Cybersecurity Fundamentals – System and Network Security Glossary

Acceptable interruption
The maximum period of time that a system can be unavailable before compromising the achievement of the
enterprise’s business objectives
Acceptable use policyA policy that establishes an agreement between users and the enterprise and defines for all parties’ the
ranges of use that are approved before gaining access to a network or the Internet
Access control list (ACL)An internal computerized table of access rules regarding the levels of computer access permitted to logon
IDs and computer terminals
Scope Note: Also referred to as access control tables
Access pathThe logical route that an end user takes to access computerized information
Scope Note: Typically includes a route through the operating system, telecommunications software,
selected application software and the access control system
Access rightsThe permission or privileges granted to users, programs or workstations to create, change, delete or view
data and files within a system, as defined by rules established by data owners and the information security
AccountabilityThe ability to map a given activity or event back to the responsible party
Advanced Encryption
Standard (AES)
A public algorithm that supports keys from 128 bits to 256 bits in size
Advanced persistent
threat (APT)
An adversary that possesses sophisticated levels of expertise and significant resources which allow it to
create opportunities to achieve its objectives using multiple attack vectors (NIST SP800-61)
Scope Note: The APT:
1. pursues its objectives repeatedly over an extended period of time
2. adapts to defenders’ efforts to resist it
3. is determined to maintain the level of interaction needed to execute its objectives

© 2016 ISACA All rights reserved. Page 1 Cybersecurity Fundamentals Glossary

AdversaryA threat agent
AdwareA software package that automatically plays, displays or downloads advertising material to a computer after
the software is installed on it or while the application is being used
Scope Note: In most cases, this is done without any notification to the user or without the user’s consent.
The term adware may also refer to software that displays advertisements, whether or not it does so with the
user’s consent; such programs display advertisements as an alternative to shareware registration fees.
These are classified as adware in the sense of advertising supported software, but not as spyware. Adware
in this form does not operate surreptitiously or mislead the user, and it provides the user with a specific
Alert situationThe point in an emergency procedure when the elapsed time passes a threshold and the interruption is not
resolved. The enterprise entering into an alert situation initiates a series of escalation steps.
Alternate facilitiesLocations and infrastructures from which emergency or backup processes are executed, when the main
premises are unavailable or destroyed
Scope Note: Includes other buildings, offices or data processing centers
Alternate processAutomatic or manual process designed and established to continue critical business processes from point-of
failure to return-to-normal
AnalogA transmission signal that varies continuously in amplitude and time and is generated in wave formation
Scope Note: Analog signals are used in telecommunications
Anti-malwareA technology widely used to prevent, detect and remove many categories of malware, including computer
viruses, worms, Trojans, keyloggers, malicious browser plug-ins, adware and spyware
Antivirus softwareAn application software deployed at multiple points in an IT architecture
It is designed to detect and potentially eliminate virus code before damage is done and repair or quarantine
files that have already been infected

© 2016 ISACA All rights reserved. Page 2 Cybersecurity Fundamentals Glossary

Application layerIn the Open Systems Interconnection (OSI) communications model, the application layer provides services
for an application program to ensure that effective communication with another application program in a
network is possible.
Scope Note: The application layer is not the application that is doing the communication; a service layer that
provides these services.
ArchitectureDescription of the fundamental underlying design of the components of the business system, or of one
element of the business system (e.g., technology), the relationships among them, and the manner in which
they support enterprise objectives
AssetSomething of either tangible or intangible value that is worth protecting, including people, information,
infrastructure, finances and reputation
Asymmetric key (public
A cipher technique in which different cryptographic keys are used to encrypt and decrypt a message
Scope Note: See Public key encryption.
AttackAn actual occurrence of an adverse event
Attack mechanismA method used to deliver the exploit. Unless the attacker is personally performing the attack, an attack
mechanism may involve a payload, or container, that delivers the exploit to the target.
Attack vectorA path or route used by the adversary to gain access to the target (asset)
Scope Note: There are two types of attack vectors: ingress and egress (also known as data exfiltration)
AttenuationReduction of signal strength during transmission
Audit trailA visible trail of evidence enabling one to trace information contained in statements or reports back to the
original input source
Authentication1. The act of verifying identity (i.e., user, system)
Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data
2. The act of verifying the identity of a user and the user’s eligibility to access computerized information
Scope Note: Assurance: Authentication is designed to protect against fraudulent logon activity. It can also
refer to the verification of the correctness of a piece of data.

© 2016 ISACA All rights reserved. Page 3 Cybersecurity Fundamentals Glossary

AuthenticityUndisputed authorship
AvailabilityEnsuring timely and reliable access to and use of information
Back doorA means of regaining access to a compromised system by installing software or configuring existing
software to enable remote access under attacker-defined conditions
BandwidthThe range between the highest and lowest transmittable frequencies. It equates to the transmission capacity
of an electronic line and is expressed in bytes per second or Hertz (cycles per second).
BastionSystem heavily fortified against attacks
BiometricsA security technique that verifies an individual’s identity by analyzing a unique physical attribute, such as a
Block cipherA public algorithm that operates on plaintext in blocks (strings or groups) of bits
BotnetA term derived from “robot network;” is a large automated and distributed network of previously
compromised computers that can be simultaneously controlled to launch large-scale attacks such as a
denial-of-service attack on selected victims
BoundaryLogical and physical controls to define a perimeter between the organization and the outside world
BridgeData link layer device developed in the early 1980s to connect local area networks (LANs) or create two
separate LAN or wide area network (WAN) network segments from a single segment to reduce collision
Scope Note: A bridge acts as a store-and-forward device in moving frames toward their destination. This is
achieved by analyzing the MAC header of a data packet, which represents the hardware address of an NIC.
Bring your own device
An enterprise policy used to permit partial or full integration of user-owned mobile devices for business
BroadcastA method to distribute information to multiple recipients simultaneously
Brute forceA class of algorithms that repeatedly try all possible combinations until a solution is found
Brute force attackRepeatedly trying all possible combinations of passwords or encryption keys until the correct one is found

© 2016 ISACA All rights reserved. Page 4 Cybersecurity Fundamentals Glossary

Buffer overflowOccurs when a program or process tries to store more data in a buffer (temporary data storage area) than it
was intended to hold
Scope Note: Since buffers are created to contain a finite amount of data, the extra information—which has
to go somewhere—can overflow into adjacent buffers, corrupting or overwriting the valid data held in them.
Although it may occur accidentally through programming error, buffer overflow is an increasingly common
type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes
designed to trigger specific actions, in effect sending new instructions to the attacked computer that could,
for example, damage the user’s files, change data, or disclose confidential information. Buffer overflow
attacks are said to have arisen because the C programming language supplied the framework, and poor
programming practices supplied the vulnerability.
Business continuity plan
A plan used by an enterprise to respond to disruption of critical business processes. Depends on the
contingency plan for restoration of critical systems
Business impact
Evaluating the criticality and sensitivity of information assets
An exercise that determines the impact of losing the support of any resource to an enterprise, establishes
the escalation of that loss over time, identifies the minimum resources needed to recover, and prioritizes the
recovery of processes and the supporting system
Scope Note: This process also includes addressing:
-Income loss
-Unexpected expense
-Legal issues (regulatory compliance or contractual)
-Interdependent processes
-Loss of public reputation or public confidence
Certificate (Certification)
authority (CA)
A trusted third party that serves authentication infrastructures or enterprises and registers entities and issues
them certificates

© 2016 ISACA All rights reserved. Page 5 Cybersecurity Fundamentals Glossary

Certificate revocation list
An instrument for checking the continued validity of the certificates for which the certification authority (CA)
has responsibility
Scope Note: The CRL details digital certificates that are no longer valid. The time gap between two updates
is very critical and is also a risk in digital certificates verification.
Chain of custodyA legal principle regarding the validity and integrity of evidence. It requires accountability for anything that
will be used as evidence in a legal proceeding to ensure that it can be accounted for from the time it was
collected until the time it is presented in a court of law.
Scope Note: Includes documentation as to who had access to the evidence and when, as well as the ability
to identify evidence as being the exact item that was recovered or tested. Lack of control over evidence can
lead to it being discredited. Chain of custody depends on the ability to verify that evidence could not have
been tampered with. This is accomplished by sealing off the evidence, so it cannot be changed, and
providing a documentary record of custody to prove that the evidence was at all times under strict control
and not subject to tampering.
ChecksumA mathematical value that is assigned to a file and used to “test” the file at a later date to verify that the data
contained in the file has not been maliciously changed
Scope Note: A cryptographic checksum is created by performing a complicated series of mathematical
operations (known as a cryptographic algorithm) that translates the data in the file into a fixed string of digits
called a hash value, which is then used as the checksum. Without knowing which cryptographic algorithm
was used to create the hash value, it is highly unlikely that an unauthorized person would be able to change
data without inadvertently changing the corresponding checksum. Cryptographic checksums are used in
data transmission and data storage. Cryptographic checksums are also known as message authentication
codes, integrity check-values, modification detection codes or message integrity codes.
Chief Information
Security Officer (CISO)
The person in charge of information security within the enterprise
Chief Security Officer
The person usually responsible for all security matters both physical and digital in an enterprise
CipherAn algorithm to perform encryption
CiphertextInformation generated by an encryption algorithm to protect the plaintext and that is unintelligible to the
unauthorized reader.

© 2016 ISACA All rights reserved. Page 6 Cybersecurity Fundamentals Glossary

CleartextData that is not encrypted. Also known as plaintext.
Cloud computingConvenient, on-demand network access to a shared pool of resources that can be rapidly provisioned and
released with minimal management effort or service provider interaction
CollisionThe situation that occurs when two or more demands are made simultaneously on equipment that can
handle only one at any given instant (Federal Standard 1037C)
Common Attack Pattern
Enumeration and
Classification (CAPEC)
A catalogue of attack patterns as “an abstraction mechanism for helping describe how an attack against
vulnerable systems or networks is executed” published by the MITRE Corporation
CompartmentalizationA process for protecting very-high value assets or in environments where trust is an issue. Access to an
asset requires two or more processes, controls or individuals.
ComplianceAdherence to, and the ability to demonstrate adherence to, mandated requirements defined by laws and
regulations, as well as voluntary requirements resulting from contractual obligations and internal policies
Compliance documentsPolicies, standard and procedures that document the actions that are required or prohibited. Violations may
be subject to disciplinary actions.
Computer emergency
response team (CERT)
A group of people integrated at the enterprise with clear lines of reporting and responsibilities for standby
support in case of an information systems emergency
This group will act as an efficient corrective control, and should also act as a single point of contact for all
incidents and issues related to information systems.
Computer forensicsThe application of the scientific method to digital media to establish factual information for judicial review
Scope Note: This process often involves investigating computer systems to determine whether they are or
have been used for illegal or unauthorized activities. As a discipline, it combines elements of law and
computer science to collect and analyze data from information systems (e.g., personal computers, networks,
wireless communication and digital storage devices) in a way that is admissible as evidence in a court of
ConfidentialityPreserving authorized restrictions on access and disclosure, including means for protecting privacy and
proprietary information
The control of changes to a set of configuration items over a system life cycle

© 2016 ISACA All rights reserved. Page 7 Cybersecurity Fundamentals Glossary

ConsumerizationA new model in which emerging technologies are first embraced by the consumer market and later spread to
the business
ContainmentActions taken to limit exposure after an incident has been identified and confirmed
Content filteringControlling access to a network by analyzing the contents of the incoming and outgoing packets and either
letting them pass or denying them based on a list of rules
Scope Note: Differs from packet filtering in that it is the data in the packet that are analyzed instead of the
attributes of the packet itself (e.g., source/target IP address, transmission control protocol [TCP] flags)
ControlThe means of managing risk, including policies, procedures, guidelines, practices or organizational
structures, which can be of an administrative, technical, management, or legal nature.
Scope Note: Also used as a synonym for safeguard or countermeasure.
See also Internal control.
CountermeasureAny process that directly reduces a threat or vulnerability
Critical infrastructureSystems whose incapacity or destruction would have a debilitating effect on the economic security of an
enterprise, community or nation.
CriticalityThe importance of a particular asset or function to the enterprise, and the impact if that asset or function is
not available
Criticality analysisAn analysis to evaluate resources or business functions to identify their importance to the enterprise, and
the impact if a function cannot be completed or a resource is not available
Cross-site scripting
A type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites
Scope Note: Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send
malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these
attacks to succeed are quite widespread and occur anywhere a web application uses input from a user
within the output it generates without validating or encoding it. (OWASP)
CryptographyThe art of designing, analyzing and attacking cryptographic schemes
CryptosystemA pair of algorithms that take a key and convert plaintext to ciphertext and back
CybercopAn investigator of activities related to computer crime
CyberespionageActivities conducted in the name of security, business, politics or technology to find information that ought to
remain secret. It is not inherently military.

© 2016 ISACA All rights reserved. Page 8 Cybersecurity Fundamentals Glossary

CybersecurityThe protection of information assets by addressing threats to information processed, stored, and transported
by internetworked information systems
Describes the structure, components and topology (connections and layout) of security controls within an
enterprise’s IT infrastructure
Scope Note: The security architecture shows how defense-in-depth is implemented and how layers of
control are linked and is essential to designing and implementing security controls in any complex
CyberwarfareActivities supported by military organizations with the purpose to threat the survival and well-being of
society/foreign entity
Data classificationThe assignment of a level of sensitivity to data (or information) that results in the specification of controls for
each level of classification. Levels of sensitivity of data are assigned according to predefined categories as
data are created, amended, enhanced, stored or transmitted. The classification level is an indication of the
value or importance of the data to the enterprise.
Data custodianThe individual(s) and department(s) responsible for the storage and safeguarding of computerized data
Data Encryption
Standard (DES)
An algorithm for encoding binary data
Scope Note: It is a secret key cryptosystem published by the National Bureau of Standards (NBS), the
predecessor of the US National Institute of Standards and Technology (NIST). DES and its variants has
been replaced by the Advanced Encryption Standard (AES)
Data leakageSiphoning out or leaking information by dumping computer files or stealing computer reports and tapes
Data ownerThe individual(s), normally a manager or director, who has responsibility for the integrity, accurate reporting
and use of computerized data
Data retentionRefers to the policies that govern data and records management for meeting internal, legal and regulatory
data archival requirements
DatabaseA stored collection of related data needed by enterprises and individuals to meet their information
processing and retrieval requirements
DecentralizationThe process of distributing computer processing to different locations within an enterprise

© 2016 ISACA All rights reserved. Page 9 Cybersecurity Fundamentals Glossary

DecryptionA technique used to recover the original plaintext from the ciphertext so that it is intelligible to the reader
The decryption is a reverse process of the encryption.
Decryption keyA digital piece of information used to recover plaintext from the corresponding ciphertext by decryption
Defense in depthThe practice of layering defenses to provide added protection
Defense in depth increases security by raising the effort needed in an attack. This strategy places multiple
barriers between an attacker and an enterprise’s computing and information resources.
Demilitarized zone
A screened (firewalled) network segment that acts as a buffer zone between a trusted and untrusted
Scope Note: A DMZ is typically used to house systems such as web servers that must be accessible from
both internal networks and the Internet.
Denial-of-service attack
An assault on a service from a single source that floods it with so many requests that it becomes
overwhelmed and is either stopped completely or operates at a significantly reduced rate
Digital certificateA piece of information, a digitized form of signature, that provides sender authenticity, message integrity and
non-repudiation. A digital signature is generated using the sender’s private key or applying a one-way hash
Digital forensicsThe process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally
acceptable in any legal proceedings
Digital signatureA piece of information, a digitized form of signature, that provides sender authenticity, message integrity and
A digital signature is generated using the sender’s private key or applying a one-way hash function.
Disaster1. A sudden, unplanned calamitous event causing great damage or loss. Any event that creates an inability
on an enterprise’s part to provide critical business functions for some predetermined period of time. Similar
terms are business interruption, outage and catastrophe.
2. The period when enterprise management decides to divert from normal production responses and
exercises its disaster recovery plan (DRP). It typically signifies the beginning of a move from a primary
location to an alternate location.

© 2016 ISACA All rights reserved. Page 10 Cybersecurity Fundamentals Glossary

Disaster recovery plan
A set of human, physical, technical and procedural resources to recover, within a defined time and cost, an
activity interrupted by an emergency or disaster
Discretionary access
control (DAC)
A means of restricting access to objects based on the identity of subjects and/or groups to which they
Scope Note: The controls are discretionary in the sense that a subject with a certain access permission is
capable of passing that permission (perhaps indirectly) on to any other subject.
Domain name system
A hierarchical database that is distributed across the Internet that allows names to be resolved into IP
addresses (and vice versa) to locate services such as web and e-mail servers
Domain name system
(DNS) exfiltration
Tunneling over DNS to gain network access. Lower-level attack vector for simple to complex data
transmission, slow but difficult to detect.
Due careThe level of care expected from a reasonable person of similar competency under similar conditions
Due diligenceThe performance of those actions that are generally regarded as prudent, responsible and necessary to
conduct a thorough and objective investigation, review and/or analysis
Dynamic portsDynamic and/or private ports–49152 through 65535: Not listed by IANA because of their dynamic nature.
EavesdroppingListening a private communication without permission
E-commerceThe processes by which enterprises conduct business electronically with their customers, suppliers and
other external business partners, using the Internet as an enabling technology
Scope Note: E-commerce encompasses both business-to-business (B2B) and business-to-consumer (B2C)
e-commerce models, but does not include existing non-Internet e-commerce methods based on private
networks such as electronic data interchange (EDI) and Society for Worldwide Interbank Financial
Telecommunication (SWIFT).
EgressNetwork communications going out
Elliptical curve
cryptography (ECC)
An algorithm that combines plane geometry with algebra to achieve stronger authentication with smaller
keys compared to traditional methods, such as RSA, which primarily use algebraic factoring.
Scope Note: Smaller keys are more suitable to mobile devices.

© 2016 ISACA All rights reserved. Page 11 Cybersecurity Fundamentals Glossary

Encapsulation security
payload (ESP)
Protocol, which is designed to provide a mix of security services in IPv4 and IPv6. ESP can be used to
provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of
partial sequence integrity), and (limited) traffic flow confidentiality. (RFC 4303)
Scope Note: The ESP header is inserted after the IP header and before the next layer protocol header
(transport mode) or before an encapsulated IP header (tunnel mode).
EncryptionThe process of taking an unencrypted message (plaintext), applying a mathematical function to it (encryption
algorithm with a key) and producing an encrypted message (ciphertext)
Encryption algorithmA mathematically based function or
calculation that encrypts/decrypts data
Encryption keyA piece of information, in a digitized form, used by an encryption algorithm to convert the plaintext to the
EradicationWhen containment measures have been deployed after an incident occurs, the root cause of the incident
must be identified and removed from the network.
Scope Note: Eradication methods include: restoring backups to achieve a clean state of the system,
removing the root cause, improving defenses and performing vulnerability analysis to find further potential
damage from the same root cause.
EthernetA popular network protocol and cabling scheme that uses a bus topology and carrier sense multiple
access/collision detection (CSMA/CD) to prevent network failures or collisions when two devices try to
access the network at the same time
EventSomething that happens at a specific place and/or time
Evidence1. Information that proves or disproves a stated issue
2. Information that an auditor gathers in the course of performing an IS audit; relevant if it pertains to the
audit objectives and has a logical relationship to the findings and conclusions it is used to support
Scope Note: Audit perspective
ExploitFull use of a vulnerability for the benefit of an attacker
File Transfer Protocol
A protocol used to transfer files over a Transmission Control Protocol/Internet Protocol (TCP/IP) network
(Internet, UNIX, etc.)
FirewallA system or combination of systems that enforces a boundary between two or more networks, typically
forming a barrier between a secure and an open environment such as the Internet

© 2016 ISACA All rights reserved. Page 12 Cybersecurity Fundamentals Glossary

Forensic examinationThe process of collecting, assessing, classifying and documenting digital evidence to assist in the
identification of an offender and the method of compromise
FreewareSoftware available free of charge
GatewayA device (router, firewall) on a network that serves as an entrance to another network
GovernanceEnsures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on
enterprise objectives to be achieved; setting direction through prioritization and decision making; and
monitoring performance and compliance against agreed-on direction and objectives
Scope Note: Conditions can include the cost of capital, foreign exchange rates, etc. Options can include
shifting manufacturing to other locations, sub-contracting portions of the enterprise to third-parties, selecting
a product mix from many available choices, etc.
Governance, Risk
Management and
Compliance (GRC)
A business term used to group the three close-related disciplines responsible for the protection of assets,
and operations
GuidelineA description of a particular way of accomplishing something that is less prescriptive than a procedure
HackerAn individual who attempts to gain unauthorized access to a computer system
Hash functionAn algorithm that maps or translates one set of bits into another (generally smaller) so that a message yields
the same result every time the algorithm is executed using the same message as input
Scope Note: It is computationally infeasible for a message to be derived or reconstituted from the result
produced by the algorithm or to find two different messages that produce the same hash result using the
same algorithm.
Hash totalThe total of any numeric data field in a document or computer file
This total is checked against a control total of the same field to facilitate accuracy of processing.
HashingUsing a hash function (algorithm) to create hash valued or checksums that validate message integrity
HijackingAn exploitation of a valid network session for unauthorized purposes
HoneypotA specially configured server, also known as a decoy server, designed to attract and monitor intruders in a
manner such that their actions do not affect production systems
Scope Note: Also known as “decoy server”

© 2016 ISACA All rights reserved. Page 13 Cybersecurity Fundamentals Glossary

Horizontal defense-in
Controls are placed in various places in the path to access an asset (this is functionally equivalent to
concentric ring model above).
HubA common connection point for devices in a network, hubs are used to connect segments of a local area
network (LAN)
Scope Note: A hub contains multiple ports. When a packet arrives at one port, it is copied to the other ports
so that all segments of the LAN can see all packets.
Human firewallA person prepared to act as a network layer of defense through education and awareness
Hypertext Transfer
Protocol Secure
A protocol for accessing a secure web server, whereby all data transferred are encrypted.
Hypertext Transfer
Protocol (HTTP)
A communication protocol used to connect to servers on the World Wide Web. Its primary function is to
establish a connection with a web server and transmit hypertext markup language (HTML), extensible
markup language (XML) or other pages to client browsers
IEEE (Institute of
Electrical and
Electronics Engineers)
Pronounced I-triple-E; IEEE is an organization composed of engineers, scientists and students
Scope Note: Best known for developing standards for the computer and electronics industry
IEEE 802.11A family of specifications developed by the Institute of Electrical and Electronics Engineers (IEEE) for
wireless local area network (WLAN) technology. 802.11 specifies an over-the-air interface between a
wireless client and a base station or between two wireless clients.
ImagingA process that allows one to obtain a bit-for-bit copy of data to avoid damage of original data or information
when multiple analyses may be performed.
Scope Note: The imaging process is made to obtain residual data, such as deleted files, fragments of
deleted files and other information present, from the disk for analysis. This is possible because imaging
duplicates the disk surface, sector by sector.
ImpactMagnitude of loss resulting from a threat exploiting a vulnerability
Impact analysisA study to prioritize the criticality of information resources for the enterprise based on costs (or
consequences) of adverse events
In an impact analysis, threats to assets are identified and potential business losses determined for different
time periods. This assessment is used to justify the extent of safeguards that are required and recovery time
frames. This analysis is the basis for establishing the recovery strategy.

© 2016 ISACA All rights reserved. Page 14 Cybersecurity Fundamentals Glossary

IncidentAny event that is not part of the standard operation of a service and that causes, or may cause, an
interruption to, or a reduction in, the quality of that service
Incident responseThe response of an enterprise to a disaster or other significant event that may significantly affect the
enterprise, its people, or its ability to function productively
An incident response may include evacuation of a facility, initiating a disaster recovery plan (DRP),
performing damage assessment, and any other measures necessary to bring an enterprise to a more stable
Incident response planThe operational component of incident management
Scope Note: The plan includes documented procedures and guidelines for defining the criticality of
incidents, reporting and escalation process, and recovery procedures.
Information securityEnsures that within the enterprise, information is protected against disclosure to unauthorized users
(confidentiality), improper modification (integrity), and non-access when required (availability)
Information security
The overall combination of technical, operational and procedural measures and management structures
implemented to provide for the confidentiality, integrity and availability of information based on business
requirements and risk analysis
Information systems (IS)The combination of strategic, managerial and operational activities involved in gathering, processing, storing,
distributing and using information and its related technologies
Scope Note: Information systems are distinct from information technology (IT) in that an information system
has an IT component that interacts with the process components.
Infrastructure as a
Service (IaaS)
Offers the capability to provision processing, storage, networks and other fundamental computing resources,
enabling the customer to deploy and run arbitrary software, which can include operating systems (OSs) and
IngestionA process to convert information extracted to a format that can be understood by investigators.
Scope Note: See also Normalization.
IngressNetwork communications coming in
Inherent riskThe risk level or exposure without taking into account the actions that management has taken or might take
(e.g., implementing controls)
InjectionA general term for attack types which consist of injecting code that is then interpreted/executed by the
application. (OWASP)

© 2016 ISACA All rights reserved. Page 15 Cybersecurity Fundamentals Glossary

Intangible assetAn asset that is not physical in nature
Scope Note: Examples include: intellectual property (patents, trademarks, copyrights, processes), goodwill,
and brand recognition
IntegrityThe guarding against improper information modification or destruction, and includes ensuring information
non-repudiation and authenticity
Intellectual propertyIntangible assets that belong to an enterprise for its exclusive use
Scope Note: Examples include: patents, copyrights, trademarks, ideas, and trade secrets.
International Standards
Organization (ISO)
The world’s largest developer of voluntary International Standards
Internet Assigned
Numbers Authority
Responsible for the global coordination of the DNS root, IP addressing, and other Internet protocol
Internet Control
Message Protocol
A set of protocols that allow systems to communicate information about the state of services on other
Scope Note: For example, ICMP is used in determining whether systems are up, maximum packet sizes on
links, whether a destination host/network/port is available. Hackers typically use (abuse) ICMP to determine
information about the remote site.
Internet protocol (IP)Specifies the format of packets and the addressing scheme
Internet Protocol (IP)
packet spoofing
An attack using packets with the spoofed source Internet packet (IP) addresses.
Scope Note: This technique exploits applications that use authentication based on IP addresses. This
technique also may enable an unauthorized user to gain root access on the target system.
Internet service provider
A third party that provides individuals and enterprises with access to the Internet and a variety of other
Internet-related services
Internetwork Packet
Packet Exchange
IPX is layer 3 of the open systems interconnect (OSI) model network protocol; SPX is layer 4 transport
protocol. The SPX layer sits on top of the IPX layer and provides connection-oriented services between two
nodes on the network.
InterrogationUsed to obtain prior indicators or relationships, including telephone numbers, IP addresses and names of
individuals, from extracted data

© 2016 ISACA All rights reserved. Page 16 Cybersecurity Fundamentals Glossary

IntruderIndividual or group gaining access to the network and it’s resources without permission
Intrusion detectionThe process of monitoring the events occurring in a computer system or network to detect signs of
unauthorized access or attack
Intrusion detection
system (IDS)
Inspects network and host security activity to identify suspicious patterns that may indicate a network or
system attack
Intrusion preventionA preemptive approach to network security used to identify potential threats and respond to them to stop, or
at least limit, damage or disruption
Intrusion prevention
system (IPS)
A system designed to not only detect attacks, but also to prevent the intended victim hosts from being
affected by the attacks
InvestigationThe collection and analysis of evidence with the goal to identifying the perpetrator of an attack or
unauthorized use or access
IP addressA unique binary number used to identify devices on a TCP/IP network
IP Authentication Header
Protocol used to provide connectionless integrity and data origin authentication for IP datagrams (hereafter
referred to as just “integrity”) and to provide protection against replays. (RFC 4302).
Scope Note: AH ensures data integrity with a checksum that a message authentication code, such as MD5,
generates. To ensure data origin authentication, AH includes a secret shared key in the algorithm that it
uses for authentication. To ensure replay protection, AH uses a sequence number field within the IP
authentication header.
IP Security (IPSec)A set of protocols developed by the Internet Engineering Task Force (IETF) to support the secure exchange
of packets
IT governanceThe responsibility of executives and the board of directors; consists of the leadership, organizational
structures and processes that ensure that the enterprise’s IT sustains and extends the enterprise’s
strategies and objectives
Kernel modeUsed for execution of privileged instructions for the internal operation of the system. In kernel mode, there
are no protections from errors or malicious activity and all parts of the system and memory are accessible.
Key lengthThe size of the encryption key measured in bits
Key risk indicator (KRI)A subset of risk indicators that are highly relevant and possess a high probability of predicting or indicating
important risk
Scope Note: See also Risk Indicator.
KeyloggerSoftware used to record all keystrokes on a computer

© 2016 ISACA All rights reserved. Page 17 Cybersecurity Fundamentals Glossary

LatencyThe time it takes a system and network delay to respond
Scope Note: More specifically, system latency is the time that a system takes to retrieve data. Network
latency is the time it takes for a packet to travel from the source to the final destination.
Layer 2 switchesData link level devices that can divide and interconnect network segments and help to reduce collision
domains in Ethernet-based networks
Layer 3 and 4 switchesSwitches with operating capabilities at layer 3 and layer 4 of the open systems interconnect (OSI) model.
These switches look at the incoming packet’s networking protocol, e.g., IP, and then compare the
destination IP address to the list of addresses in their tables, to actively calculate the best way to send a
packet to its destination.
Layer 4-7 switchesUsed for load balancing among groups of servers
Scope Note: Also known as content-switches, content services switches, web-switches or application
Legacy systemOutdated computer systems
LikelihoodThe probability of something happening
Local area network
Communication network that serves several users within a specified geographic area
Scope Note: A personal computer LAN functions as a distributed processing system in which each
computer in the network does its own processing and manages some of its data. Shared data are stored in a
file server that acts as a remote disk drive for all users in the network.
LogTo record details of information or events in an organized record-keeping system, usually sequenced in the
order in which they occurred
Logical accessAbility to interact with computer resources granted using identification, authentication and authorization.
Logical access controlsThe policies, procedures, organizational structure and electronic access controls designed to restrict access
to computer software and data files
MAC headerRepresents the hardware address of an network interface controller (NIC) inside a data packet
Mail relay serverAn electronic mail (e-mail) server that relays messages so that neither the sender nor the recipient is a local
MainframeA large high-speed computer, especially one supporting numerous workstations or peripherals

© 2016 ISACA All rights reserved. Page 18 Cybersecurity Fundamentals Glossary

MalwareShort for malicious software
Designed to infiltrate, damage or obtain information from a computer system without the owner’s consent
Scope Note: Malware is commonly taken to include computer viruses, worms, Trojan horses, spyware and
adware. Spyware is generally used for marketing purposes and, as such, is not malicious, although it is
generally unwanted. Spyware can, however, be used to gather information for identity theft or other clearly
illicit purposes.
Mandatory access
control (MAC)
A means of restricting access to data based on varying degrees of security requirements for information
contained in the objects and the corresponding security clearance of users or programs acting on their
Man-in-the-middle attackAn attack strategy in which the attacker intercepts the communication stream between two parts of the
victim system and then replaces the traffic between the two components with the intruder’s own, eventually
assuming control of the communication
MaskingA computerized technique of blocking out the display of sensitive information, such as passwords, on a
computer terminal or report
Media access control
(MAC) address
A unique identifier assigned to network interfaces for communications on the physical network segment
Message authentication
An American National Standards Institute (ANSI) standard checksum that is computed using Data
Encryption Standard (DES)
Message digestA smaller extrapolated version of the original message created using a message digest algorithm
Message digest
Message digest algorithms are SHA1, MD2, MD4 and MD5. These algorithms are one-way functions unlike
private and public key encryption algorithms.
Scope Note: All digest algorithms take a message of arbitrary length and produce a 128-bit message digest.
Metropolitan area
network (MAN)
A data network intended to serve an area the size of a large city
Miniature fragment
Using this method, an attacker fragments the IP packet into smaller ones and pushes it through the firewall,
in the hope that only the first of the sequence of fragmented packets would be examined and the others
would pass without review.

© 2016 ISACA All rights reserved. Page 19 Cybersecurity Fundamentals Glossary

Mirrored siteAn alternate site that contains the same information as the original
Scope Note: Mirrored sites are set up for backup and disaster recovery and to balance the traffic load for
numerous download requests. Such download mirrors are often placed in different locations throughout the
Mobile deviceA small, handheld computing devices, typically having a display screen with touch input and/or a miniature
keyboard and weighing less than two pounds
Mobile siteThe use of a mobile/temporary facility to serve as a business resumption location
The facility can usually be delivered to any site and can house information technology and staff.
Monitoring policyRules outlining or delineating the way in which information about the use of computers, networks,
applications and information is captured and interpreted
Multifactor authenticationA combination of more than one authentication method, such as token and password (or personal
identification number [PIN] or token and biometric device).
National Institute for
Standards and
Technology (NIST)
Develops tests, test methods, reference data, proof-of concept implementations, and technical analyses to
advance the development and productive use of information technology
Scope Note: NIST is a US government entity that creates mandatory standards that are followed by federal
agencies and those doing business with them.
Network address
translation (NAT)
A methodology of modifying network address information in IP datagram packet headers while they are in
transit across a traffic routing device for the purpose of remapping one IP address space into another
Network basic
input/output system
A program that allows applications on different computers to communicate within a local area network
Network interface card
A communication card that when inserted into a computer, allows it to communicate with other computers on
a network
Scope Note: Most NICs are designed for a particular type of network or protocol.
Network news transfer
protocol (NNTP)
Used for the distribution, inquiry, retrieval, and posting of Netnews articles using a reliable stream-based
mechanism. For news-reading clients, NNTP enables retrieval of news articles that are stored in a central
database, giving subscribers the ability to select only those articles they wish to read. (RFC 3977)

© 2016 ISACA All rights reserved. Page 20 Cybersecurity Fundamentals Glossary

Network segmentationA common technique to implement network security is to segment an organization’s network into separate
zones that can be separately controlled, monitored and protected.
Network traffic analysisIdentifies patterns in network communications
Scope Note: Traffic analysis does not need to have the actual content of the communication but analyzes
where traffic is taking place, when and for how long communications occur and the size of information
Nonintrusive monitoringThe use of transported probes or traces to assemble information, track traffic and identify vulnerabilities
NonrepudiationThe assurance that a party cannot later deny originating data; provision of proof of the integrity and origin of
the data and that can be verified by a third party
Scope Note: A digital signature can provide non-repudiation.
NormalizationThe elimination of redundant data
ObfuscationThe deliberate act of creating source or machine code that is difficult for humans to understand
Open Systems
Interconnect (OSI)
A model for the design of a network. The open systems interconnect (OSI) model defines groups of
functionality required to network computers into layers. Each layer implements a standard protocol to
implement its functionality. There are seven layers in the OSI model.
Open Web Application
Security Project
An open community dedicated to enabling organizations to conceive, develop, acquire, operate, and
maintain applications that can be trusted
Operating system (OS)A master control program that runs the computer and acts as a scheduler and traffic controller
Scope Note: The operating system is the first program copied into the computer’s memory after the
computer is turned on; it must reside in memory at all times. It is the software that interfaces between the
computer hardware (disk, keyboard, mouse, network, modem, printer) and the application software (word
processor, spreadsheet, e-mail), which also controls access to the devices and is partially responsible for
security components and sets the standards for the application programs that run in it.

© 2016 ISACA All rights reserved. Page 21 Cybersecurity Fundamentals Glossary

Outcome measureRepresents the consequences of actions previously taken; often referred to as a lag indicator
Scope Note: Outcome measure frequently focuses on results at the end of a time period and characterize
historic performance. They are also referred to as a key goal indicator (KGI) and used to indicate whether
goals have been met. These can be measured only after the fact and, therefore, are called “lag indicators.”
OutsourcingA formal agreement with a third party to perform IS or other business functions for an enterprise
PacketData unit that is routed from source to destination in a packet-switched network
Scope Note: A packet contains both routing information and data. Transmission Control Protocol/Internet
Protocol (TCP/IP) is such a packet-switched network.
Packet filteringControlling access to a network by analyzing the attributes of the incoming and outgoing packets and either
letting them pass, or denying them, based on a list of rules
Packet switchingThe process of transmitting messages in convenient pieces that can be reassembled at the destination
Passive responseA response option in intrusion detection in which the system simply reports and records the problem
detected, relying on the user to take subsequent action
PasswordA protected, generally computer-encrypted string of characters that authenticate a computer user to the
computer system
Password crackerA tool that tests the strength of user passwords by searching for passwords that are easy to guess
It repeatedly tries words from specially crafted dictionaries and often also generates thousands (and in some
cases, even millions) of permutations of characters, numbers and symbols.
PatchFixes to software programming errors and vulnerabilities

© 2016 ISACA All rights reserved. Page 22 Cybersecurity Fundamentals Glossary

Patch managementAn area of systems management that involves acquiring, testing and installing multiple patches (code
changes) to an administered computer system in order to maintain up-to-date software and often to address
security risk
Scope Note: Patch management tasks include the following: maintaining current knowledge of available
patches; deciding what patches are appropriate for particular systems; ensuring that patches are installed
properly; testing systems after installation; and documenting all associated procedures, such as specific
configurations required. A number of products are available to automate patch management tasks. Patches
are sometimes ineffective and can sometimes cause more problems than they fix. Patch management
experts suggest that system administrators take simple steps to avoid problems, such as performing
backups and testing patches on non-critical systems prior to installations. Patch management can be viewed
as part of change management.
PayloadThe section of fundamental data in a transmission. In malicious software this refers to the section containing
the harmful data/code.
Penetration testingA live test of the effectiveness of security defenses through mimicking the actions of real-life attackers
Personal identification
number (PIN)
A type of password (i.e., a secret number assigned to an individual) that, in conjunction with some means of
identifying the individual, serves to verify the authenticity of the individual
Scope Note: PINs have been adopted by financial institutions as the primary means of verifying customers
in an electronic funds transfer (EFT) system.
PhishingThis is a type of electronic mail (e-mail) attack that attempts to convince a user that the originator is genuine,
but with the intention of obtaining information for use in social engineering
Scope Note: Phishing attacks may take the form of masquerading as a lottery organization advising the
recipient or the user’s bank of a large win; in either case, the intent is to obtain account and personal
identification number (PIN) details. Alternative attacks may seek to obtain apparently innocuous business
information, which may be used in another form of active attack.
Plain old telephone
service (POTS)
A wired telecommunications system.
Platform as a Service
Offers the capability to deploy onto the cloud infrastructure customer-created or -acquired applications that
are created using programming languages and tools supported by the provider

© 2016 ISACA All rights reserved. Page 23 Cybersecurity Fundamentals Glossary

Policy1. Generally, a document that records a high-level principle or course of action that has been decided on
The intended purpose is to influence and guide both present and future decision making to be in line with the
philosophy, objectives and strategic plans established by the enterprise’s management teams.
Scope Note: In addition to policy content, policies need to describe the consequences of failing to comply
with the policy, the means for handling exceptions, and the manner in which compliance with the policy will
be checked and measured.
2. Overall intention and direction as formally expressed by management
Scope Note: COBIT 5 perspective
Port (Port number)A process or application-specific software element serving as a communication endpoint for the Transport
Layer IP protocols (UDP and TCP)
Port scanningThe act of probing a system to identify open ports
Prime numberA natural number greater than 1 that can only be divided by 1 and itself.
Principle of least
Controls used to allow the least privilege access needed to complete a task
PrivacyFreedom from unauthorized intrusion or disclosure of information about an individual
ProbeInspect a network or system to find weak spots
ProcedureA document containing a detailed description of the steps necessary to perform specific operations in
conformance with applicable standards. Procedures are defined as part of processes.
ProtocolThe rules by which a network operates and controls the flow and priority of transmissions
Proxy serverA server that acts on behalf of a user
Scope Note: Typical proxies accept a connection from a user, make a decision as to whether the user or
client IP address is permitted to use the proxy, perhaps perform additional authentication, and complete a
connection to a remote destination on behalf of the user.

© 2016 ISACA All rights reserved. Page 24 Cybersecurity Fundamentals Glossary

Public key encryptionA cryptographic system that uses two keys: one is a public key, which is known to everyone, and the
second is a private or secret key, which is only known to the recipient of the message
See also Asymmetric Key.
Public key infrastructure
A series of processes and technologies for the association of cryptographic keys with the entity to whom
those keys were issued
Public switched
telephone network
A communications system that sets up a dedicated channel (or circuit) between two points for the duration of
the transmission.
Reciprocal agreementEmergency processing agreement between two or more enterprises with similar equipment or applications
Scope Note: Typically, participants of a reciprocal agreement promise to provide processing time to each
other when an emergency arises.
RecoveryThe phase in the incident response plan that ensures that affected systems or services are restored to a
condition specified in the service delivery objectives (SDOs) or business continuity plan (BCP)
Recovery actionExecution of a response or task according to a written procedure
Recovery point objective
Determined based on the acceptable data loss in case of a disruption of operations
It indicates the earliest point in time that is acceptable to recover the data. The RPO effectively quantifies the
permissible amount of data loss in case of interruption.
Recovery time objective
The amount of time allowed for the recovery of a business function or resource after a disaster occurs
Redundant siteA recovery strategy involving the duplication of key IT components, including data or other key business
processes, whereby fast recovery can take place
Registered portsRegistered ports–1024 through 49151: Listed by the IANA and on most systems can be used by ordinary
user processes or programs executed by ordinary users
Registration authority
The individual institution that validates an entity’s proof of identity and ownership of a key pair
RegulationRules or laws defined and enforced by an authority to regulate conduct
Regulatory requirementsRules or laws that regulate conduct and that the enterprise must obey to become compliant

© 2016 ISACA All rights reserved. Page 25 Cybersecurity Fundamentals Glossary

RemediationAfter vulnerabilities are identified and assessed, appropriate remediation can take place to mitigate or
eliminate the vulnerability
Remote access service
Refers to any combination of hardware and software to enable the remote access to tools or information that
typically reside on a network of IT devices
Scope Note: Originally coined by Microsoft when referring to their built-in NT remote access tools, RAS was
a service provided by Windows NT which allowed most of the services that would be available on a network
to be accessed over a modem link. Over the years, many vendors have provided both hardware and
software solutions to gain remote access to various types of networked information. In fact, most modern
routers include a basic RAS capability that can be enabled for any dial-up interface.
Removable mediaAny type of storage device that can be removed from the system while is running
RepeatersA physical layer device that regenerates and propagates electrical signals between two network segments
Scope Note: Repeaters receive signals from one network segment and amplify (regenerate) the signal to
compensate for signals (analog or digital) distorted by transmission loss due to reduction of signal strength
during transmission (i.e., attenuation)
ReplayThe ability to copy a message or stream of messages between two parties and replay (retransmit) them to
one or more of the parties
Residual riskThe remaining risk after management has implemented a risk response
ResilienceThe ability of a system or network to resist failure or to recover quickly from any disruption, usually with
minimal recognizable effect
Return on investment
A measure of operating performance and efficiency, computed in its simplest form by dividing net income by
the total investment over the period being considered
Return-oriented attacksAn exploit technique in which the attacker uses control of the call stack to indirectly execute cherry-picked
machine instructions immediately prior to the return instruction in subroutines within the existing program
RiskThe combination of the probability of an event and its consequence. (ISO/IEC 73)
Risk acceptanceIf the risk is within the enterprise’s risk tolerance or if the cost of otherwise mitigating the risk is higher than
the potential loss, the enterprise can assume the risk and absorb any losses

© 2016 ISACA All rights reserved. Page 26 Cybersecurity Fundamentals Glossary

Risk assessmentA process used to identify and evaluate risk and its potential effects
Scope Note: Risk assessments are used to identify those items or areas that present the highest risk,
vulnerability or exposure to the enterprise for inclusion in the IS annual audit plan.
Risk assessments are also used to manage the project delivery and project benefit risk.
Risk avoidanceThe process for systematically avoiding risk, constituting one approach to managing risk
Risk management1. The coordinated activities to direct and control an enterprise with regard to risk
Scope Note: In the International Standard, the term “control” is used as a synonym for “measure.” (ISO/IEC
Guide 73:2002)
2. One of the governance objectives. Entails recognizing risk; assessing the impact and likelihood of that
risk; and developing strategies, such as avoiding the risk, reducing the negative effect of the risk and/or
transferring the risk, to manage it within the context of the enterprise’s risk appetite.
Scope Note: COBIT 5 perspective
Risk mitigationThe management of risk through the use of countermeasures and controls
Risk reductionThe implementation of controls or countermeasures to reduce the likelihood or impact of a risk to a level
within the organization’s risk tolerance.
Risk toleranceThe acceptable level of variation that management is willing to allow for any particular risk as the enterprise
pursues its objectives
Risk transferThe process of assigning risk to another enterprise, usually through the purchase of an insurance policy or
by outsourcing the service
Risk treatmentThe process of selection and implementation of measures to modify risk (ISO/IEC Guide 73:2002)
Root cause analysisA process of diagnosis to establish the origins of events, which can be used for learning from
consequences, typically from errors and problems
RootkitA software suite designed to aid an intruder in gaining unauthorized administrative access to a computer

© 2016 ISACA All rights reserved. Page 27 Cybersecurity Fundamentals Glossary

RouterA networking device that can send (route) data packets from one local area network (LAN) or wide area
network (WAN) to another, based on addressing at the network layer (Layer 3) in the open systems
interconnection (OSI) model
Scope Note: Networks connected by routers can use different or similar networking protocols. Routers
usually are capable of filtering packets based on parameters, such as source addresses, destination
addresses, protocol and network applications (ports).
RSAA public key cryptosystem developed by R. Rivest, A. Shamir and L. Adleman used for both encryption and
digital signatures
Scope Note: The RSA has two different keys, the public encryption key and the secret decryption key. The
strength of the RSA depends on the difficulty of the prime number factorization. For applications with high
level security, the number of the decryption key bits should be greater than 512 bits.
SafeguardA practice, procedure or mechanism that reduces risk
Secure Electronic
Transaction (SET)
A standard that will ensure that credit card and associated payment order information travels safely and
securely between the various involved parties on the Internet.
Secure Multipurpose
Internet Mail Extensions
Provides cryptographic security services for electronic messaging applications: authentication, message
integrity and non-repudiation of origin (using digital signatures) and privacy and data security (using
encryption) to provide a consistent way to send and receive MIME data. (RFC 2311)
Secure Shell (SSH)Network protocol that uses cryptography to secure communication, remote command line login and remote
command execution between two networked computers
Secure Sockets Layer
A protocol that is used to transmit private documents through the Internet
Scope Note: The SSL protocol uses a private key to encrypt the data that are to be transferred through the
SSL connection.
Security as a Service
The next generation of managed security services dedicated to the delivery, over the Internet, of specialized
information-security services.
Security metricsA standard of measurement used in management of security-related activities
Security perimeterThe boundary that defines the area of security concern and security policy coverage

© 2016 ISACA All rights reserved. Page 28 Cybersecurity Fundamentals Glossary

of duties (SoD)
A basic internal control that prevents or detects errors and irregularities by assigning to separate individuals
the responsibility for initiating and recording transactions and for the custody of assets
Scope Note: Segregation/separation of duties is commonly used in large IT organizations so that no single
person is in a position to introduce fraudulent or malicious code without detection.
SensitivityA measure of the impact that improper disclosure of information may have on an enterprise
Service delivery
objective (SDO)
Directly related to the business needs, SDO is the level of services to be reached during the alternate
process mode until the normal situation is restored
Service level agreement
An agreement, preferably documented, between a service provider and the customer(s)/user(s) that defines
minimum performance targets for a service and how they will be measured
Simple Mail Transfer
Protocol (SMTP)
The standard electronic mail (e-mail) protocol on the Internet
Single factor
authentication (SFA)
Authentication process that requires only the user ID and password to grant access
Smart cardA small electronic device that contains electronic memory, and possibly an embedded integrated circuit
Scope Note: Smart cards can be used for a number of purposes including the storage of digital certificates
or digital cash, or they can be used as a token to authenticate users.
SniffingThe process by which data traversing a network are captured or monitored
Social engineeringAn attack based on deceiving users or administrators at the target site into revealing confidential or sensitive
Software as a service
Offers the capability to use the provider’s applications running on cloud infrastructure. The applications are
accessible from various client devices through a thin client interface such as a web browser (e.g., web
based e-mail).
Source routing
A transmission technique where the sender of a packet can specify the route that packet should follow
through the network
SpamComputer-generated messages sent as unsolicited advertising
Spear phishingAn attack where social engineering techniques are used to masquerade as a trusted party to obtain
important information such as passwords from the victim
SpoofingFaking the sending address of a transmission in order to gain illegal entry into a secure system

© 2016 ISACA All rights reserved. Page 29 Cybersecurity Fundamentals Glossary

SpywareSoftware whose purpose is to monitor a computer user’s actions (e.g., web sites visited) and report these
actions to a third party, without the informed consent of that machine’s owner or legitimate user
Scope Note: A particularly malicious form of spyware is software that monitors keystrokes to obtain
passwords or otherwise gathers sensitive information such as credit card numbers, which it then transmits to
a malicious third party. The term has also come to refer more broadly to software that subverts the
computer’s operation for the benefit of a third party.
SQL injectionResults from failure of the application to appropriately validate input. When specially crafted user-controlled
input consisting of SQL syntax is used without proper validation as part of SQL queries, it is possible to
glean information from the database in ways not envisaged during application design. (MITRE)
Stateful inspectionA firewall architecture that tracks each connection traversing all interfaces of the firewall and makes sure
they are valid.
Statutory requirementsLaws created by government institutions
Supervisory control and
data acquisition
Systems used to control and monitor industrial and manufacturing processes, and utility facilities
SwitchesTypically associated as a data link layer device, switches enable local area network (LAN) segments to be
created and interconnected, which has the added benefit of reducing collision domains in Ethernet-based
Symmetric key
System in which a different key (or set of keys) is used by each pair of trading partners to ensure that no one
else can read their messages
The same key is used for encryption and decryption. See also Private Key Cryptosystem.
System development life
cycle (SDLC)
The phases deployed in the development or acquisition of a software system
Scope Note: SDLC is an approach used to plan, design, develop, test and implement an application system
or a major modification to an application system. Typical phases of SDLC include the feasibility study,
requirements study, requirements definition, detailed design, programming, testing, installation and post
implementation review, but not the service delivery or benefits realization activities.
System hardeningA process to eliminate as many security risks as possible by removing all nonessential software programs,
protocols, services and utilities from the system

© 2016 ISACA All rights reserved. Page 30 Cybersecurity Fundamentals Glossary

Tangible assetAny assets that has physical form
TargetPerson or asset selected as the aim of an attack
TelnetNetwork protocol used to enable remote access to a server computer
Scope Note: Commands typed are run on the remote server.
ThreatAnything (e.g., object, substance, human) that is capable of acting against an asset in a manner that can
result in harm
Scope Note: A potential cause of an unwanted incident (ISO/IEC 13335)
Threat agentMethods and things used to exploit a vulnerability
Scope Note: Examples include determination, capability, motive and resources.
Threat analysisAn evaluation of the type, scope and nature of events or actions that can result in adverse consequences;
identification of the threats that exist against enterprise assets
Scope Note: The threat analysis usually defines the level of threat and the likelihood of it materializing.
Threat eventAny event during which a threat element/actor acts against an asset in a manner that has the potential to
directly result in harm
Threat vectorThe path or route used by the adversary to gain access to the target
TimelinesChronological graphs where events related to an incident can be mapped to look for relationships in complex
Scope Note: Timelines can provide simplified visualization for presentation to management and other non
technical audiences.
TokenA device that is used to authenticate a user, typically in addition to a username and password
Scope Note: A token is usually a device the size of a credit card that displays a pseudo random number that
changes every few minutes.
TopologyThe physical layout of how computers are linked together
Scope Note: Examples of topology include ring, star and bus.

© 2016 ISACA All rights reserved. Page 31 Cybersecurity Fundamentals Glossary

Total cost of ownership
Includes the original cost of the computer plus the cost of: software, hardware and software upgrades,
maintenance, technical support, training, and certain activities performed by users
Transmission Control
Protocol (TCP)
A connection-based Internet protocol that supports reliable data transfer connections
Scope Note: Packet data are verified using checksums and retransmitted if they are missing or corrupted.
The application plays no part in validating the transfer.
Transmission Control
Protocol (TCP/IP)
Provides the basis for the Internet; a set of communication protocols that encompass media access, packet
transport, session communication, file transfer, electronic mail (e-mail), terminal emulation, remote file
access and network management
Transport Layer Security
A protocol that provides communications privacy over the Internet. The protocol allows client/server
applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message
forgery. (RFC 2246)
Scope Note: Transport Layer Security (TLS) is composed of two layers: the TLS Record Protocol and the
TLS Handshake Protocol. The TLS Record Protocol provides connection security with some encryption
method such as the Data Encryption Standard (DES). The TLS Record Protocol can also be used without
encryption. The TLS Handshake Protocol allows the server and client to authenticate each other and to
negotiate an encryption algorithm and cryptographic keys before data is exchanged.
Triple DES (3DES)A block cipher created from the Data Encryption Standard (DES) cipher by using it three times
Trojan horsePurposefully hidden malicious or damaging code within an authorized computer program
Scope Note: Unlike viruses, they do not replicate themselves, but they can be just as destructive to a single
TunnelThe paths that the encapsulated packets follow in an Internet virtual private network (VPN)
Tunnel modeUsed to protect traffic between different networks when traffic must travel through intermediate or untrusted
networks. Tunnel mode encapsulates the entire IP packet with and AH or ESP header and an additional IP
The use of two independent mechanisms for authentication, (e.g., requiring a smart card and a password)
typically the combination of something you know, are or have
UncertaintyThe difficulty of predicting an outcome due to limited knowledge of all components
Uniform resource locator
The string of characters that form a web address

© 2016 ISACA All rights reserved. Page 32 Cybersecurity Fundamentals Glossary

User Datagram Protocol
A connectionless Internet protocol that is designed for network efficiency and speed at the expense of
Scope Note: A data request by the client is served by sending packets without testing to verify whether they
actually arrive at the destination, not whether they were corrupted in transit. It is up to the application to
determine these factors and request retransmissions.
User interface
Can be a pop-up ad that impersonates a system dialog, an ad that impersonates a system warning, or an ad
that impersonates an application user interface in a mobile device.
User modeUsed for the execution of normal system activities
User provisioningA process to create, modify, disable and delete user accounts and their profiles across IT infrastructure and
business applications
ValueThe relative worth or importance of an investment for an enterprise, as perceived by its key stakeholders,
expressed as total life cycle benefits net of related costs, adjusted for risk and (in the case of financial value)
the time value of money
Vertical defense-in depthControls are placed at different system layers – hardware, operating system, application, database or user
Virtual local area
network (VLAN)
Logical segmentation of a LAN into different broadcast domains
Scope Note: A VLAN is set up by configuring ports on a switch, so devices attached to these ports may
communicate as if they were attached to the same physical network segment, although the devices are
located on different LAN segments. A VLAN is based on logical rather than physical connections.
Virtual private network
A secure private network that uses the public telecommunications infrastructure to transmit data
Scope Note: In contrast to a much more expensive system of owned or leased lines that can only be used
by one company, VPNs are used by enterprises for both extranets and wide areas of intranets. Using
encryption and authentication, a VPN encrypts all data that pass between two Internet points, maintaining
privacy and security.
Virtual private network
(VPN) concentrator
A system used to establish VPN tunnels and handle large numbers of simultaneous connections. This
system provides authentication, authorization and accounting services.
VirtualizationThe process of adding a “guest application” and data onto a “virtual server,” recognizing that the guest
application will ultimately part company from this physical server

© 2016 ISACA All rights reserved. Page 33 Cybersecurity Fundamentals Glossary

VirusA program with the ability to reproduce by modifying other programs to include a copy of itself
Scope Note: A virus may contain destructive code that can move into multiple programs, data files or
devices on a system and spread through multiple systems in a network.
Virus signature fileThe file of virus patterns that are compared with existing files to determine whether they are infected with a
virus or worm
Voice-over Internet
Protocol (VoIP)
Also called IP Telephony, Internet Telephony and Broadband Phone, a technology that makes it possible to
have a voice conversation over the Internet or over any dedicated Internet Protocol (IP) network instead of
over dedicated voice transmission lines
Volatile dataData that changes frequently and can be lost when the system’s power is shut down
VulnerabilityA weakness in the design, implementation, operation or internal control of a process that could expose the
system to adverse threats from threat events
Vulnerability analysisA process of identifying and classifying vulnerabilities
Vulnerability scanningAn automated process to proactively identify security weaknesses in a network or individual system
Warm siteSimilar to a hot site but not fully equipped with all of the necessary hardware needed for recovery
Web hostingThe business of providing the equipment and services required to host and maintain files for one or more
web sites and provide fast Internet connections to those sites
Scope Note: Most hosting is “shared,” which means that web sites of multiple companies are on the same
server to share/reduce costs.
Web serverUsing the client-server model and the World Wide Web’s HyperText Transfer Protocol (HTTP), Web Server
is a software program that serves web pages to users.
Well-know portsWell-known ports–0 through 1023: Controlled and assigned by the Internet Assigned Numbers Authority
(IANA), and on most systems can be used only by system (or root) processes or by programs executed by
privileged users. The assigned ports use the first portion of the possible port numbers. Initially, these
assigned ports were in the range 0-255. Currently, the range for assigned ports managed by the IANA has
been expanded to the range 0-1023.
Wide area network
A computer network connecting different remote locations that may range from short distances, such as a
floor or building, to extremely long transmissions that encompass a large region or several countries

© 2016 ISACA All rights reserved. Page 34 Cybersecurity Fundamentals Glossary

Wi-Fi protected access
A class of systems used to secure wireless (Wi-Fi) computer networks.
Scope Note: WPA was created in response to several serious weaknesses that researchers found in the
previous system, Wired Equivalent Privacy (WEP). WPA implements the majority of the IEEE 802.11i
standard, and was intended as an intermediate measure to take the place of WEP while 802.11i was
prepared. WPA is designed to work with all wireless network interface cards, but not necessarily with first
generation wireless access points. WPA2 implements the full standard, but will not work with some older
network cards. Both provide good security with two significant issues. First, either WPA or WPA2 must be
enabled and chosen in preference to WEP; WEP is usually presented as the first security choice in most
installation instructions. Second, in the “personal” mode, the most likely choice for homes and small offices,
a pass phrase is required that, for full security, must be longer than the typical six to eight character
passwords users are taught to employ.
Wi-Fi protected access II
Wireless security protocol that supports 802.11i encryption standards to provide greater security. This
protocol uses Advanced Encryption Standards (AES) and Temporal Key Integrity Protocol (TKIP) for
stronger encryption.
Wired Equivalent Privacy
A scheme that is part of the IEEE 802.11 wireless networking standard to secure IEEE 802.11 wireless
networks (also known as Wi-Fi networks)
Scope Note: Because a wireless network broadcasts messages using radio, it is particularly susceptible to
eavesdropping. WEP was intended to provide comparable confidentiality to a traditional wired network (in
particular, it does not protect users of the network from each other), hence the name. Several serious
weaknesses were identified by cryptanalysts, and WEP was superseded by Wi-Fi Protected Access (WPA)
in 2003, and then by the full IEEE 802.11i standard (also known as WPA2) in 2004. Despite the
weaknesses, WEP provides a level of security that can deter casual snooping.
Wireless local area
network (WLAN)
Two or more systems networked using a wireless distribution method
WormA programmed network attack in which a self-replicating program does not attach itself to programs, but
rather spreads independently of users’ action
Write blockerA devices that allows the acquisition of information on a drive without creating the possibility of accidentally
damaging the drive
Write protectThe use of hardware or software to prevent data to be overwritten or deleted
Zero-day-exploitA vulnerability that is exploited before the software creator/vendor is even aware of it’s existence

© 2016 ISACA All rights reserved. Page 35 Cybersecurity Fundamentals Glossary


National Institute of Standards and Technology
The following conventions have been used in the preparation of the list of acronyms and abbreviations in this report.
– Abbreviations and acronyms generally appear in all capital letters, although there are occasional exceptions—for example, meter (m) and decibels referenced to one milliwatt (dBm).
– Technical terms are not capitalized unless they are proper nouns. Names of people, places, and groups, and the titles of protocols, standards, and algorithms are considered proper nouns. For example, certification and accreditation (C&A) is not capitalized, but Advanced Encryption Standard
(AES) is capitalized.
– Collective nouns are not capitalized (e.g., wide area network [WAN]).
– When two or more definitions of the same acronym or abbreviation are given, the acronym or abbreviation is italicized and repeated for each definition.

Definitions are listed alphabetically


one times radio transmission technology
Triple Data Encryption Standard
3rd Generation
3rd Generation Partnership Project
3rd Generation Partnership Project 2


Aaddress resource record type
AAABAC attribute authority
AAAauthentication, authorization, and accounting
AAAKauthentication, authorization, and accounting key
AADadditional authenticated data
AARafter action report
AASadaptive antenna system
ABACattribute-based access control
ACEaccess control entry
ACLaccess control list
ACMAssociation for Computing Machinery
ACOauthenticated cipher offset
ADActive Directory
ADauthenticated data
ADSalternate data stream
Advanced Encryption Standard
Advanced Encryption Standard-Cipher Block Chaining
Advanced Encryption Standard-Counter Mode
adaptive frequency hopping
assisted global positioning system
Authentication Header
AIDCautomatic identification and data capture
AIMAssociation for Automatic Identification and Mobility
AITautomatic identification technology
AJAXAsynchronous JavaScript and XML
AKauthorization key
AKIDauthorization key identifier
AKMauthentication and key management
ALGapplication layer gateway
ANSIAmerican National Standards Institute
APaccess point
APIapplication programming interface


APWGAnti-Phishing Working Group
ARINAmerican Registry for Internet Numbers
ARPAddress Resolution Protocol
ARPAAdvanced Research Projects Agency
ASauthentication server
ASauthentication service
ASautonomous system
Anti-Spyware Coalition
Accredited Standards Committee X9
American Standard Code for Information Interchange
ASLRaddress space layout randomization
autonomous system number
Abstract Syntax Notation 1
active server pages
ATAAdvanced Technology Attachment
ATIMAnnouncement Traffic Indication Message
ATMasynchronous transfer mode
ATMautomated teller machine
AVIENAnti-Virus Information Exchange Network
AVPattribute-value pair


best current practice
BCPbusiness continuity plan
Border Gateway Protocol
Border Gateway Protocol 4
BIAbusiness impact analysis
BioAPIBiometric Application Programming Interface
BIOSbasic input/output system
BPMLBusiness Process Modeling Language
BPSSBusiness Process Specification Schema
BRPbusiness recovery (resumption) plan
BSbase station
BSCbase station controller
BSIBritish Standards Institution
BSIABritish Security Industry Association
BSPbest security practice
BSSbasic service set
BSSIDbasic service set identifier
BTSbase transceiver station
BUbinding update
BUAbinding update acknowledgement


certification and accreditation
certificate authority
CAcertification agent
CAcertification authority
CACcommon access card
CAIDACooperative Association for Internet Data Analysis
CAPTCHACompletely Automated Public Turing Test to Tell Computers and Humans Apart
CAROComputer Antivirus Research Organization
CAVPCryptographic Algorithm Validation Program
CBCCipher Block Chaining
CBC-MACCipher Block Chaining Message Authentication Code
CBEFFCommon Biometric Exchange File Format
CCCommon Criteria
Common Configuration Enumeration
Common Criteria Evaluation and Validation Scheme
CCIPSComputer Crime and Intellectual Property Section
CCKcomplementary code keying
CCMCounter Mode with CBC-MAC
CCMPCounter Mode with CBC-MAC Protocol
CCRACommon Criteria Recognition Arrangement
Common Configuration Scoring System
country code top-level domain
checking disabled
CDcompact disc
CDFScompact disc file system
code division multiple access
compact disc-recordable
compact disc-read only memory
compact disc-rewritable
chief executive officer
CERIASCenter for Education and Research in Information Assurance and Security
computer emergency response team
CERT® Coordination Center
CFAAComputer Fraud and Abuse Act
CFBCipher Feedback
CFIcomputer and financial investigations
CFRCode of Federal Regulations
CFTTcomputer forensics tool testing
CGAcryptographically generated addresses
CGICommon Gateway Interface
CHAPChallenge-Handshake Authentication Protocol
CHUIDcardholder unique identifier
CIDRClassless Inter-Domain Routing
CIFSCommon Internet File System
CIOchief information officer
CIPcritical infrastructure protection
CIPCCritical Infrastructure Protection Committee


CIPSEAConfidential Information Protection and Statistical Efficiency Act
CIRCcomputer incident response capability
CIRCcomputer incident response center
CIRDBCERIAS Incident Response Database
CIRTcomputer incident response team
CISCenter for Internet Security
CISOchief information security officer
CLFcommon log format
CLIcommand line interface
common language runtime
Certificate Management Authority
CMACCipher-based Method Authentication Code
CMECommon Malware Enumeration
CMOScomplementary metal oxide semiconductor
CMSCenters for Medicare and Medicaid Services
CMSCryptographic Message Syntax
CMSSCommon Misuse Scoring System
CMVPCryptographic Module Validation Program
CNcommon name
CNcorrespondent node
CNSSCommittee on National Security Systems
CNSSICommittee on National Security Systems Instruction
care-of address
conflict of interest
COMComponent Object Model
COOPcontinuity of operations
Children’s Online Privacy Protection Act
Common Object Request Broker Architecture
commercial off-the-shelf
CPcertificate policy
contingency plan
Common Platform Enumeration
compression parameter index
CPNICentre for the Protection of National Infrastructure
CPScertification practice statement
CPUcentral processing unit
CRAMchallenge-response authentication mechanism
CRCcyclic redundancy check
CRLcertificate revocation list
CSIACyber Security Industries Alliance
CSIRCcomputer security incident response capability
CSIRTcomputer security incident response team
CSOchief security officer
CSOcomputer security object
CSPCredentials Service Provider
CSRcertificate signing request
CSRCComputer Security Resource Center
CSRDACyber Security Research and Development Act of 2002


CSScascading style sheet
CSVcomma-separated values
CTOchief technology officer
CTRcounter mode encryption
CVECommon Vulnerabilities and Exposures
CVSSCommon Vulnerability Scoring System
CWECommon Weakness Enumeration


DAdestination address
DAAdesignated accrediting authority
DAAdesignated approving authority
DACdiscretionary access control
DADduplicate address detection
DAMLDARPA Agent Markup Language
D-AMPSDigital Advanced Mobile Phone Service
DAOData Access Object
Defense Advanced Research Projects Agency
decibels referenced to one milliwatt
database management system
DCdomain controller
DCEDistributed Computing Environment
DCOMDistributed Component Object Model
DCSdistributed control system
DDMSDepartment of Defense Metadata Specification
DDoSdistributed denial of service
DEAData Encryption Algorithm
DEPData Execution Prevention
DESData Encryption Standard
DFSDistributed File System
DFSdynamic frequency selection
DHAADDynamic Home Agent Address Discovery
DHCPDynamic Host Configuration Protocol
DHCPv6Dynamic Host Configuration Protocol for Internet Protocol v6
DHSU.S. Department of Homeland Security
DIMSDigital Identity Management Service
DISAU.S. Defense Information Systems Agency
DLLdynamic link library
DMAdirect memory access
DMZdemilitarized zone
DNdistinguished name
DNdomain name
DNPDistributed Network Protocol
DNSdomain name system
DNSBLDomain Name System Blacklist
DNSSECDomain Name System Security Extensions
DOCU.S. Department of Commerce
DoDU.S. Department of Defense


DOEU.S. Department of Energy
DOIdomain of interpretation
DOJU.S. Department of Justice
DOMDocument Object Model
DoSdenial of service
DPAdifferential power analysis
DRAdata recovery agent
DRMdigital rights management
DRPdisaster recovery plan
DSDelegation Signer
DSdistribution system
DS Fielddifferentiated services field
DSADigital Signature Algorithm
DSLdigital subscriber line
DSMLDirectory Services Markup Language
DSNdelivery status notification
DSODdynamic separation of duty
DSSDigital Signature Standard
DSTMDual Stack Transition Mechanism
DTCDistributed Transaction Coordinator
DTDDocument Type Definition
DTRderived test requirement
DUIDDHCP unique identifier
digital video disc
digital video disc – recordable
digital video disc – read only memory
digital video disc – rewritable


EALevaluation assurance level
Extensible Authentication Protocol
Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling
Extensible Authentication Protocol Over LAN
EAPOL-KCKExtensible Authentication Protocol Over LAN Key Confirmation Key
Extensible Authentication Protocol Over LAN Key Encryption Key
Extensible Authentication Protocol-Transport Layer Security
Extensible Authentication Protocol-Tunneled Transport Layer Security
Exterior Border Gateway Protocol
Electronic Business using eXtensible Markup Language
Elliptic Curve over G[2N]
Electronic Codebook (mode)
ECCElliptic Curve Cryptography
ECDHElliptic Curve Diffie-Hellman
ECDSAElliptic Curve Digital Signature Algorithm
ECMEnterprise Configuration Manager
ECPEncryption Control Protocol
ECPAElectronic Communications Privacy Act
EDGEEnhanced Data rates for GSM Evolution
EDIelectronic data interchange


EDRenhanced data rate
EEPROMelectronically erasable programmable read-only memory
EFIExtensible Firmware Interface
EFSEncrypting File System
EGPExterior Gateway Protocol
EHextension header
EICAREuropean Institute for Computer Antivirus Research
EIGRPEnhanced Interior Gateway Routing Protocol
EAP Integrity Key
electronic mail
energy management system
EMSEnhanced Messaging Service
EMSKExtended Master Session Key
EPALEnterprise Privacy Authorization Language
EPCelectronic product code
EPCISElectronic Product Code Information Services
EPHIelectronic protected health information
EPSevents per second
ERPenterprise resource planning
ESMSenterprise security management system
ESMTPExtended Simple Mail Transfer Protocol
ESNelectronic serial number
ESPEncapsulating Security Payload
ESSExtended Service Set
ETSIEuropean Telecommunications Standards Institute
European Union
Extended Unique Identifier 64 bit
Evolution-Data Optimized
Second Extended Filesystem
ext3fsThird Extended Filesystem


FAQfrequently asked questions
FARFederal Acquisition Regulation
FASC-NFederal Agency Smart Credential Number
FASPFederal Agency Security Practices
FATfile allocation table
FBCAFederal Bridge Certification Authority
FBIFederal Bureau of Investigation
FBI CJISFederal Bureau of Investigation Criminal Justice Information Services Division
FCCFederal Communications Commission
FCC IDFederal Communications Commission Identification number
FCLfinal checklist list
FCPFFederal PKI Common Policy Framework
FCRAFair Credit Reporting Act
FCSframe check sequence
FDAFood and Drug Administration
FDCCFederal Desktop Core Configuration
FDCEFederated Development and Certification Environment


FDEfull disk encryption
FDICFederal Deposit Insurance Corporation
FEAFederal Enterprise Architecture
FEKfile encryption key
FFMIAFederal Financial Management Improvement Act
FHSSfrequency hopping spread spectrum
FIBforwarding information base
FICCFederal Identity Credentialing Committee
Federal Information Processing Standards
Forum of Incident Response and Security Teams
Federal Information System Controls Audit Manual
FISMAFederal Information Security Management Act of 2002
FISSEAFederal Information Systems Security Educators’ Association
FLETCFederal Law Enforcement Training Center
FMRfalse match rate
FNMRfalse non match rate
FOIAFreedom of Information Act
FPCFederal Preparedness Circular
FPKIFederal Public Key Infrastructure
FPKIAFederal Public Key Infrastructure Architecture
FPKIPAFederal Public Key Infrastructure Policy Authority
FQDNfully qualified domain name
FRRfalse rejection rate
FSOfield security office
FTCFederal Trade Commission
FTCAFederal Trade Commission Act
FTPFile Transfer Protocol
FUSFast User Switching
FYfiscal year


GAOU.S. Government Accountability Office
GFACgeneralized framework for access control
GFIRSTGovernment Forum of Incident Response and Security Teams
GIGGlobal Information Grid
GINAgraphical identification and authentication
GKEKGroup Key Encryption Key
GLB or GLBAGramm-Leach-Bliley Act
GMKGroup Master Key
GnuPGGNU Privacy Guard
GOTSgovernment off-the-shelf
GPLgeneral public license
GPMCGroup Policy Management Console
GPOGroup Policy Object
GPRSgeneral packet radio service
GPSglobal positioning system


GRgraceful restart
GREGeneric Routing Encapsulation
GRSGeneral Records Schedule
GS1Global Standards One
GSAU.S. General Services Administration
GSMGlobal System for Mobile Communications
GTCGeneric Token Card
GTEKgroup traffic encryption key
group temporal key
generic top-level domain
Generalized TTL Security Mechanism
GUIgraphical user interface


HAhigh availability
HAhome agent
HAGhigh assurance guard
HCIhost controller interface
HERFhazards of electromagnetic radiation to fuel
HEROhazards of electromagnetic radiation to ordnance
HERPhazards of electromagnetic radiation to personnel
HFhigh frequency
HFSHierarchical File System
HHSU.S. Department of Health and Human Services
HINFOhost information
HIPHost Identity Protocol
HIPAAHealth Insurance Portability and Accountability Act
HIPERLANhigh-performance radio local area network
HL7Health Level Seven
HMACkeyed-hash message authentication code
HMIhuman-machine interface
HPAhost protected area
HPFSHigh-Performance File System
HRhuman resources
HSARPAHomeland Security Advanced Research Projects Agency
HSPDHomeland Security Presidential Directive
HTCIAHigh Technology Crime Investigation Association
HTCPHyper Text Caching Protocol
HTMLHypertext Markup Language
HTTPHypertext Transfer Protocol
HTTPSSecure Hypertext Transfer Protocol


identification and authentication
Institute for Information Infrastructure Protection
information assurance
Internet Architecture Board
International Association of Computer Investigative Specialists
Information Analysis and Infrastructure Protection
IANAInternet Assigned Numbers Authority
IAOinformation assurance officer
IATFInformation Assurance Technical Framework
IBCiterated block cipher
identity-based encryption
Internal Border Gateway Protocol
IBMJSSEIBM Java Secure Socket Extension
IBSSindependent basic service set
IC3Internet Crime Complaint Center
ICAMPIncident Cost Analysis and Modeling Project
ICANNInternet Corporation for Assigned Names and Numbers
ICCIDIntegrated Circuit Card Identification
ICCPInter-control Center Communications Protocol
ICFInternet Connection Firewall
ICMPInternet Control Message Protocol
ICPInternet Cache Protocol
ICSindustrial control system
ICSInternet Connection Sharing
ICSAInternational Computer Security Association
ICVintegrity check value
Information Design Assurance Red Team
integrated development environment
IDEIntegrated Drive Electronics
IDEAInternational Data Encryption Algorithm
iDENIntegrated Digital Enhanced Network
ID-FFIdentity Federation Framework
IDMEFIntrusion Detection Message Exchange Format
IDMSidentity management system
IDPSintrusion detection and prevention system
intrusion detection system
Identity Service Interface Specifications
ID-WSFIdentity Web Services Framework
ID-WSF DSTIdentity Web Services Framework Data Services Template
IEInternet Explorer
IECInternational Electrotechnical Commission
intelligent electronic device
IEEE Standards Association
IESGInternet Security Steering Group
IETFInternet Engineering Task Force
IETF BCPInternet Engineering Task Force Best Current Practice
IETF RFCInternet Engineering Task Force Request for Comments


IGMPInternet Group Management Protocol
IGPinterior gateway protocol
IIDinterface identifier
IIFinformation in identifiable form
IIHIindividually identifiable health information
IISInternet Information Services
IKEInternet Key Exchange
IMinstant messaging
IMAPInternet Message Access Protocol
IMEIInternational Mobile Equipment Identity
IMSIInternational Mobile Subscriber Identity
INCITSInterNational Committee for Information Technology Standards
IPInternet Protocol
IPAinitial privacy assessment
IPCompInternet Protocol Payload Compression Protocol
IPngInternet Protocol Next Generation
IPSintrusion prevention system
IPsecInternet Protocol Security
IPv4Internet Protocol version 4
IPv6Internet Protocol version 6
IPXInternet Packet Exchange
IRinteragency report
Internet Relay Chat
Infrared Data Association®
interrupt request line
IRSInternal Revenue Service
IRTFInternet Research Task Force
ISinformation system
ISAinterconnection security agreement
ISAInternational Society of Automation
ISACinformation sharing and analysis center
ISAKMPInternet Security Association and Key Management Protocol
ISAPInformation Security Automation Program
ISAPIInternet Server Application Programming Interface
ISATAPIntra-Site Automatic Tunnel Addressing Protocol
ISFInformation Security Forum
Industrial Security Incident Database
Intermediate System-to-Intermediate System
industrial, scientific, and medical
ISMinformation security marking
ISMSinformation security management system
ISOInternational Organization for Standardization
ISPInternet service provider
ISSEAInternational Systems Security Engineering Association
ISSOinformation systems security officer
ISSPMinformation systems security program manager
ITinformation technology
ITAAInformation Technology Association of America
ITFInterrogator Talks First
ITLInformation Technology Laboratory


International Telecommunications Union
International Telecommunications Union-Telecommunication Standardization
implementation under test
IVinitialization vector


Java EEJava Platform, Enterprise Edition
JAXRJava API for XML Registries
JFFS2Journaling Flash File System, version 2
JPEGJoint Photographic Experts Group
JREJava Runtime Environment
JSMJava Security Manager
JSPJava Server Pages
JSSEJava Secure Socket Extension
JTAGJoint Test Action Group
JTC1Joint Technical Committee 1 (International Organization for Standardization
[ISO]/International Electrotechnical Commission [IEC])
Java Virtual Machine


Kbpskilobit per second
KDCkey distribution center
KEKkey encryption key
KGkey generator
key generation and distribution
Kerberized Internet Negotiation of Keys
KSGkey stream generator
KSKkey signing key


Logical Link Control and Adaptation Protocol
Layer 2 Forwarding
Layer 2 Tunneling Protocol
Layer 2 Virtual Private Network
Layer 3 Virtual Private Network
Latin American and Caribbean IP Addresses Registry
LANlocal area network
LCDliquid crystal display
LDAlocal delivery agent
LDAPLightweight Directory Access Protocol
LEDlight emitting diode


LFlow frequency
LFSRlinear feedback shift register
LIRlocal Internet registry
LMLAN Manager
LMPLink Manager Protocol
LOClocation (DNS record)
LRALocal Registration Authority
LUAlimited user account


mandatory access control
MACmedia access control (layer)
MACMedium Access Control
MACmessage authentication code
MAFmulti-mode authentication framework
MANmetropolitan area network
MAPSMail Abuse Prevention System
Mbpsmegabits per second
MBRmaster boot record
MBSAMicrosoft Baseline Security Analyzer
MDmessage digest
MEmobile equipment
MEDmulti-exit discriminator
MEPmessage exchange pattern
MESmanufacturing execution system
MIBmanagement information base
MICmandatory integrity control
MICmessage integrity check
MICmessage integrity code
MIKEYMultimedia Internet KEYing
MIMEMultipurpose Internet Mail Extensions
MIMOmultiple-input, multiple-output
MINmobile identification number
Mini SDmini secure digital
MIPMobile Internet Protocol
MitMman-in-the-middle (attack)
MLDMulticast Listener Discovery
MMCMicrosoft Management Console
MMCmobileMultiMediaCard Mobile
MMSMultimedia Messaging Service
MNmobile node
MOAmemorandum of agreement
MOBIKEIKEv2 Mobility and Multihoming Protocol


MODPmodular exponential
MOSSMIME Object Security Services
MOUmemorandum of understanding
MOVSModes of Operation Validation System
MPAMobile Prefix Advertisement
MPLSmultiprotocol label switching
MPSMobile Prefix Solicitation
MRImagnetic resonance imaging
MSmobile subscriber
mobile switching center
Microsoft Challenge Handshake Authentication Protocol
MS-DOSMicrosoft Disk Operating System
MSDPMulticast Source Discovery Protocol
MSECmulticast security
MSELMaster Scenario Events List
MSILMicrosoft Intermediate Language
MSISDNMobile Subscriber Integrated Services Digital Network
MSKmaster session key
MSKBMicrosoft Knowledge Base
MSSPmanaged security services provider
MSWGMetadata Standards Working Group
MTAmail transfer agent
MTMMobile Trusted Module
MTUmaster telemetry unit
MTUmaster terminal unit
MTUmaximum transmission unit
mail user agent
mail exchanger


NANeighbor Advertisement
NACnetwork access control
NACINational Agency Check and Inquiries
NAPNetwork Access Protection
NARANational Archives and Records Administration
NASnetwork access server
network address translation
network address translation—protocol translation
network address translation traversal
network behavior analysis
NBADnetwork behavior anomaly detection
NCESNetCentric Enterprise Services
NCPNational Checklist Program
NCSDNational Cyber Security Division
NCSINIST National Center for Standards and Certification Information
NDNeighbor Discovery


NDACnondiscretionary access control
NetBEUINetBIOS Extended User Interface
NetBIOSNetwork Basic Input/Output System
NFATnetwork forensic analysis tool
NFCnear field communication
NFSnetwork file system
NFSNetwork File Sharing
NHnext header
NIACNational Infrastructure Advisory Council
NIAPNational Information Assurance Partnership
NICnetwork interface card
NICCNational Infrastructure Coordinating Center
NIJNational Institute of Justice
NIPCNational Infrastructure Protection Center
NISNetwork Information System
NISACNational Infrastructure Simulation and Analysis Center
NISCCNational Infrastructure Security Co-ordination Centre
NISTNational Institute of Standards and Technology
NISTIRNational Institute of Standards and Technology Interagency Report
NPIVPNIST Personal Identity Verification Program
NPPInonpublic personal information
NSname server
NSNeighbor Solicitation
NSANational Security Agency
NSAPINetscape Server Application Programming Interface
NSECNext Secure
NSInational security information
NSRLNational Software Reference Library
NSSNetwork Security Services
NSTBNational SCADA Test Bed
NSTISSCNational Security Telecommunications and Information Systems Security
National Security Telecommunications and Information Systems Security
NTFSNew Technology File System
NTPNetwork Time Protocol
NTTAANational Technology Transfer and Advancement Act of 1995
NUDNeighbor Unreachability Detection
NVDNational Vulnerability Database
NVLAPNational Voluntary Laboratory Accreditation Program
National White Collar Crime Center
no execute


Organization for the Advancement of Structured Information Standards
Office of the Comptroller of the Currency
OCIOOffice of the Chief Information Officer
OCSPOnline Certificate Status Protocol
ODBCOpen Database Connectivity
OECDOrganisation for Economic Co-operation and Development
OEMoriginal equipment manufacturer
OFBoutput feedback (mode)
orthogonal frequency-division multiplexing
Open Grid Services Architecture
OHAOpen Handset Alliance
OIGOffice of Inspector General
OLEobject linking and embedding
OMBOffice of Management and Budget
ONSObject Naming Service
OPCOLE for Process Control
OpenPGPAn Open Specification for Pretty Good Privacy
OPMU.S. Office of Personnel Management
ORBopen relay blacklist
OSoperating system
OSHAOccupational Safety and Health Administration
OSIOpen Systems Interconnection
OSPFOpen Shortest Path First
OSSopen source software
OSSTMMOpen Source Security Testing Methodology Manual
OSVDBOpen Source Vulnerability Database
OTPone-time password
OUorganizational unit
OVALOpen Vulnerability and Assessment Language
Open Web Application Security Project
Web Ontology Language for Services


Privilege Attribute Certificate
PACProtected Access Credential
PADpeer authorization database
PAMpluggable authentication module
PANpersonal area network
PAOSReverse HTTP Binding for SOAP
PAPPassword Authentication Protocol
PAPpolicy access point
PASpublicly available specification
PBApre-boot authentication
PBACpolicy-based access control
PBCCPacket Binary Convolutional Code


PBEpre-boot environment
PBXprivate branch exchange
PCpersonal computer
PCIPayment Card Industry
PCIpersonal identity verification card issuer
PCI DSSPayment Card Industry Data Security Standard
PCMCIAPersonal Computer Memory Card International Association
PCNprocess control network
PCPIP Payload Compression Protocol
PCSprocess control system
PCSFProcess Control System Forum
PCSRFProcess Control Security Requirements Forum
PDApersonal digital assistant
PDDPresidential Decision Directive
PDFPortable Document Format
PDPpolicy decision point
PDSprotective distribution systems
PEAPProtected Extensible Authentication Protocol
PEDportable electronic devices
PEMPrivacy Enhanced Mail
PEPpolicy enforcement point
PFSperfect forward secrecy
PGPPretty Good Privacy
PHIprotected health information
PHPPHP: Hypertext Preprocessor
PHYPhysical (layer)
privacy impact assessment
Platform for Internet Content Selection
personally identifiable information
personal information management
Protocol Independent Multicast—Sparse Mode
personal identification number
PIPpolicy information point
PIRPublic Interest Registry
PIVpersonal identity verification
PKCSPublic Key Cryptography Standard
PKIpublic key infrastructure
PKMprivacy key management
PKMv1Privacy Key Management Protocol version 1
PKMv2Privacy Key Management Protocol version 2
PLpublic law
PLCprogrammable logic controller
PMAPolicy Management Authority
PMKpairwise master key
PMKSAPairwise Master Key Security Association
PMTUpath maximum transmission unit
PNpacket number
Portable Network Graphics
plan of action and milestones
point of contact


POCproof of concept
PoEPower over Ethernet
POPPost Office Protocol
POP3Post Office Protocol version 3
PPprotection profile
PPPPoint-to-Point Protocol
PPTPPoint-to-Point Tunneling Protocol
PPVPNprovisioner-provided virtual private network
Paperwork Reduction Act
pre-primary authorization key
pseudorandom function
PRNGpseudorandom number generator
PSKpre-shared key
PSTNpublic switched telephone network
PTAprivacy threshold assessment (or analysis)
PTKpairwise transient key
PTVperceived target value
PUKPIN unblocking key
PVGpatch and vulnerability group


QoPquality of protection
QoSquality of service


research and development
receiver address
RARegistration Authority
RAremote assistance
RARouter Advertisement
RAdACrisk adaptive access control
RADIUSRemote Authentication Dial In User Service
RAIDredundant array of independent disks
RAMrandom access memory
RATremote administration tool
RBACrole-based access control
RC2Rivest Cipher 2
RC4Rivest Cipher 4
RCEroute cache entry
RCFLRegional Computer Forensics Laboratory
RCPRemote Copy Protocol
RDBMSrelational database management system
RDPRemote Desktop Protocol
RELrights expression language
REPRobots Exclusion Protocol


RESTRepresentational State Transfer
RFradio frequency
RFCrequest for comments
RFDroute flap damping
RFIDradio frequency identification
RFPrequest for proposal
RIBrouting information base
RIPRouting Information Protocol
RIPE NCCRéseaux IP Européens Network Coordination Centre
RIPngRouting Information Protocol next generation
RIRregional internet registries
RISRemote Installation Services
RMAreliability, maintainability, and availability
RMONRemote Monitoring
RNGrandom number generator
ROErules of engagement
ROMread-only memory
RPresponsible person (record)
RPCremote procedure call
RPFReverse Path Forwarding
RPOrecovery point objective
RRresource record
RRSIGresource record signature
RSrelay station
RSRouter Solicitation
RSBACrule set-based access control
RSNRobust Security Network
RSNARobust Security Network Association
RSNIERobust Security Network Information Element
RSOreduced sign-on
RSSReally Simple Syndication
RSSIreceived signal strength indication
RSVPResource ReSerVation Protocol
RTFRich Text Format
RTLSreal-time location system
RTOrecovery time objective
RTPReal-Time Transport Protocol
RTUremote terminal unit or remote telemetry unit
rule-based access control
Removable User Identity Module


Secure/Multipurpose Internet Mail Extensions
security association
SAsource address
SACLsystem access control list
SADsecurity association database
SAFERSecure And Fast Encryption Routine


SAIDsecurity association identifier
SAISOsenior agency information security officer
SAMSecurity Account Manager
SAMsoftware asset management
Software Assurance Metrics and Tool Evaluation
Security Assertion Markup Language™
storage area network
Secure Border Gateway Protocol
SCADAsupervisory control and data acquisition
SCAPSecurity Content Automation Protocol
SCPSecure Copy Protocol
SCSISmall Computer System Interface
SCTPStream Control Transmission Protocol
SDSecure Digital
SDIOSecure Digital Input Output
SDKsoftware development kit
SDLCSystem Development Life Cycle
SDOstandards development organization
SDPSession Description Protocol
SDPService Discovery Protocol
SEISoftware Engineering Institute
SEMsecurity event management
SENDSecure Neighbor Discovery
SEPsecure entry point
SFTPSecure File Transfer Protocol
Secure Hash Algorithm
Secure Hash Algorithm 1
Site Multihoming by IPv6 Intermediation
Secure Hash Standard
SIASecurity Industry Association
SIDsecurity identifier
SIEMsecurity information and event management
SIGspecial interest group
SIITStateless IP/ICMP Translation Algorithm
SIMsecurity information management
SIMsubscriber identity module
SIPSession Initiation Protocol
SISsafety instrumented system
SKEMESecure Key Exchange Mechanism
SLAservice level agreement
SMBServer Message Block
subject matter expert
Secure/Multipurpose Internet Mail Extensions
Short Message Service
SMSSystems Management Server
SMTscar, mark and tattoo
SMTPSimple Mail Transfer Protocol
SNLSandia National Laboratories
SNMPSimple Network Management Protocol
SNTPSimple Network Time Protocol


SOAservice-oriented architecture
start of authority (resource record)
Secure Origin Border Gateway Protocol
separation of duties
SOHOsmall office/home office
SOPstandard operating procedure
SORsystem of records
SORNsystem of records notice
SOXSarbanes-Oxley Act of 2002
SPservice pack
SPspecial publication
SPDsecurity policy database
SPIsecurity parameters index
Structured Product Labeling
Service Provisioning Markup Language™
System Protection Profile for Industrial Control Systems
Structured Query Language
SRservice release
SRESsigned response
SRTPSecure Real-Time Transport Protocol
SSsubscriber station
Simple Service Discovery Protocol
Systems Security Engineering-Capability Maturity Model
Secure Shell
SSIServer Side Includes
SSIDservice set identifier
SSLSecure Sockets Layer
SSLFSpecialized Security-Limited Functionality
SSNsocial security number
SSOsingle sign-on
SSoDstatic separation of duty
SSPsecure simple pairing
SSPISecurity Support Provider Interface
STsecurity target
STIGsecurity technical implementation guide
STSsecurity token service
SWSASemantic Web Services Initiative Architecture
SZsecurity zone


TAtest assertion
TAtransmitter address
TACACSTerminal Access Controller Access Control System
TAGtechnical advisory group
TCtechnical committee


TC68ISO/IEC Technical Committee 68
Transmission Control Protocol
Transmission Control Protocol/Internet Protocol
Triple Data Encryption Algorithm
TDMtime division multiplexing
TDMAtime division multiple access
TEKtraffic encryption key
TERENATrans-European Research and Education Networking Association
TFTthin film transistor
TFTPTrivial File Transfer Protocol
ticket-granting service
Telecommunications Industry Association
tag identifier
TKtemporal key
TKIPTemporal Key Integrity Protocol
TLDtop-level domain
TLSTransport Layer Security
TMOVSModes of Operation Validation System for the Triple DES Algorithm
TOEtarget of evaluation
TOStrusted operating system
ToSType of Service
TPCtransmission power control
TPMtrusted platform module
TRtechnical report
TRTtransport relay translator
TStechnical specification
TSAtime stamping authority
TSCTKIP sequence counter
TSIGSecret Key Transaction Authentication for DNS
TSIGTransaction Signature
TSNtransitional security network
Time-Stamp Protocol
test, training, and exercise
tag talks first
TTLtime to live
TTLSTunneled Transport Layer Security
TTPtrusted third party
TXTtext (record)


U.S.United States
U.S.C.United States Code
UACUser Account Control
UARTuniversal asynchronous receiver/transmitter
UBRUniversal Description, Discovery and Integration (UDDI) Business Registry
UCCUniform Code Council, Inc.
unsolicited commercial email
Uniform Description, Discovery, and Integration™
Universal Disk Format


UDPUser Datagram Protocol
UFSUNIX File System
UHFultra high frequency
UIuser interface
UKUnited Kingdom
ULUnderwriters’ Laboratories®
ULAunique local address
upper layer protocol
Unified Modeling Language™
ultra-mobile personal computer
UMTSUniversal Mobile Telecommunications System
UNIIUnlicensed National Information Infrastructure
UPCUniversal Product Code
UPnPUniversal Plug and Play
UPSuninterruptable power supply
URIUniform Resource Identifier
URLUniform Resource Locator
USBUniversal Serial Bus
US-CERTUnited States Computer Emergency Readiness Team
USIMUMTS Subscriber Identity Module or Universal Subscriber Identity Module
UTMunified threat management
UUIDUniversally Unique Identifier


Visual Basic
Visual Basic .NET
Visual Basic for Applications
VBScriptVisual Basic Script
VFDvariable frequency drive
VHDvirtual hard drive
VHFvery high frequency
VLANvirtual local area network
VMvirtual machine
VMSvulnerability management system
VoIPVoice over Internet Protocol
VOIPSAVoice over IP Security Alliance
VPNvirtual private network
VPNCVirtual Private Network Consortium
VRRPVirtual Router Redundancy Protocol


World Wide Web Consortium
wide area network
WAPwireless access point
WAPWireless Application Protocol
WaSPWeb Standards Project


WAVEWireless Access for Vehicular Environment
WAYFWhere Are You From
WCCPWeb Cache Coordination Protocol
Wideband Code Division Multiple Access
wireless distribution system
WebDAVWeb Distributed Authoring and Versioning
WEPWired Equivalent Privacy
WfMCWorkflow Management Coalition
WfMSworkflow management system
WGworking group
WIDPSwireless intrusion detection and prevention system
WiMAXWorldwide Interoperability for Microwave Access
WLANwireless local area network
wireless metropolitan area network
Wi-Fi Multimedia™
write once, read many
Wi-Fi Protected Access
Wi-Fi Protected Access® 2
wireless personal area network
WSWeb services
WSDLWeb Services Description Language
Windows Script Host
Web services interoperability
Web Services Interoperability Organization
Web Services Security for Java
Web Services Security
WSUSWindows Server Update Services
WVEWireless Vulnerabilities and Exploits
WWANwireless wide area network
WWWWorld Wide Web


XML Access Control Language
eXtensible Access Control Markup Language™
XOR Cipher Block Chaining
XCCDFeXtensible Configuration Checklist Description Format
XHTMLExtensible Hypertext Markup Language
XKMSXML Key Management Specification
XMLExtensible Markup Language
XORexclusive OR
XrMLeXtensible Rights Markup Language
XSDXML Schema Definition
XSLExtensible Stylesheet Language
XSLTExtensible Stylesheet Language Transformation
XSScross-site scripting
ZSKzone signing key


National Institute of Standards and Technology Publications, NIST Computer Security Division Resource Center Web site,
Internet Engineering Task Force (IETF),
Microsoft Hardware Developer Central, Glossary of Acronyms for PC and Server Technologies,
Organization for the Advancement of Structured Information Standards (OASIS),

IEEE Originally defined as “Institute of Electrical and Electronics Engineers, Inc.”Definition dropped by the organization

SOAP Originally defined as “Simple Object Access Protocol.” Definition dropped as of
April 2007 (

2 thoughts on “Cybersecurity Fundamentals – System and Network Security Glossary

Thank you so much

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s