Entry-Level Cybersecurity Training

Course Glossary
This glossary corresponds to the various terms introduced throughout the course. You can
reference all of the definitions here in one place as a supplementary study guide. Unless
otherwise noted, these definitions were taken from the NIST Computer Security Resource
Center.

Access Control List (ACL)

A mechanism that implements access control for a system resource by enumerating the
identities of the system entities that are permitted to access the resources.

Asset
Per Wikipedia, an asset in information security is any data, device, or other component of the
environment that supports information-related activities.

Asymmetric Encryption
Encryption system that uses a public-private key pair for encryption and/or digital signature.

Attack Flow
There is no official definition from NIST for this term; however, it is a general term to refer to the
flow of an attack from one stage to the next. In the course, we go over two attack flow models or
frameworks: Lockheed Martin’s Cyber Kill Chain and the MITRE ATT&CK framework. Both of
these models represent the flows that attackers might follow in a given attack.

Attack Surface
The set of points on the boundary of a system, a system element, or an environment where an
attacker can try to enter, cause an effect on, or extract data from, that system, system element,
or environment.

Authentication
Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to
resources in an information system.

Authorization
Access privileges granted to a user, program, or process or the act of granting those privileges.

Availability
Ensuring timely and reliable access to and use of information.
 B

Bit
A binary digit having a value of 0 or 1.

Broadcast
Transmission to all devices in a network without any acknowledgment by the receivers.

Business Continuity
Per Wikipedia, business continuity is the capability of an organization to continue the delivery of
products or services at pre-defined acceptable levels following a disruptive incident.

Business Impact Analysis (BIA)

An analysis of an information system’s requirements, functions, and interdependencies used to
characterize system contingency requirements and priorities in the event of a significant
disruption.

Byte
A group of eight bits that is treated either as a single entity or as an array of 8 individual bits.

Certificate Authority
A trusted entity that issues and revokes public key certificates.

Ciphertext
Data in its encrypted form.

Cloud computing
A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of
configurable computing resources (e.g., networks, servers, storage, applications, and services)
that can be rapidly provisioned and released with minimal management effort or service provider
interaction.

Common Vulnerabilities and Exposures (CVE)

A dictionary of common names for publicly known information system vulnerabilities. Each one
is given a CVE designator, for example: CVE-2021-44228 (where 2021 is the year the CVE was
identified).

Community Cloud
The cloud infrastructure is provisioned for exclusive use by a specific community of consumers
from organizations that have shared concerns (e.g., mission, security requirements, policy, and
compliance considerations). It may be owned, managed, and operated by one or more of the
organizations in the community, a third party, or some combination of them, and it may exist on
or off premises.

Compliance
An organization's adherence to governing policies, regulations, standards, and guidelines.

Confidentiality
The ability to protect data so that unauthorized parties cannot view the data.

Cryptography
The discipline that embodies the principles, means, and methods for the transformation of data
in order to hide their semantic content, prevent their unauthorized use, or prevent their
undetected modification.

Cyber Kill Chain

Lockheed Martin’s attack flow model that includes Reconnaissance, Weaponization, Delivery,
Exploitation, Installation, Command and Control (C2), and Action on Objectives.

De-encapsulation
When data is transmitted across a network, data may be added at the beginning and end as
headers and footers to help with routing and other processes. That process is called
encapsulation. This data is also removed at certain points as the data travels through the layers
of the OSI Model. That process is referred to as de-encapsulation.

Defense-in-Depth
Per Microsoft, "The idea behind defense in depth is to manage risk by using diverse defensive
strategies. Layering security defenses in an application reduces the chance of a successful
attack."

Denial-of-Service/Distributed Denial of Service (DOS/DDoS)

Attacks that affect a site's or service's availability by sending too much data for a device to
process.

Digital Certificate
A digitally signed representation of information that 1) identifies the authority issuing it, 2)
identifies the subscriber, 3) identifies its valid operational period (date issued / expiration date).
In the information assurance (IA) community, certificate usually implies public key certificate and
can have the following types: A digital representation of information which at least (1) identifies
the certification authority (CA) issuing it, (2) names or identifies its subscriber, (3) contains the
subscriber’s public key, (4) identifies its operational period, and (5) is digitally signed by the
certification authority issuing it.

Disaster Recovery Plan

A written plan for recovering one or more information systems at an alternate facility in response
to a major hardware or software failure or destruction of facilities.

Discretionary Access Control

An access control policy that leaves a certain amount of access control to the discretion of the
object's owner, or anyone else who is authorized to control the object's access. The owner can
determine who should have access rights to an object and what those rights should be.

DMZ
A perimeter network or screened subnet separating an internal network that is more trusted
from an external network that is less trusted.

Domain Name System (DNS)

The system by which Internet domain names and addresses are tracked and regulated as
defined by IETF RFC 1034 and other related RFCs.

Dual Controls/Dual Authorization

The system of storage and handling designed to prohibit individual access to certain resources
by requiring the presence and actions of at least two authorized persons, each capable of
detecting incorrect or unauthorized security procedures with respect to the task being
performed.

Endpoint Detection and Response (EDR)

Per Wikipedia, EDR (also known as Endpoint Threat Detection and Response - EDTR) is a
cybersecurity technology that continually monitors an "endpoint" (e.g. mobile phone, laptop,
Internet-of-Things device) to detect and mitigate malicious cyber threats.

Encapsulation
When data is transmitted across a network, data may be added at the beginning and end as
headers and footers to help with routing and other processes. That process is called
encapsulation. This data is also removed at certain points as the data travels through the layers
of the OSI Model. That process is referred to as de-encapsulation.

Encryption
The cryptographic transformation of data to produce ciphertext.
Endpoint
Generally, any device that an end-user interacts with, such as desktops, laptops, mobile
phones, printers, tablets, Internet of Things devices, etc.

Family Educational Rights and Privacy Act (FERPA)

Text

File Transfer Protocol (FTP)

an Internet standard for transferring files over the Internet. FTP programs and utilities are used
to upload and download Web pages, graphics, and other files between local media and a
remote server that allows FTP access. A secure version is called SFTP.

Firewall
An inter-network connection device that restricts data communication traffic between two
connected networks. A firewall may be either an application installed on a general-purpose
computer or a dedicated platform (appliance), which forwards or rejects/drops packets on a
network. Typically firewalls are used to define zone borders. Firewalls generally have rules
restricting which ports are open.

Fragment Attack
In a fragment attack, a threat actor fragments data in such a way that a system is not able to put
the data packets back together again.

File Transfer Protocol Secure (FTPS)

Per Wikipedia, FTPS is an extension to the commonly used File Transfer Protocol (FTP) that
adds support for the Transport Layer Security (TLS) cryptographic protocol.

General Data Protection Regulation (GDPR)

Text will go here.

Governance
Per Wikipedia, corporate governance consists of the set of processes, customs, policies, laws
and institutions affecting the way people direct, administer or control an organization.

Gramm-Leach-Bliley Act (GLBA)

Per Wikipedia, this is an Act enacted in 1999 to enhance competition in the financial services
industry. It governs various things, but of particular interest for the field of cybersecurity, this act
governs privacy rules around disclosing nonpublic information and/or personally identifiable
information (PII). It requires financial institutions to inform consumers about information
collected about them and how it is shared, used, and protected.

Hardware
The material physical components of a system.

Hashing
A method of calculating a relatively unique output (called a hash digest) for an input of nearly
any size (a file, text, image, etc.) by applying a cryptographic hash function to the input data.

Health Insurance Portability and Accountability Act (HIPAA)

Per Wikipedia, this Act in the U.S. modernized the flow of healthcare information and stipulated
how personally identifiable information maintained by the healthcare and healthcare insurance
industries should be protected from fraud and theft.

Honeypot
A system (e.g., a web server) or system resource (e.g., a file on a server) that is designed to be
attractive to potential crackers and intruders, like honey is attractive to bears.

Hub
A common connection point for devices in a network. Hubs are commonly used to pass data
from one device (or segment) to another.

Hybrid Cloud
A cloud infrastructure that is a composition of two or more distinct cloud infrastructures (private,
community, or public) that remain unique entities but are bound together by standardized or
proprietary technology that enables data and application portability (e.g., cloud bursting for
load-balancing between clouds).

Hypertext Transfer Protocol (HTTP)

Per Wikipedia, this protocol provides the foundation of all data communications on the World
Wide Web, where a request-response model allows a web user to request something from a
web server, which provides resources like HTML files and other multimedia files.

Identification
The process of verifying the identity of a user, process, or device, usually as a prerequisite for
granting access to resources in an IT system.
Incident Response
Per NIST SP 800-61, incident response is rapidly detecting incidents, minimizing loss and
destruction, mitigating the weaknesses that were exploited, and restoring IT services.

Indicator of Compromise
Per Wikipedia, an artifact observed on a network or in an operating system that, with high
confidence, indicates a computer intrusion.

Infrastructure as a Service (IaaS)

In this cloud service model, the capability provided to the consumer is to provision processing,
storage, networks, and other fundamental computing resources where the consumer is able to
deploy and run arbitrary software, which can include operating systems and applications. The
consumer does not manage or control the underlying cloud infrastructure but has control over
operating systems, storage, and deployed applications; and possibly limited control of select
networking components (e.g., host firewalls).

Insider Threat
The threat that an insider will use her/his authorized access, wittingly or unwittingly, to do harm
to the security of the organization and/or its systems.

Integrity
Guarding against improper information modification or destruction, and includes ensuring
information non-repudiation and authenticity.

Internet Control Message Protocol (ICMP)

In Internet communications, this protocol provides status and error messages about whether a
host or service is available. For example, if you try to navigate to a website and it is not
available, this protocol is used to communicate that status. It is not used for actually transmitting
data the way that TCP and UDP are.

Internet Message Access Protocol (IMAP)

Per Wikipedia, this protocol is the set of standards used by email clients to retrieve email
messages from a mail server.

Internet Protocol (IP)

Per Wikipedia, the Internet Protocol (IP) is the set of rules used for relaying datagrams across
network boundaries and properly routing and delivering packets from a source host to a
destination. IPv4 has been the dominant version; however, since 2006, IPv6 has begun to
replace it and provide more available addresses, as well as better security and quality.
Intrusion Detection System (IDS)
A system which detects attacks by capturing and analyzing network packets. Listening on a
network segment or switch, one network-based IDS can monitor the network traffic affecting
multiple hosts that are connected to the network segment.

IP Address
Per Wikipedia, an IP address is a numerical label such as 192.0.2.1 that is connected to a
computer network that uses the Internet Protocol for communication. An IP address serves two
main functions: network interface identification and location addressing.

Intrusion Prevention System (IPS)

A system that can detect an intrusive activity and can also attempt to stop the activity, ideally
before it reaches its targets.

ISO/IEC 27001
Per Wikipedia, this is an international standard on how to manage information security. It was
published jointly by the International Organization for Standardization (ISO) and the
International Electrotechnical Commission (IEC). It details requirements for establishing,
implementing, maintaining and continually improving an information security management
system (ISMS) – the aim of which is to help organizations make the information assets they hold
more secure.

Lightweight Directory Access Protocol (LDAP)

Per Wikipedia, this protocol provides the standard for maintaining directory information services
on a network to provide information about users, systems, networks, services, and applications
that are available on a network. LDAP Secure (LDAPS) is the secure (encrypted) version of this
protocol.

Likelihood
A weighted factor based on a subjective analysis of the probability that a given threat is capable
of exploiting a given vulnerability or a set of vulnerabilities.

Man in the Middle

An attack where the adversary positions himself in between the user and the system so that he
can intercept and alter data traveling between them.
Mantrap
Per Wikipedia, a mantrap (or man trap) is is a physical security access control system
comprising a small space with two sets of interlocking doors, such that the first set of doors must
close before the second set opens.

Mandatory Access Control

An access control policy where access decisions are made by a central authority, not by the
individual owner of an object.

MITRE ATT&CK Framework

A framework maintained by the MITRE Corporation that details Adversarial Tactics, Techniques
& Common Knowledge to describe how cybersecurity threat actors conduct attacks.

Multi-factor Authentication (MFA)

An authentication process that requires more than one of the following to authenticate a user:
Something the user knows (like a password), something the user has (like a token or similar
device), and/or something the user is (biometrics).

Need to Know
Decision made by an authorized holder of official information that a prospective recipient
requires access to specific official information to carry out official duties.

Network
A system implemented with a collection of interconnected components. Such components may
include routers, hubs, cabling, telecommunications controllers, key distribution centers, and
technical control devices.

Network File System (NFS)

Per Wikipedia, this is a distributed file system protocol that allows a user to access files over a
network. NFS v4 provides robust security.

Network Time Protocol (NTP)

Per Wikipedia, this protocol provides the rules and standards for clock synchronization between
computer systems.

Non-Repudiation
Assurance that the sender of information is provided with proof of delivery and the recipient is
provided with proof of the sender’s identity, so neither can later deny having processed the
information.
 O

Oversized Packet Attack

An attack where a threat actor sends a network packet that is larger than expected or larger
than the receiving system can handle. This can be a type of Denial of Service attack.

Packet
The logical unit of network communications produced by the transport layer.

Payload
Consists of the information passed down from the previous layer.

Payment Card Industry Data Security Standard (PCI DSS)

An information security standard administered by the Payment Card Industry Security
Standards Council that is for organizations that handle branded credit cards from the major card
schemes.

Personally Identifiable Information

Information that can be used to distinguish or trace an individual’s identity—such as name,
social security number, biometric data records—either alone or when combined with other
personal or identifying information that is linked or linkable to a specific individual (e.g., date and
place of birth, mother’s maiden name, etc.).

Phishing
A technique for attempting to acquire sensitive data, such as bank account numbers, through a
fraudulent solicitation in email or on a website, in which the perpetrator masquerades as a
legitimate business or reputable person.

Plaintext
Data that has not been encrypted; intelligible data that has meaning and can be understood
without the application of decryption.

Platform as a Service (PaaS)

A cloud service model where the capability provided to the consumer is to deploy onto the cloud
infrastructure consumer-created or acquired applications created using programming
languages, libraries, services, and tools supported by the provider. The consumer does not
manage or control the underlying cloud infrastructure including network, servers, operating
systems, or storage, but has control over the deployed applications and possibly configuration
settings for the application-hosting environment.
Principle of Least Privilege
The principle that a security architecture should be designed so that each entity is granted the
minimum system resources and authorizations that the entity needs to perform its function.

Private Cloud
The cloud infrastructure is provisioned for exclusive use by a single organization comprising
multiple consumers (e.g., business units). It may be owned, managed, and operated by the
organization, a third party, or some combination of them, and it may exist on or off premises.

Privilege Escalation
The exploitation of a bug or flaw that allows for a higher privilege level than what would normally
be permitted.

Protocol
A set of rules (i.e., regarding formats and procedures) to implement and control some type of
association (e.g., communication) between systems.

Public Cloud
In this cloud deployment model, the cloud infrastructure is provisioned for open use by the
general public. It may be owned, managed, and operated by a business, academic, or
government organization, or some combination of them. It exists on the premises of the cloud
provider.

Remote Code Execution

In a Remote Code Execution (RCE) attack, a threat actor will have already gained access to a
target machine (possibly through phishing or another form of social engineering), and then the
attacker will remotely launch some sort of code, such as malware or even already existing code
on the target network, to perform some sort of malicious activity.

Recovery Point Objective (RPO)

The point in time to which data must be recovered after an outage. Another way of looking at
this is that it relates to how often you should create backups of your data because if a disaster
should hit between backups, this would be the amount of data you would lose. Perhaps your
backups are created every five hours. If you were to lose five hours of data, would that be
acceptable for your business or would that be too great of a loss? When you are planning for a
disaster, you need to assess this and make changes to your backup processes accordingly.
Recovery Time Objective (RTO)
The overall length of time an information system’s components can be in the recovery phase
before negatively impacting the organization’s mission or mission/business processes. Another
way of looking at this is that it is the amount of time in which you need to restore systems after a
disaster in order to avoid an unacceptable situation for the business.

Risk Management
The process of managing risks to organizational operations (including mission, functions, image,
or reputation), organizational assets, or individuals resulting from the operation of an information
system, and includes: (i) the conduct of a risk assessment; (ii) the implementation of a risk
mitigation strategy; and (iii) employment of techniques and procedures for the continuous
monitoring of the security state of the information system.

Role-Based Access Control (RBAC)

An authorization system built on Azure Resource Manager that is used to provide granular
access to Azure resources based on roles. It uses three elements: security principal, role
definition, and scope.

Router
A computer that is a gateway between two networks at OSI layer 3 and that relays and directs
data packets through that inter-network. The most common form of router operates on IP
packets.

Sarbanes-Oxley Act (SOX)

Per Wikipedia, this is an act of the U.S. that places requirements on all U.S. public company
boards of directors and management and public accounting firms. A number of provisions of the
Act also apply to privately held companies, such as the willful destruction of evidence to impede
a federal investigation.

Secure Shell (SSH)

Per Wikipedia, SSH is a cryptographic network protocol used for secure remote login and
command-line execution. Its non-secure counterpart is Telnet.

Security Control
A safeguard or countermeasure prescribed for an information system or an organization
designed to protect the confidentiality, integrity, and availability of its information and to meet a
set of defined security requirements.

Security Education, Training, and Awareness (SETA)

There is no official definition for this, but just be aware that it refers to the security training and
awareness that an organization provides for its employees. It includes everything from formal
classroom training to online training modules and posters and reminders placed throughout the
workplace.

Security Information and Event Management (SIEM)

Per Wikipedia, a SIEM includes software products and services that combine security
information management (SIM) and security event management (SEM). They provide real-time
analysis of security alerts generated by applications and network hardware.

Security Orchestration Automation and Response (SOAR)

According to TechTarget, a SOAR combines various software tools that enable an organization
to collect data about security threats and respond to security events without human assistance.
A SOAR platform has three main components: orchestration, automation, and response.

Segmentation
A network security strategy that breaks a network down into smaller LANs with firewalls at each
connection point to ensure that each LAN remains secure.

Segregation of Duties
Also known as Separation of Duties, this phrase refers to the principle that no user should be
given enough privileges to misuse the system on their own. For example, the person authorizing
a paycheck should not also be the one who can prepare them. Separation of duties can be
enforced either statically (by defining conflicting roles, i.e., roles which cannot be executed by
the same user) or dynamically (by enforcing the control at access time).

Server
A computer or device on a network that manages network resources. Examples include file
servers (to store files), print servers (to manage one or more printers), network servers (to
manage network traffic), and database servers (to process database queries).

Server Message Block (SMB)

Per Wikipedia, this protocol is the standard for sharing access to files and printers across nodes
on a network. Another protocol that is able to do the same thing but in a secure manner is
Network File System (NFS).

Security File Transfer Protocol (SFTP)

Per Wikipedia, SFTP is a network protocol that provides file access, file transfer, and file
management over any reliable data stream. It was designed by the Internet Engineering Task
Force (IETF) as an extension of the Secure Shell protocol (SSH) version 2.0 to provide secure
file transfer capabilities.

Side-Channel Attack
An attack enabled by leakage of information from a physical cryptosystem. Characteristics that
could be exploited in a side-channel attack include timing, power consumption, and
electromagnetic and acoustic emissions.
Simple Mail Transport Protocol (SMTP)
The primary protocol used to send electronic mail messages on the Internet.

Simple Network Management Protocol (SNMP)

Per Wikipedia, this is a standard for collecting and organizing information related to network
management and monitoring.

Software
Computer programs and associated data that can be dynamically written and modified during
execution.

Software as a Service (SaaS)

A cloud service model where the capability provided to the consumer is to use the provider’s
applications running on a cloud infrastructure. The applications are accessible from various
client devices through either a thin client interface, such as a web browser (e.g., web-based
email), or a program interface. The consumer does not manage or control the underlying cloud
infrastructure including network, servers, operating systems, storage, or even individual
application capabilities, with the possible exception of limited user-specific application
configuration settings.

Spoofing
The deliberate inducement of a user or resource to take incorrect action. Note: Impersonating,
masquerading, piggybacking, and mimicking are forms of spoofing. A specific example of
spoofing is where a threat actor fakes the sending address of transmission to gain illegal entry
into a secure system.

SQL Injection
A type of attack that exploits websites that allow the attacker to pass malicious and
insufficiently-evaluated user input to database back-ends.

Switch
A device that channels incoming data from any of multiple input ports to the specific output port
that will take the data toward its intended destination.

Symmetric Encryption
The use of encryption algorithms using the same secret key for encryption and decryption.

T
Telnet
Per Wikipedia, Telnet is an application protocol used for text-based communication with a
remote host.

Threat Actor
An individual or a group posing a threat.

Transmission Control Protocol (TCP)

Per Wikipedia, the Transmission Control Protocol (TCP) is the set of rules used to establish a
connection between a client and server before data can be sent. It involves a three-way
handshake to establish that connection, and it also involves error-checking to ensure the
connection is good. These measures add to the reliability of this protocol but also add latency.

Transmission Control Protocol/Internet Protocol (TCP/IP) Model

This is a network model with four layers: link, internet, transport, and application. Used together,
these layers use a suite of protocols to pass data through the layers in a particular order when a
user sends information and then again in reverse order when the data is received. The main
protocols used are the TCP (Transmission Control Protocol), IP (Internet Protocol), and UDP
(User Datagram Protocol). The TCP/IP Model predates the OSI Model, which uses seven layers
to describe this network communication process.

Trojan
A useful or seemingly useful program that contains hidden code of a malicious nature that
executes when the program is invoked. Often, it contains a backdoor that allows the threat actor
to gain access after it is installed.

User Datagram Protocol

Per Wikipedia, the User Datagram Protocol (UDP), is the set of rules used to create
connectionless communication for the purposes of sending datagrams to other hosts on an IP
network. Unlike TCP, it does not involve a handshake to establish a connection; however, it
does provide checksums for data integrity and port numbers for addressing. UDP is used in
cases where error checking and connections are unnecessary and time sensitivity is of utmost
importance.

Virus
A computer program that can copy itself and infect a computer without permission or knowledge
of the user. A virus might corrupt or delete data on a computer, use e-mail programs to spread
itself to other computers, or even erase everything on a hard disk.
VLAN
A Virtual Local Area Network is a logical group of workstations, servers, and network devices. It
is partitioned and isolated within a network at the data link layer. A single physical local area
network (LAN) can be logically partitioned into multiple, independent VLANs; a group of devices
on one or more physical LANs can be configured to communicate within the same VLAN, as if
they were attached to the same physical LAN.

VPN
A Virtual Private Network is built on top of existing networks that can provide a secure
communications mechanism for transmission between networks.

Vulnerability
Weakness in an information system, system security procedures, internal controls, or
implementation that could be exploited or triggered by a threat source.

Web Shell
Per Wikipedia, a web shell is a shell-like interface that enables a web server to be remotely
accessed, often for the purposes of cyberattacks. A web shell is unique in that a web browser is
used to interact with it.

WLAN
A wireless area network is a group of computers and devices that are located in the same
vicinity, forming a network based on radio transmissions rather than wired connections. A Wi-Fi
network is a type of WLAN.

Worm
A computer program that can run independently, can propagate a complete working version of
itself onto other hosts on a network, and may consume computer resources destructively.

Zero Day Attack

An attack that exploits a previously unknown hardware, firmware, or software vulnerability.

Zero Trust
A model based on removing the design belief that the network has any trusted space. Security
is managed at each possible level, representing the most granular asset. Microsegmentation of
workloads is a tool of this model.