Glossary of Terms




























A procedure which verifies the identity of a computer or network user before allowing access to an electronic device, server, or website. A common, single authentication procedure is a password. “Two-factor authentication” is a procedure which uses two independent forms of authentication.


A network of computers that have been penetrated, compromised, and programmed to operate on the commands of an unauthorized remote user, usually without the knowledge of the owners or operators. The network of “robot” computers can then be manipulated by the remote actor to commit attacks on other systems. The computers on Botnets are frequently referred to as “zombies” and are often employed in digital denial of service (DDOS) attacks.

Continuous Monitoring

A process designed to regularly assess information systems to determine if the complete set of planned, required, and deployed security controls continues to be effective over time as changes in the system occur. Continuous Monitoring transforms the traditional model of static, sporadic security compliance assessments to dynamic, near-real-time situational awareness.

Covered Critical Infrastructure

Infrastructure that would be subject to protections and conditions outlined under the Cybersecurity Act of 2012.

Critical Infrastructure

The PATRIOT Act defines critical infrastructure as systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters. The Department of Homeland Security currently identifies 18 critical infrastructure sectors, including transportation, electricity, financial services, and nuclear power. Most critical infrastructure entities are dependent upon computer networks and therefore vulnerable to cyberattacks.

CyberCom (U.S. Cyber Command)

Created in June 2009, CyberCom is responsible for planning, coordinating, integrating, synchronizing, and directing activities to operate and defend the Department of Defense’s (DoD) information networks. CyberCom is the center of DoD’s cyberspace operations and it works closely with interagency and international partners to execute cyber missions. CyberCom is a sub unified command under U.S. Strategic Command (StratCom).


Cybercrime is criminal activity conducted using computers and the internet, often financially motivated. Cybercrime includes identity theft, fraud, and internet scams, among other activities. Cybercrime is distinguished from other forms of malicious cyber activity, which have political, military, or espionage motivations.

DDOS (Digital Denial of Service)

A cyber war technique in which an internet site, a server, or a router is flooded with more requests for data than the site or device can respond to or process. Consequently, legitimate traffic cannot access the site and the site is in effect shut down. Botnets are used to conduct such attacks, thus distributing the attack over thousands of originating computers acting in unison.


A program administered by the Department of Homeland Security’s US-CERT that provides an automated intrusion detection system designed to block unauthorized network traffic from entering government websites. The program provides a process for collecting, correlating, analyzing, and sharing computer security information across the federal government to improve the nation’s situational awareness. US-CERT has deployed two generations of EINSTEIN programs and is developing EINSTEIN 3.

Email Spoofing

Creation of an email message with a misleading sender address, with the intention of leading the recipient to open, and possibly take action.


The scrambling of information so that it is unreadable to those who do not have the code to unscramble it.

FISMA (Federal Information Security Management Act)

An Act intended to implement and inventory federal information technology systems to enhance government agencies’ cybersecurity. FISMA requires annual reports from agencies to the Office of Management and Budget (OMB) on each agency’s information security efforts and compliance with government issued standards. OMB then compiles all the reports and submits to Congress an annual compliance report.


Gaining unauthorized access into a computer or networked system.


Someone who intentionally gains access to a computer or network without authorization.


Exploitation of computers and networks to promote political ends. The anti-secrecy group Anonymous is an example of an hacktivist organization.


The machines, wiring, and other physical components of a computer, network, or other information technology system.

ISP (Internet Service Provider)

Entity (or government agency) that provides wired or wireless connectivity to the Internet.

Keystroke Logger

A program or device that captures and records every key depression on the computer. Cybercriminals install them on computers to clandestinely record the computer user’s passwords and other confidential information.

Logic Bomb

Software application or series of instructions that cause a system or network to shut down and/or erase all data or software on the network. A type of malware.


Malicious software that compromises or reprograms computers or networks with the intention of disrupting their intended functions or operations. Examples of malware include Logic Bombs, worms, viruses, Trojan Horses, and Keystroke Loggers.


A technique used by hackers to redirect users to false websites without their knowledge.


A socially-engineered attempt to lure internet users into giving out personal information such as usernames, passwords, social security numbers and credit card details. Common phishing tactics include posing as a known contact, company, or an otherwise trusted entity in an electronic communication.


Malware designed to block access to a computer system until money is paid to the attacker.


Computer hardware that direct the movement of internet data, ensuring that the data, such as email or website requests, reaches its intended destination. Routers are a type of server.

SCADA (Supervisory Control and Data Acquisition)

Generally refers to an industrial control system (automated system used to control industrial processes) such as regulation of electrical power transmission, wastewater treatment, or chemical mixing.


A computer that is programmed to provide services – such as hosting software platforms, databases, or websites – to other computers and computer users. Typically, servers are designed to be automated, operating without constant human monitoring.

Social Engineering

In the context of information security, it refers to psychological manipulation of people into performing actions or divulging confidential information. Examples include Phishing, Spear Phishing, Vishing, and Whaling.


Programs and other operating information used by a computer. Software programs provide the instructions that direct computers what to do and how to do it.


A “phishing” email attack targeting specific people or groups, such as employees of a particular company, or even a particular person. The attacker may incorporate the target’s name, work information, or other personal data derived from sources such as social media accounts, in order to appear more legitimate, or may give an urgent reason why the target should give out personal information, based on real details of the target’s life.

Trapdoor /Trojan/Trojan Horse

A type of malware added to a program to facilitate future unauthorized entry into a network or into the software program. Often after an initial entry, the perpetrators will leave behind a trapdoor that will permit future access to be faster and easier.

US-CERT (United States Computer Emergency Readiness Team)

An arm of the Department of Homeland Security’s National Cyber Security Division (NCSD). US-CERT leads efforts to improve the nation’s cybersecurity posture and coordinate cyber information sharing. US-CERT partners with private sector critical infrastructure owners and operators, academia, federal agencies, and state and local partners to enhance cybersecurity nationwide.


A “phishing” email attack using phone or VoIP technologies. The person targeted may receive an email, voicemail, or text luring them to call a phone number, which will prompt them to provide detailed information such as credit card numbers, birthdates, etc. to verify an account.


A focused email attack designed to appear to be a communication from a high-level executive or other authority. Hackers may create email addresses to look like those of the leader they are impersonating (spoofing) and may study a company’s communications to better mimic their language.