when, and by whom it was received, created, accessed, and/or modified and how it is formatted. Some metadata, such as file dates and sizes, can easily be seen by users; other metadata can be hidden or(...)
• Migrated Data
  Migrated Data is information that has been moved from one database or format to another, usually as a result of a change from one hardware or software technology to another. 
• Mirror Image
  Used in computer forensic investigations and some electronic discovery investigations, a mirror image is a bit-by-bit copy of a computer hard drive that ensures the operating system is not altered during the forensic examination. May also be referred to as “disc mirroring,” or as a “forensic(...)
• MIS
  Management information systems.
• Mitigation
  Definition: The application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences.
• Modem
  A piece of hardware that lets a computer talk to another computer over a phone line. 
• Mount/Mounting
  The process of making off-line data available for on-line processing. For example, placing a magnetic tape in a drive and setting up the software to recognize or read that tape. The terms “load” and “loading” are often used in conjunction with, or synonymously with, “mount” and “mounting” (as(...)
• Moving Target Defense
  Definition: The presentation of a dynamic attack surface, increasing an adversary's work factor necessary to probe, attack, or maintain presence in a cyber target.
• Native Format
  Electronic documents have an associated file structure defined by the original creating application. This file structure is referred to as the “native format” of the document. Because viewing or searching documents in the native format may require the original application (i.e., viewing a(...)
• Nesting
  Document nesting occurs when one document is inserted within another document (i.e., an attachment is nested within an email; graphics files are nested within a Microsoft Word document).
• Network Resilience
  Definition: The ability of a network to: (1) provide continuous operation (i.e., highly resistant to disruption and able to operate in a degraded mode if damaged); (2) recover effectively if failure does occur; and (3) scale to meet rapid or unpredictable demands.
• Network Services
  Definition: In the NICE Framework, cybersecurity work where a person: Installs, configures, tests, operates, maintains, and manages networks and their firewalls, including hardware (e.g., hubs, bridges, switches, multiplexers, routers, cables, proxy servers, and protective distributor(...)
• Networks
  The hardware and software combinations that allow the exchange of data and sharing of resources. Two common ways PCs are networked are peer-to- peer and client-server.
• NICE Framework
  Definition: NIST Special Publication 800-181 revision 1, the Workforce Framework for Cybersecurity (NICE Framework), provides a set of building blocks for describing the tasks, knowledge, and skills that are needed to perform cybersecurity work performed by individuals and teams.
• Node
  Any device connected to network. PCs, servers, and printers are all nodes on the network. Non-Printing Information The non-printing information carried by most data files is another excellent source of information. A common example is the date and time stamp an OS may put on a file. Some(...)
• Non-Repudiation
  Definition: Provides the capability to determine whether a given individual took a particular action such as creating information, sending a message, approving information, and receiving a message.Related Term(s): integrity, authenticity
• Object
  Definition: A passive information system-related entity containing or receiving information.Related Term(s): subject, access, access control
• OCR (Optical Character Recognition)
  Optical character recognition is a technology which takes data from a paper document and turns it editable text data. The document is first scanned. Then OCR software searches the document for letters, numbers, and other characters.
• Off-line Data
  The storage of electronic data outside the network in daily use (i.e., on backup tapes) that is only accessible through the off-line storage system, not the network. 
• Offline
  Not connected (to a network). 
• On-line storage
  The storage of electronic data as fully accessible information in daily use on the network or elsewhere. 
• Online
  Connected (to a network).
• Operate & Maintain
  Definition: A NICE Framework category consisting of specialty areas responsible for providing the support, administration, and maintenance necessary to ensure effective and efficient IT system performance and security.
• Operating Systems [OS]
  System software that controls the workings of the computer (e.g., Windows, Unix, Linux). The OS handles essential, but often invisible, tasks such as maintaining files. 
• Operational Exercise
  Definition: An action-based exercise where personnel rehearse reactions to an incident scenario, drawing on their understanding of plans and procedures, roles, and responsibilities.
• Operations Technology
  Definition: The hardware and software systems used to operate industrial control devices.Related Term(s): Industrial Control System
• Original Digital Evidence
  Physical items and those data objects, which are associated with thoseitems at the time of seizure.
• Outsider Threat
  Definition: A person or group of persons external to an organization who are not authorized to access its assets and pose a potential risk to the organization and its assets.Related Term(s): inside( r) threat
• Oversight & Development
  Definition: A NICE Framework category consisting of specialty areas providing leadership, management, direction, and/or development and advocacy so that all individuals and the organization may effectively conduct cybersecurity work.
• Paper Discovery
  Paper discovery refers to the discovery of writings on paper that can be read without the aid of some devices. 
• Parent-child Relationships
  Parent-child relationships is a term used in e-discovery to describe a chain of documents that stems from a single e-mail or storage folder. These types of relationships are primarily encountered when a party is faced with a discovery request for e-mail. A “child” (i.e., an attachment) is(...)
• Passive Attack
  Definition: An actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations.Related Term(s): active attack
• Password
  Definition: A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization.
• PC
  Personal computer.
• PDA (Personal Digital Assistant)
  Handheld digital organizers.
• PDF (Portable Document Format)
  An Adobe technology for formatting documents so that they can be viewed and printed using the Adobe Acrobat reader.  Peer-to-peer networks physically connect each computer in the network to every other computer in the network. Files are stored on the hard drives of the individual PCs with(...)
• Pen Test
  Definition: A colloquial term for penetration test or penetration testing.Synonym(s): penetration testing
• Penetration Testing
  Definition: An evaluation methodology whereby assessors search for vulnerabilities and attempt to circumvent the security features of a network and/or information system.
• Personal Identifying Information / Personally Identifiable Information
  Definition: The information that permits the identity of an individual to be directly or indirectly inferred.
• Petabyte (PB)
  A petabyte is a measure of computer data storage capacity and is one thousand million million (1,000,000,000,000,000) bytes. 
• Phishing
  Definition: A digital form of social engineering to deceive individuals into providing sensitive information.
• Plaintext
  Definition: Unencrypted information.Related Term(s): ciphertext
• Plaintext
  The least formatted and therefore most portable form of text for computerized documents. 
• Pointer
  A pointer is an index entry in the directory of a disk (or other storage medium) that identifies the space on the disc in which an electronic document or piece of electronic data resides, thereby preventing that space from being overwritten by other data. In most cases, when an electronic(...)
• Precursor
  Definition: An observable occurrence or sign that an attacker may be preparing to cause an incident.Related Term(s): indicator
• Preparedness
  Definition: The activities to build, sustain, and improve readiness capabilities to prevent, protect against, respond to, and recover from natural or manmade incidents.
• Preservation Notice, Preservation Order
  See Legal Hold. 
• Prima Facie Evidence
   Prima Facie evidence that is sufficient to raise a presumption of fact or to establish the fact in question unless rebutted. 
• Privacy
  Definition: The ability of individuals to understand and exercise control over how information about themselves may be used by others.
• Private Key
  Definition: A cryptographic key that must be kept confidential and is used to enable the operation of an asymmetric (public key) cryptographic algorithm. Related Term(s): public key, asymmetric cryptography
• Private Network
  A network that is connected to the Internet but is isolated from the Internet.
• Probative Value
   Evidence that is sufficiently useful to prove something important in a trial. However, probative value of proposed evidence must be weighed by the trial judge against prejudicing in the minds of jurors toward the opposing party or criminal defendant. 
• Protect & Defend
  Definition: A NICE Framework category consisting of specialty areas responsible for the identification, analysis, and mitigation of threats to internal IT systems or networks.
• PST (Personal Folder File)
  The place where Outlook stores its data (when Outlook is used without Microsoft® Exchange Server). A PST file is created when a mail account is set up. Additional PST files can be created for backing up and archiving Outlook folders, messages, forms and files. The file extension given to PST(...)
• Public Key
  Definition: A cryptographic key that may be widely published and is used to enable the operation of an asymmetric (public key) cryptographic algorithm. Extended Definition: The public part of an asymmetric key pair that is uniquely associated with an entity and that may be made(...)
• Public Key Cryptography
  Definition: A branch of cryptography in which a cryptographic system or algorithms use two uniquely linked keys: a public key and a private key (a key pair).Synonym(s): asymmetric cryptography, public key encryption
• Public Key Encryption
  Synonym(s): public key cryptography
• Public Key Infrastructure
  Definition: A framework consisting of standards and services to enable secure, encrypted communication and authentication over potentially insecure networks such as the Internet.
• Public Network
  A network that is part of the public Internet. 
• QUERY
  To search or ask. In the context of online computing, this often refers to the process of requesting information in a search engine, index directory, or database. 
• RAM
  Random Access Memory is the short-term memory that provides working space into which application programs can be loaded and executed and for the computer to work with data within. Information stored in RAM typically is lost when the device is turned off. 
• Real Evidence
  Evidence afforded by the production of physical objects for inspection or other examination by the court. 
• Record
  Information, regardless of medium or format that has value to an organization. Collectively the term is used to describe both documents and electronically stored information.
• Record Custodian
  A records custodian is an individual responsible for the physical storage and protection of records throughout their retention period. In the context of electronic records, custodianship may not be a direct part of the records management function in all organizations. 
• Record Lifecycle
  The time period from when a record is created until it is disposed. 
• Records Hold
   See Legal Hold.
• Records Management
   Records Management is the planning, controlling, directing, organizing, training, promoting and other managerial activities involving the lifecycle of information, including creation, Records Retention Period, Retention Period: The length of time a given records series must be kept,(...)
• Records Retention Schedule
  A plan for the management of records, listing types of records and how long they should be kept; the purpose is to provide continuing authority to dispose of or transfer records to historical archives. 
• Recovery
  Definition: The activities after an incident or event to restore essential services and operations in the short and medium term and fully restore all capabilities in the longer term.
• Red Team
  Definition: A group authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s cybersecurity posture. Related Term(s): Blue Team, White Team
• Red Team Exercise
  Definition: An exercise, reflecting real-world conditions, that is conducted as a simulated attempt by an adversary to attack or exploit vulnerabilities in an enterprise's information systems.Related Term(s): cyber exercise
• Redundancy
  Definition: Additional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process.
• Removable Media
  Digital media such as floppy disks, CDs, DVDs, cartridges, tapes or removable media cards (small-sized data storage media typically found in cameras, PDAs or music players) that store data and can be easily removed. 
• Repository for Electronic Records
  Repository for Electronic Records is a direct access device on which the electronic records and associated metadata are stored. Sometimes called a “records store,” “online repository” or “records archive.”
• Residual Data
  Also called "recoverable files." Residual Data (sometimes referred to as “Ambient Data”) refers to data that is not active on a computer system. Residual data includes (1) data found on media free space; (2) data found in file slack space; and (3) data within files that has functionally been(...)
• Resilience
  Definition: The ability to adapt to changing conditions and prepare for, withstand, and rapidly recover from disruption.
• Response
  Definition: The activities that address the short-term, direct effects of an incident and may also support short-term recovery.Related Term(s): recovery
• Restore
  To transfer data from a backup medium (such as tapes) to an on-line system, often for the purpose of recovery from a problem, failure, or disaster. Restoration of archival media is the transfer of data from an archival store to an on-line system for the purposes of processing (such as query,(...)
• Risk
  Definition: The potential for an unwanted or adverse outcome resulting from an incident, event, or occurrence, as determined by the likelihood that a particular threat will exploit a particular vulnerability, with the associated consequences.
• Risk Analysis
  Definition: The systematic examination of the components and characteristics of risk.Related Term(s): risk assessment, risk
• Risk Assessment
  Definition: The product or process which collects information and assigns values to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making.Related Term(s): risk analysis, risk
• Risk-based Data Management
  Definition: A structured approach to managing risks to data and information by which an organization selects and applies appropriate security controls in compliance with policy and commensurate with the sensitivity and value of the data.
• Risk Management
  Definition: The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken. Includes: 1) conducting a risk assessment; 2) implementing(...)
• Rootkit
  Definition: A set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges, and conceal the activities conducted by the tools.
• Router
  A piece of hardware that routes data from a local area network (LAN) to a phone line. 
• Sampling
  Sampling usually (but not always) refers to the process of statistically testing a data set for the likelihood of relevant information. It can be a useful technique in addressing a number of issues relating to litigation, including decisions as to which repositories of data should be(...)
• Sandbox
   A network or series of networks that are not connected to other networks. 
• Scanning
  Scanning is the process of converting a hard copy paper document into a digital image for use in a computer system. After a document has been scanned, it can be reviewed using field and full-text searching, instant document retrieval, and a complete range of electronic document review options. 
• Secret Key
  Definition: A cryptographic key that is used for both encryption and decryption, enabling the operation of a symmetric key cryptography scheme. Extended Definition: Also, a cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption of plaintext and decryption(...)
• Securely Provision
  Definition: A NICE Framework category consisting of specialty areas concerned with conceptualizing, designing, and building secure IT systems, with responsibility for some aspect of the systems' development.
• Security Automation
  Definition: The use of information technology in place of manual processes for cyber incident response and management.
• Security Policy
  Definition: A rule or set of rules that govern the acceptable use of an organization's information and services to a level of acceptable risk and the means for protecting the organization's information assets.
• Security Program Management
  Definition: In the NICE Framework, cybersecurity work where a person: Manages information security (e.g., information security) implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, policy enforcement,(...)
• Server
  Any computer on a network that contains data or applications shared by users of the network on their client PCs. 
• Shareware
  Software distributed free on a trial basis with the understanding that the user will pay if the software is used beyond the trial period. 
• Sibling
  A sibling is a document that shares a common parent with the document in question (e.g. two attachments that share the same parent email or are sibling documents in the same Zip file). 
• Signature
  Definition: A recognizable, distinguishing pattern. Types of signatures: attack signature, digital signature, electronic signature.
• Situational Awareness
  Definition: In cybersecurity, comprehending the current status and security posture with respect to availability, confidentiality, and integrity of networks, systems, users, and data, as well as projecting future states of these.
• Slack Space
  A form of residual data, slack space is the amount of on-disk file space from the end of the logical record information to the end of the physical disk record. It is unused space in a disk cluster. Slack space can contain information soft-deleted from the record, information from prior(...)
• Smart Card
  Plastic, credit card sized cards with an embedded integrated electronic chip.
• Software
  Coded instructions (programs) that make a computer do useful work. 
• Software Assurance
  Definition: The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner.
• Software Assurance and Security Engineering
  Definition: In the NICE Framework, cybersecurity work where a person: Develops and writes/codes new (or modifies existing) computer applications, software, or specialized utility programs following software assurance best practices.
• Spam
  Definition: The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.
• Spoliation
  Spoliation is the destruction of records which may be relevant to ongoing or anticipated litigation, government investigation or audit. Courts differ in their interpretation of the level of intent required before sanctions may be warranted. 
• Spoofing
  Definition: Faking the sending address of a transmission to gain illegal [unauthorized] entry into a secure system.Extended Definition: The deliberate inducement of a user or resource to take incorrect action. Note: Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing.
• Spyware
  Definition: Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.Related Term(s): keylogger
• Stand Alone Computer
  A personal computer that is not connected to any other computer or network, except possibly through a modem. 
• Strategic Planning and Policy Development
  Definition: In the NICE Framework, cybersecurity work where a person: Applies knowledge of priorities to define an entity.
• Subject
  Definition: An individual, process, or device causing information to flow among objects or a change to the system state.Related Term(s): object, access, access control
• Supervisory Control and Data Acquisition
  Definition: A generic name for a computerized system that is capable of gathering and processing data and applying operational controls to geographically dispersed assets over long distances. Related Term(s): Industrial Control System
• Supply Chain
  Definition: A system of organizations, people, activities, information and resources, for creating and moving products including product components and/or services from suppliers through to their customers.Related Term(s): supply chain risk management
• Supply Chain Risk Management
  Definition: The process of identifying, analyzing, and assessing supply chain risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.Related Term(s): supply chain
• Symmetric Cryptography
  Definition: A branch of cryptography in which a cryptographic system or algorithms use the same secret key (a shared secret key).
• Symmetric Key
  Definition: A cryptographic key that is used to perform both the cryptographic operation and its inverse, for example to encrypt plaintext and decrypt ciphertext, or create a message authentication code and to verify the code.Related Term(s): secret key
• System Administration
  Definition: In the NICE Framework, cybersecurity work where a person: Installs, configures, troubleshoots, and maintains server configurations (hardware and software) to ensure their confidentiality, integrity, and availability; also manages accounts, firewalls, and patches; responsible for(...)
• System administrator (sysadmin, sysop)
  The person in charge of keeping a network working. 
• System Integrity
  Definition: The attribute of an information system when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system.Related Term(s): integrity, data integrity
• System Unit
  Usually the largest part of a PC, the system unit is a box that contains the major components including disk drives and the ports for connecting the keyboard, mouse, printer and other devices. 
• Systems Development
  Definition: In the NICE Framework, cybersecurity work where a person: Works on the development phases of the systems development lifecycle.
• Systems Requirements Planning
  Definition: In the NICE Framework, cybersecurity work where a person: Consults with customers to gather and evaluate functional requirements and translates these requirements into technical solutions; provides guidance to customers about applicability of information systems to meet business needs.
• Systems Security Analysis
  Definition: In the NICE Framework, cybersecurity work where a person: Conducts the integration/testing, operations, and maintenance of systems security.
• Systems Security Architecture
  Definition: In the NICE Framework, cybersecurity work where a person: Develops system concepts and works on the capabilities phases of the systems development lifecycle; translates technology and environmental conditions (e.g., law and regulation) into system and security designs and processes.
• Tabletop Exercise
  Definition: A discussion-based exercise where personnel meet in a classroom setting or breakout groups and are presented with a scenario to validate the content of plans, procedures, policies, cooperative agreements or other information for managing an incident.
• Tailored Trustworthy Space
  Definition: A cyberspace environment that provides a user with confidence in its security, using automated mechanisms to ascertain security conditions and adjust the level of security based on the user's context and in the face of an evolving range of threats.
• Tape
  A long strip of magnetic coated plastic used to record computer data.
• Targets
  Definition: In the NICE Framework, cybersecurity work where a person: Applies current knowledge of one or more regions, countries, non-state entities, and/or technologies.
• Technology Research and Development
  Definition: In the NICE Framework, cybersecurity work where a person: Conducts technology assessment and integration processes; provides and supports a prototype capability and/or evaluates its utility.
• Terabyte (TB)
  A terabyte is a measure of computer data storage capacity and is one thousand billion (1,000,000,000,000) bytes. 
• Test and Evaluation
  Definition: In the NICE Framework, cybersecurity work where a person: Develops and conducts tests of systems to evaluate compliance with specifications and requirements by applying principles and methods for cost-effective planning, evaluating, verifying, and validating of technical,(...)
• Threat
  Definition: A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or(...)
• Threat Agent
  Definition: An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities. Related Term(s): adversary, attacker
• Threat Analysis
  Definition: In the NICE Framework, cybersecurity work where a person: Identifies and assesses the capabilities and activities of cyber criminals or foreign intelligence entities; produces findings to help initialize or support law enforcement and counterintelligence investigations or activities.
• Threat Assessment
  Definition: The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations, and/or property.Related Term(s): threat analysis
• Ticket
  Definition: In access control, data that authenticates the identity of a client or a service and, together with a temporary encryption key (a session key), forms a credential.
• TIFF (Tagged Image File Format)
  One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension. 
• Traffic Light Protocol
  Definition: A set of designations employing four colors (RED, AMBER, GREEN, and WHITE) used to ensure that sensitive information is shared with the correct audience.
• Transmission Control Protocol/Internet Protocol (TCP/IP)
  A collection of protocols that define the basic workings of the features of the Internet. 
• Trojan Horse
  Definition: A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.
• Trojan Horse
  A malicious computer program that is disguised as or hidden within another program
• Unauthorized Access
  Definition: Any access that violates the stated security policy.
• URL
  The Uniform Resource Locator is commonly known as the address for a website such as www.janusassociates.com. 
• Virus
  Definition: A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer.Related Term(s): macro virus
• Virus
  A piece of malicious programming code designed to create an unexpected and, for the victim, usually undesirable event. 
• Vlog (Videoblog)
  A vlog is a Weblog that uses video as its primary medium for distributing content. Vlog posts are usually accompanied by text, image, and other metadata to provide a context or overview for the video. 
• VPN (Virtual Private Network)
  A virtually private network that is constructed by using public wires to connect nodes.
• Vulnerability
  Definition: A characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard. Extended Definition: Characteristic of location or security posture or of design,(...)
• Vulnerability Assessment and Management
  Definition: In the NICE Framework, cybersecurity work where a person: Conducts assessments of threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation(...)
• Weakness
  Definition: A shortcoming or imperfection in software code, design, architecture, or deployment that, under proper conditions, could become a vulnerability or contribute to the introduction of vulnerabilities.Related Term(s): vulnerability
• Web site
  A collection of Uniform Resource Indicators (URIs, including URLs (Uniform Resource Locators)) in the control of one administrative entity. May include different types of URIs (i.e., file transfer protocol sites, telnet sites, as well as World Wide Web sites). 
• White Team
  Definition: A group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of information systems.Related Term(s): Blue Team, Red Team
• Word Processor
  A software program used for preparing documents 
• Work Factor
  Definition: An estimate of the effort or time needed by a potential adversary, with specified expertise and resources, to overcome a protective measure.
• World Wide Web
  The WWW is made up of all of the computers on the Internet which use HTML-capable software (Netscape, Explorer, etc.) to exchange data. Data exchange on the WWW is characterized by easy-to-use graphical interfaces, hypertext links, images, and sound. Today the WWW has become synonymous with(...)
• Worm
  Definition: A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.
• Worm
  A malicious software program capable of moving from computer to computer over a network without being carried by another program. 
• ZIP
  An open standard for compression and decompression used widely for PC download archives. ZIP is used on Windows-based programs such as WinZip and Drag and Zip. The file extension given to ZIP files is .zip.