Project Upskill Glossary
Related topics:
- Access Point
- A device (like a router) that connects wireless devices to a network (like the internet).
- NIST Definition
- Account Takeover
- A cyber intrusion in which a threat actor gains unauthorized access to their target’s account. This term is usually used in the context of social media account takeovers.
- Administrator Account
- An account on a computer or mobile device that gives the account holder broad permissions to access and manipulate the device’s data and settings.
- NIST Definition
- Advanced Persistent Threat (APT)
- A sophisticated threat actor, often associated with a nation-state, that has the resources and capabilities to conduct a sustained cyber campaign against a target individual or organization. The APT often spends a lot of time learning about their target before conducting an intrusion to establish an undetected presence in the target’s network. This ultimately enables the APT to surveil the target, steal sensitive data, or conduct other malicious activity over a prolonged period of time.
- NIST Definition
- CrowdStrike Definition
- Advertising ID (Ad ID)
- A unique ID associated with a device that is used to deliver personalized advertisements. Ad IDs can be used to track and profile a device user.
- Adware
- A type of software that collects information from your device to deliver personalized advertisements or sell your information for marketing purposes. Adware is sometimes used for malicious purposes to encourage the user to click on a phishing link or download malware.
- Anti-Malware Software
- Software that uses techniques to detect and remove new or more sophisticated malware strains from your device.
- Antivirus Software
- Software that blocks or removes traditional forms of malware on your device when it detects suspicious patterns of activity associated with known threats.
- NIST Definition
- Attack Surface
- The collection of potential opportunities for an unauthorized user to gain access to a system or network. The more devices in your network, the greater the potential for a threat actor to find and exploit a vulnerability. More devices in your network means a larger attack surface.
- NIST Definition
- Authentication
- The process of verifying identity.
- NIST Definition
- Bluetooth
- A technology that allows two devices in close proximity to be “paired” and communicate with each other.
- NIST Definition
- Brute Force
- A trial-and-error method that threat actors use to crack passwords, login credentials, and encryption keys by systematically attempting all possible combinations.
- NIST Definition
- Certificate
- Something that a certificate authority issues to a website to signify it meets the standards of secure communication for exchanging data with users over the internet.
- NIST Definition
- Certificate Authority
- A trusted entity that ensures a website uses secure communication methods to exchange data with users over the internet.
- NIST Definition
- Cloud
- A “catchall” term that references computing hardware (e.g., servers) and software (e.g., apps accessed through web browsers) that makes data available over the internet.
- NIST Definition
- Cloud-Based Storage
- Data storage that uses remote servers.
- Cookies
- Technology that records a user’s information and activity when the user accesses websites. Cookies are used by website owners, third parties, and sometimes threat actors to gather user data. The owner of a cookie can sell the data they collect to third parties, such as data brokers.
- NIST Definition
- Cyber Threat Actor
- A term used to describe someone intending to conduct malicious activities in the cyber domain. Also referred to as malign actor, threat actor, and cybercriminal.
- JCDC Definition
- Dark Web
- Parts of the internet that are not easily accessible and hard to find since they do not show up in search engine results and/or are not accessible with standard web browsers. The dark web is often used to conduct malicious cyber activity, such as exchanging leaked credentials.
- Data Breach
- An event in which data becomes accessible to people who should not have access to it. A data breach can be intentional (e.g., a threat actor obtains unauthorized access to company data) or unintentional (e.g., an employee accidentally emails a confidential client list to the wrong recipient).
- Data Broker
- Companies that collect and sell personal data.
- Data in transit/Data in motion
- Any information that is being moved between devices or networks. Examples include sending an email, downloading a file from the internet, saving data to the cloud, and syncing your phone to your smartwatch.
- Okta Definition
- Default
- The setting or option that a device or software will automatically revert to unless changed.
- Defense in Depth
- A cybersecurity strategy in which users implement multiple cybersecurity best practices to strengthen their security posture instead of relying on a single defense.
- NIST Definition
- Denial-of-Service Attack
- A cyberattack where a machine, network, or other cyber resource is made unavailable, usually by overloading and disrupting services.
- NIST Definition
- Developer
- As used in Project Upskill, a developer is a person or organization that creates and maintains the software associated with an application or operating system.
- NIST Definition
- Dictionary Attack
- A type of brute force attack where cyber threat actors create lists of words, phrases, or even commonly used passwords―many of these are obtained by stealing account credentials―and use a trial-and-error process to guess and obtain passwords, login credentials, and encryption keys.
- Digital Ecosystem
- For the purposes of Project Upskill, your digital ecosystem is the suite of technology products and services that you use. The more products and services you use, the more opportunities there are for threat actors to find and exploit vulnerabilities in one of those products or services.
- Digital Footprint
- Reference to digital activity that can be uniquely traced to an individual.
- Domain
- The category in which a website falls under in the Domain Name System (e.g., .com, .gov).
- NIST Definition
- Domain Name System (DNS)
- A system in which the website address that you type into your web browser (e.g., https://www.cisa.gov) is translated into its corresponding IP address so that your computer can communicate with the server that runs the website.
- Domain Name System (DNS) - Glossary | CSRC (nist.gov)
- Doxxing
- The act of maliciously revealing a person’s private information to the public, such as name, address, and phone number.
- Encrypt
- A method of preventing third parties from accessing data without authorization by transforming data into a code that can only be unlocked by parties that have the key to decrypt it.
- NIST Definition
- End-to-End Encryption
- The use of encryption to secure data as it travels between two endpoints so that unauthorized parties cannot read what is being communicated. An example is securing a text message from sender to receiver.
- NIST definition
- Cloudflare definition
- Exfiltrate
- The act of taking data from an information system (such as a computer or mobile device) without permission.
- NIST Definition
- Extension
- Software that provides extra features or capabilities to your web browser.
- NIST Definition
- File Path
- The description for where to locate a particular file in a computer’s directory.
- High-Risk Individual or Community
- For the purposes of Project Upskill, “high-risk” refers to individuals or communities that are at heightened risk of becoming the target of an ideologically or politically motivated cyber threat actor.
- HTTP
- The beginning portion of a URL if the website does not use secure and authenticated communication protocols for web users. Webpages beginning with http:// are often used in phishing attacks.
- NIST Definition
- HTTPS
- The beginning portion of a website’s URL. The “s” in “https” ensures it is the standard method for communication and secure for users to visit the website.
- NIST Definition
- Interception
- The act of obtaining unauthorized access to data or communications between at least two parties.
- Internet Service Provider (ISP)
- A company that provides access to the internet. Common ISPs in the U.S. are AT&T and Verizon.
- Internet of Things (IoT)
- A network of devices that communicate and share data with each other. This includes smart watches, smart thermostats, cellphones, and anything else with network connectivity.
- NIST Definition
- Internet Protocol (IP) Address
- An identifying number assigned to a device by the network that it is communicating on in order to properly route data to and from the device.
- NIST Definition
- Internet Traffic
- Data exchanged between your computer network and the internet.
- Cloudflare Definition
- IPv6 Leak
- A type of leak that may occur if your VPN is not running correctly and exposes your IPv6 address (a unique device identifier) when this should be hidden.
- Keyloggers
- Software designed to record whatever a user types into their keyboard. Keyloggers are frequently used to obtain account credentials or to monitor sensitive communications.
- NIST Definition
- MAC Address
- A globally unique identifier assigned to each component on a device that is used for sending and receiving data. For instance, if your device has an ethernet port, Wi-Fi connection, and Bluetooth connection, all three connections will have a globally unique MAC address that no other device uses.
- NIST Definition
- Malware
- Malicious software that threat actors develop to carry out harmful cyber activity, such as gaining unauthorized access to a device, disrupting a user’s access to their data, manipulating the integrity of the user’s data, stealing data, or surveilling their victim.
- NIST Definition
- Media Storage Device
- Examples include thumb drives/USB flash drives, and floppy discs; also referred to as “removable media.”
- Metadata
- The attributes of a particular piece of data. For example, the metadata associated with an email might include the time, date, and communicants, but it would not include the contents of the email itself.
- NIST Definition
- Multifactor Authentication (MFA)
- A process that requires two or more forms of authentication to verify the identity of a user or device. MFA usually includes a password and at least one other step, such as text message email confirmation code, or the use of an authenticator app, for authentication.
- NIST Definition
- Native Services
- Software that is developed by the operating system developer and is pre-installed within the OS itself. Typically, this is software that cannot be removed from the OS.
- Near-Field Communication (NFC)
- The technology in smartphones, smartwatches, and other mobile devices that enables tapping the device to a terminal to exchange data. Payment systems like Apple Pay and Google Pay are popular examples of NFC technology, as well as hotel keys that patrons tap rather than insert.
- NIST Definition
- Operating System
- The main software that runs a computer and allows it to perform basic tasks. Examples of major operating systems are Windows, macOS, iOS, and Android.
- NIST Definition
- Overwrite
- When a computer “writes over” data stored on the hard drive with new data, making the old data inaccessible without computer forensic capabilities.
- NIST Definition
- Password Manager
- An app that stores all account passwords.
- Patch
- An update that “fixes” issues found in previous versions of software, including security vulnerabilities.
- NIST Definition
- Phishing
- A social engineering technique whereby threat actors send convincing emails, messages, phone calls, or other communications to trick individuals into clicking on links and providing personal information, often to obtain access to sensitive accounts. These attacks often result in identity theft or financial loss; however, they can also act as a gateway to even more serious concerns, such as obtaining access to a device to steal information or install ransomware.
- NIST Definition
- Principle of Least Privilege
- A security practice of assigning users the minimum required permissions needed to access data and systems to perform their daily functions; most often referenced with computer accounts (e.g., Administrative, Standard).
- NIST Definition
- Program
- A synonym for software application.
- Ransomware
- A form of malware that prevents an organization or individual from accessing their data. The threat actor demands that the victim pay a ransom to recover their data.
- CISA Definition
- Removable Media
- Examples include thumb drives/USB flash drives, SD cards, and floppy discs.
- NIST Definition
- Rootkits
- Software that is often used by threat actors to obtain access to a device and modify hardware and software settings while evading detection. A rootkit can potentially allow a threat actor to “take over” a user’s device.
- NIST Definition
- Router
- A device that connects devices to a network (like the internet). Its function is to direct data from one device to its intended recipient.
- NIST Definition
- Secure by Design
- Products or services that build cybersecurity into the design and manufacturing process.
- CISA Definition
- Service Set Identifier (SSID)
- The name of a Wi-Fi network.
- NIST Definition
- SIM Swapping
- A technique that threat actors use to switch your phone number to a SIM card they own to receive your messages. If a sensitive account like your online banking account uses one-time passwords for MFA, the threat actor will be able to receive those one-time passwords to defeat MFA and gain access to the account. This technique often relies on the cyber threat actor socially engineering your cellular service provider by pretending to be you.
- Social Engineering
- A variety of methods that threat actors use to convince individuals to provide information or take actions that enable the threat actor to conduct malicious cyber activity, such as installing malware or obtaining unauthorized access to an account.
- NIST Definition
- Software
- Code that instructs your device to perform certain functions. Applications like your music streaming app or social media app are a form of software. Software may also be referred to as a program, computer program, application, or app.
- NIST Definition
- Spoofing
- A social engineering technique in which a threat actor masquerades as a legitimate organization, individual, or resource. Frequently, threat actors will create spoofed webpages that mimic a legitimate website.
- NIST Definition
- Spyware
- A specific class of technologies used to remotely obtain unauthorized access to information stored on or communicated between electronic devices.
- Statutory Definition
- Stalkerware
- A type of software that is downloaded onto a victim’s device to track their activity, potentially including their location and communications.
- Strong Password
- A password that meets current requirements for long, unique, and random.
- Transport Layer Security (TLS)
- A security protocol that encrypts data that is being exchanged over the internet.
- NIST Definition
- Trojan Horse
- A type of malware that is able to evade a device’s security defenses because it appears to be a legitimate app but hides a malicious function.
- NIST Definition
- Uniform Resource Locator (URL)
- The address you enter into a search engine to pull up a website (e.g., www.cisa.gov).
- NIST Definition
- Update
- A “fix” or upgrade to an application or the operating system on your device. Updates are often issued to fix security flaws and are frequently referred to as “patches.” Other updates provide general upgrades.
- NIST Definition
- User Account
- An account on a computer or mobile device that has limited permission to access or modify the device’s hardware or software settings. Users should use this type of account for daily activities. User account may also be referred to as a standard account.
- Virtual Private Network (VPN)
- A technology that, if used properly, can offer users greater privacy and security when exchanging data over the internet.
- NIST Definition
- Voice-over-Internet Protocol (VoIP)
- A technology that enables you to make calls through an internet data connection. This is different than making a standard voice call over cellular.
- NIST Definition
- Vulnerability
- Weaknesses in a system that threat actors can exploit to conduct malicious cyber activity.
- NIST Definition
- Wardiving
- The act of searching for and mapping wireless networks (including public Wi-Fi networks and even home Wi-Fi networks) in a given geolocation. Hobbyists often publish these maps online for free2, allowing anyone to find the SSID, MAC address and wireless security (e.g., unsecure, WPA2, WPA3) being used by an access point at any given location.
- CISA Definition
- Wi-Fi
- A technology that allows your devices to wirelessly connect to the internet.
- NIST Definition