Cybercriminals are individuals or teams of people who use technology to commit malicious activities on digital systems or networks with the intention of stealing sensitive company information or personal data, and generating profit. Cybercriminals are known to access the cybercriminal underground markets found in the deep web to trade malicious goods and services, such as hacking tools and stolen data. Cybercriminal underground markets are known to specialize in certain products or services. Laws related to cybercrime continue to evolve across various countries worldwide. Law enforcement agencies are also continually challenged when it comes to finding, arresting, charging, and proving cybercrimes. Cybercriminals, Hackers, and Threat Actors Hacking does not necessarily count as a cybercrime; as such, not all hackers are cybercriminals. Cybercriminals hack and infiltrate computer systems with malicious intent, while hackers only seek to find new and innovative ways to use a system, be it for good or bad. Cybercriminals also differ greatly from threat actors in various ways, the first of which is intent. Threat actors are individuals who conduct targeted attacks, which actively pursue and compromise a target entity’s infrastructure. Cybercriminals are unlikely to focus on a single entity, but conduct operations on broad masses of victims defined only by similar platform types, online behavior, or programs used. Secondly, they differ in the way that they conduct their operations. Threat actors follow a six-step process, which includes researching targets and moving laterally inside a network. Cybercriminals, on the other hand, are unlikely to follow defined steps to get what they want from their victims. Note, however, that cybercriminals have also been known to adopt targeted attack methodologies in their operations. Related terms: Hacker, targeted attack, dark webGraphics : http://geography.oii.ox.ac.uk/?page=tor Links: https://www.blackhat.com/docs/eu-15/materials/eu-15-Balduzzi-Cybercrmine-In-The-Deep-Web-wp.pdf https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/the-many-faces-of-cybercrime http://blog.trendmicro.com/punishing-cyber-criminals-what-do-they-deserve/ Common Cybersecurity Terminology from a Cyber Security Expert A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z Click one of the letters above to automatically scroll down to terms beginning with that letter. A access access and identity management access control Related Term(s): access control mechanism access control mechanism active attack Related Term(s): passive attack active content Advanced Persistent Threat adversary Related Term(s): threat agent, attacker air gap Extended Definition: The physical separation or isolation of a system from other systems or networks (noun). alert All Source Intelligence Analyze antispyware software Related Term(s): spyware antivirus software asset Extended Definition: Anything useful that contributes to the success of something, such as an organizational mission; assets are things of value or properties to which value can be assigned. asymmetric cryptography attack Extended Definition: The intentional act of attempting to bypass one or more security services or controls of an information system. Related Term(s): active attack, passive attack attack method attack mode attack path attack pattern Extended Definition: For software, descriptions of common methods for exploiting software systems. Related Term(s): attack signature attack signature Extended Definition: An automated set of rules for identifying a potential threat (such as an exploit or the presence of an attacker tool) and possible responses to that threat. Related Term(s): attack pattern attack surface Extended Definition: An information system’s characteristics that permit an adversary to probe, attack, or maintain presence in the information system. attacker Extended Definition: A party acting with malicious intent to compromise an information system. Related Term(s): adversary, threat agent authenticate authentication Extended Definition: Also the process of verifying the source and integrity of data. authenticity Related Term(s): integrity, non-repudiation authorization Extended Definition: The process or act of granting access privileges or the access privileges as granted. availability Extended Definition: In cybersecurity, applies to assets such as information or information systems. Related Term(s): confidentiality, integrity Go to top B behavior monitoring behavioral monitoring bitcoin blacklist Related Term(s): whitelist black box Related Term(s): white box, gray box black hat Related Term(s): white hat blockchain Blue Team Extended Definition: Also, a group that conducts operational vulnerability evaluations and recommends mitigation techniques to customers ho need an independent technical review of their cybersecurity posture. Related Term(s): Red Team, White Team bot Extended Definition: A member of a larger collection of compromised computers known as a botnet. Synonym(s): zombie Related Term(s): botnet bot herder bot master Synonym(s): bot herder botnet bug Build Security In Go to top C capability Related Term(s): intent cat fishing Related Term(s): phishing cipher ciphertext Related Term(s): plaintext cloud computing Collect & Operate Collection Operations computer forensics computer network defense Computer Network Defense Analysis Computer Network Defense Infrastructure Support computer security incident Related Term(s): event confidentiality Extended Definition: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. Related Term(s): availability, integrity consequence Extended Definition: In cybersecurity, the effect of a loss of confidentiality, integrity or availability of information or an information system on an organization’s operations, its assets, on individuals, other organizations, or on national interests. Continuity of Operations Plan Related Term(s): Business Continuity Plan, Disaster Recovery Plan, Contingency Plan critical infrastructure Related Term(s): key resource critical infrastructure and key resources cryptanalysis Extended Definition: The study of mathematical techniques for attempting to defeat or circumvent cryptographic techniques and/or information systems security. cryptocurrency Extended Definition: Cryptocurrency examples include Bitcoin, Dogecoin, Etherium, Litecoin and many more. cryptographic algorithm Related Term(s): key, encryption, decryption, symmetric key, asymmetric key cryptography Extended Definition: The art or science concerning the principles, means, and methods for converting plaintext into ciphertext and for restoring encrypted ciphertext to plaintext. Related Term(s): plaintext, ciphertext, encryption, decryption cryptology Related Term(s): cryptanalysis, cryptography Customer Service and Technical Support cyber ecosystem cyber exercise cyber incident Related Term(s): event cyber incident response plan cyber infrastructure Extended Definition: The information and communications systems and services composed of all hardware and software that process, store, and communicate information, or any combination of all of these elements: ? Processing includes the creation, access, modification, and destruction of information. Storage includes paper, magnetic, electronic, and all other media types. ? Communications include sharing and distribution of information. Cyber Operations Cyber Operations Planning cybersecurity Extended Definition: Strategy, policy, and standards regarding the security of and operations in cyberspace, and encompass[ing] the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure. cyberspace Go to top D dark web Synonym(s): deep web Data Administration data aggregation Extended Definition: The new information is more sensitive than the individual data elements themselves and the person who aggregates the data was not granted access to the totality of the information. Related Term(s): data mining data breach Related Term(s): data loss, data theft, exfiltration data integrity Related Term(s): integrity, system integrity data leakage data loss Related Term(s): data leakage, data theft data loss prevention Related Term(s): data loss, data theft, data leak data mining Related Term(s): data aggregation data spill data theft Related Term(s): data aggregation, data leakage, data loss DDoS Related Term(s): distributed denial of service decipher Synonym(s): decode, decrypt decode Synonym(s): decipher, decrypt decrypt Synonym(s): decipher, decode decryption Extended Definition: The process of converting encrypted data back into its original form, so it can be understood. Synonym(s): decode, decrypt, decipher deep web Synonym(s): dark web denial of service Related Term(s): DDoS designed-in security digital forensics Extended Definition: In the NICE Workforce Framework, cybersecurity work where a person: Collects, processes, preserves, analyzes, and presents computer-related evidence in support of network vulnerability, mitigation, and/or criminal, fraud, counterintelligence or law enforcement investigations. Synonym(s): computer forensics, forensics digital rights management digital signature Related Term(s): electronic signature disruption distributed denial of service Related Term(s): denial of service, botnet dynamic attack surface Go to top E Education and Training electronic signature Related Term(s): digital signature encipher Synonym(s): encode, encrypt encode Synonym(s): encipher, encrypt encrypt Synonym(s): encipher, encode encryption Extended Definition: Converting data into a form that cannot be easily understood by unauthorized people. Synonym(s): encode, encrypt, encipher enterprise risk management Extended Definition: Involves identifying mission dependencies on enterprise capabilities, identifying and prioritizing risks due to defined threats, implementing countermeasures to provide both a static risk posture and an effective dynamic response to active threats; and assessing enterprise performance against threats and adjusts countermeasures as necessary. Related Term(s): risk management, integrated risk management, risk event Extended Definition: Sometimes provides an indication that an incident is occurring or at least raise the suspicion that an incident may be occurring. Related Term(s): incident exfiltration Related Term(s): data breach exploit Exploitation Analysis exposure Go to top F Failure firewall Extended Definition: A hardware/software device or a software program that limits network traffic according to a set of rules of what access is and is not allowed or authorized. forensics Go to top G GDPR gray box Related Term(s): black box, white box H hack Related Term(s): hacker hacker Related Term(s): hacktivist hacktivist hash value Synonym(s): cryptographic hash value Related Term(s): hashing hashing Extended Definition: Mapping a bit string of arbitrary length to a fixed length bit string to produce the hash value. Related Term(s): hash value hazard Related Term(s): threat Go to top I ICT supply chain threat Related Term(s): supply chain, threat identity and access management impact incident Extended Definition: An occurrence that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. Related Term(s): event incident management incident response Extended Definition: In the Workforce framework, cybersecurity work where a person: Responds to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats; uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of life, preservation of property, and information security. Investigates and analyzes all relevant response activities. Synonym(s): response Related Term(s): recovery incident response plan indicator Related Term(s): precursor Industrial Control System Related Term(s): Supervisory Control and Data Acquisition, Operations Technology information and communication(s) technology Related Term(s): information technology information assurance Related Term(s): information security Information Assurance Compliance information security policy Related Term(s): security policy information sharing information system resilience Related Term(s): resilience Information Systems Security Operations information technology Related Term(s): information and communication(s) technology inside( r) threat Extended Definition: One or more individuals with the access and/or inside knowledge of a company, organization, or enterprise that would allow them to exploit the vulnerabilities of that entity’s security, systems, services, products, or facilities with the intent to cause harm. Related Term(s): outside( r) threat integrated risk management Related Term(s): risk management, enterprise risk management integrity Extended Definition: A state in which information has remained unaltered from the point it was produced by a source, during transmission, storage, and eventual receipt by the destination. Related Term(s): availability, confidentiality, data integrity, system integrity intent Related Term(s): capability interoperability intrusion Synonym(s): penetration intrusion detection Investigate investigation Extended Definition: In the NICE Workforce Framework, cybersecurity work where a person: Applies tactics, techniques, and procedures for a full range of investigative tools and processes to include but not limited to interview and interrogation techniques, surveillance, counter surveillance, and surveillance detection, and appropriately balances the benefits of prosecution versus intelligence gathering. IT asset Go to top K key Related Term(s): private key, public key, secret key, symmetric key key pair Extended Definition: Two mathematically related keys having the property that one key can be used to encrypt a message that can only be decrypted using the other key. Related Term(s): private key, public key key resource Related Term(s): critical infrastructure keylogger Related Term(s): spyware Knowledge Management Go to top L Legal Advice and Advocacy Go to top M machine learning and evolution macro virus Related Term(s): virus malicious applet Related Term(s): malicious code malicious code Extended Definition: Includes software, firmware, and scripts. Related Term(s): malicious logic malicious logic Related Term(s): malicious code malware Synonym(s): malicious code, malicious applet, malicious logic man in the middle (MITM) mitigation Extended Definition: Implementing appropriate risk-reduction controls based on risk management priorities and analysis of alternatives. moving target defense Go to top N network resilience Network Services NFC or Near Field Communication non-repudiation Extended Definition: Provides the capability to determine whether a given individual took a particular action such as creating information, sending a message, approving information, and receiving a message. Related Term(s): integrity, authenticity Go to top O object Related Term(s): subject, access, access control Operate & Maintain operational exercise Extended Definition: Also referred to as operations-based exercise. Operations Technology Related Term(s): Industrial Control System outside( r) threat Related Term(s): inside( r) threat Oversight & Development Go to top P passive attack Related Term(s): active attack password pen test Synonym(s): penetration testing penetration penetration testing Personal Identifying Information / Personally Identifiable Information phishing plaintext Related Term(s): ciphertext precursor Related Term(s): indicator Preparedness privacy Extended Definition: The ability of individuals to understand and exercise control over how information about themselves may be used by others. private key Extended Definition: The secret part of an asymmetric key pair that is uniquely associated with an entity. Related Term(s): public key, asymmetric cryptography Protect & Defend public key Extended Definition: The public part of an asymmetric key pair that is uniquely associated with an entity and that may be made public. Related Term(s): private key, asymmetric cryptography public key cryptography Synonym(s): asymmetric cryptography, public key encryption public key encryption Public Key Infrastructure Extended Definition: A framework and services for generating, producing, distributing, controlling, accounting for, and revoking (destroying) public key certificates. Go to top R ransomware Recovery Red Team Related Term(s): Blue Team, White Team Red Team exercise Related Term(s): cyber exercise redundancy relay attack resilience response Extended Definition: In cybersecurity, response encompasses both automated and manual activities. Related Term(s): recovery response plan risk risk analysis Related Term(s): risk assessment, risk risk assessment Extended Definition: The appraisal of the risks facing an entity, asset, system, or network, organizational operations, individuals, geographic area, other organizations, or society, and includes determining the extent to which adverse circumstances or events could result in harmful consequences. Related Term(s): risk analysis, risk risk management Extended Definition: Includes: 1) conducting a risk assessment; 2) implementing strategies to mitigate risks; 3) continuous monitoring of risk over time; and 4) documenting the overall risk management program. Related Term(s): enterprise risk management, integrated risk management, risk risk mitigation risk-based data management rootkit Go to top S secret key Extended Definition: Also, a cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption of plaintext and decryption of ciphertext. Related Term(s): symmetric key Securely Provision security automation security incident security policy Extended Definition: A rule or set of rules applied to an information system to provide security services. Security Program Management signature Extended Definition: Types of signatures: attack signature, digital signature, electronic signature. situational awareness Extended Definition: In cybersecurity, comprehending the current status and security posture with respect to availability, confidentiality, and integrity of networks, systems, users, and data, as well as projecting future states of these. software assurance Software Assurance and Security Engineering spam Spear Phishing Related Term(s): phishing spillage Spoofing Extended Definition: The deliberate inducement of a user or resource to take incorrect action. Note: Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing. spyware Related Term(s): keylogger Strategic Planning and Policy Development subject Extended Definition: An active entity. Related Term(s): object, access, access control Supervisory Control and Data Acquisition Related Term(s): Industrial Control System supply chain Related Term(s): supply chain risk management Supply Chain Risk Management Related Term(s): supply chain symmetric cryptography symmetric encryption algorithm symmetric key Extended Definition: Also, a cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption of plaintext and decryption of ciphertext. Related Term(s): secret key System Administration system integrity Related Term(s): integrity, data integrity Systems Development Systems Requirements Planning Systems Security Analysis Systems Security Architecture Go to top T tabletop exercise tailored trustworthy space Targets Technology Research and Development Test and Evaluation threat Extended Definition: Includes an individual or group of individuals, entity such as an organization or a nation), action, or occurrence. threat actor threat agent Related Term(s): adversary, attacker threat analysis Extended Definition: In the NICE Workforce Framework, cybersecurity work where a person: Identifies and assesses the capabilities and activities of cyber criminals or foreign intelligence entities; produces findings to help initialize or support law enforcement and counterintelligence investigations or activities. threat assessment Related Term(s): threat analysis ticket TOR (The Onion Router) Related Term(s): The Onion Network traffic light protocol Trojan horse two-factor authentication Related Term(s): 2FA, TFA, two step verification Go to top U unauthorized access unencrypted Antonym: encrypt Go to top V Virtual Private Network (VPN) Related Term(s): privacy virus Related Term(s): macro virus vulnerability Extended Definition: Characteristic of location or security posture or of design, security procedures, internal controls, or the implementation of any of these that permit a threat or hazard to occur. Vulnerability (expressing degree of vulnerability): qualitative or quantitative expression of the level of susceptibility to harm when a threat or hazard is realized. Related Term(s): weakness Vulnerability Assessment and Management Go to top W weakness Related Term(s): vulnerability weakness Related Term(s): phishing white box Related Term(s): black box, gray box white hat Related Term(s): black hat White Team Related Term(s): Blue Team, Red Team whitelist Related Term(s): blacklist work factor work Go to top Z zero-day exploit zombie Go to top |