Key Terms

Key Terms

access control

process of regulating the people and devices that can use a computer system’s resources

adaptability

ability to change or modify the current system to meet the needs of a different industry requirement

advanced persistent threat (APT)

intruder or group of intruders infiltrate a system and remain undetected while leaving the networks and systems intact, allowing the intruder to spy on business activity and steal sensitive data while remaining undetected

affordability

ability to create a system that is cost-efficient, not only monetarily but also with resource usage

anonymity

being able to interact on the Internet, even publicly, while concealing your identity

application security

provides processes that help protect applications operating on-premises and in the cloud

autonomous system

system that can operate with limited human control

composability

ability to incorporate services within applications

container

lightweight package that bundles together applications to form a solution to specific problems

critical infrastructure

network of utilities, roadways, railroads, and buildings necessary to support our transportation, commerce, and other systems vital to sustain daily life

cyber economics

sectors of the economy driven by digital information and the need for cybersecurity

cybersecurity

policies, procedures, technology, and other tools, including people on which organizations rely to protect their computer systems and information systems environments from digital threats

cybersecurity assurance

confidence that every effort is made to protect IT solutions against undesirable use

data security platform

automates the proactive protection of information via monitoring and detecting data vulnerabilities and risks across multiple environments, including hybrid and multicloud platforms

distributed denial-of-service (DDoS) attack

overloading a server with traffic in an attempt to crash a server, website, or network; usually occurs from multiple coordinated systems

evolvability

ability to adapt the system to new standards and practices

extensibility

ability to modify the system to include new requirements or remove old requirements that are no longer needed

identity and access management (IAM)

roles and access privileges for each user, as well as the conditions under which they are granted or denied their privileges

identity theft

illegal possession and use of an individual’s PII

ilities

“abilities” of architectural properties

industrial espionage

process of spying on an organization to steal trade secrets

information security

protecting the data, digital files, and other information maintained in a system

infrastructure security

practices for protecting the computer systems, networks, and other assets that society relies upon for national security, economic health, and/or public safety

insider threat

threat posed by current or former employees, partners, or contractors who misuse their access; can also include vulnerabilities intentionally created by programmers as malware

interoperability

ability for two or more computers or processes to work together

malware

malicious software variants—such as viruses, worms, Trojans, spyware, and botnets—that provide unauthorized access or cause damage to a computer

man-in-the-middle

eavesdropping attack that allows cybercriminals to intercept communications between two parties in order to steal data, often on unsecured Wi-Fi networks

nanotechnology

studies and manipulates atoms and molecules to support advancements in energy, medicine, and other fields

network security

security measures for protecting a computer network from intruders, including both wired and wireless (Wi-Fi) connections

nomadicity

ability to work in a self-contained environment or the ability to move the system from location to location, when system location is a requirement

non-repudiation

proof of the origin, authenticity, and integrity of data

Open Web Application Security Project (OWASP)

launched in 2001 with the purpose of securing web applications

password

secret string of characters used to gain entry into a system

phishing

form of social engineering that tricks users into providing personal information through fake emails or text messages posing as legitimate companies

privacy

process of keeping your actions online concealed from the public, such as messages intended only for certain individuals

ransomware

malware that encrypts data and demands a ransom to unlock or prevent data exposure

reliability

ability of the system to perform as needed and to specification

responsible computing

systemic approach addressing current and future challenges in computing, including sustainability, ethics, and professionalism

scalability

ability to enhance or retract system requirements for the number of users involved in the system

security information and event management (SIEM)

practice that focuses proactively on the automated detection and remediation of suspicious user activities based on the analysis of security events

software security

manner through which software safeguards system resources, including data, to provide access to only authorized users

supersociety

environment that is technologically rich

survivability

ability to survive an attack or disruption of service within a system

tailorability

ability to customize the system for the needs of the users or industry

Technical Reference Model (TRM)

framework that details the technologies and standards used to develop a system and deliver services

understandability

(also: learning curve) ability of the system to be used

virtual local area networks (VLANs)

virtual local area networks that connect devices and nodes from various LANs

walled garden approach

limits openness and prevents users from having access to a platform; conflicts with the intentions of the Open Web Platform

zero-knowledge proof (ZKP)

cryptographic system that functions as a useful tool to protect privacy