Glossary

A sophisticated long-term cyberattack in which an unauthorized user gains network access and remains undetected for an extended period.

A comprehensive catalog of all hardware, software, and data assets within an organization's environment, essential for effective cybersecurity management.

Official government approval allowing an information system to operate within a defined environment, based on accepted risk.

A globally-accessible knowledge base of adversary tactics and techniques based on real-world observations, used for threat modeling and detection engineering.

Security technology that establishes baselines of normal user and entity behavior, then detects anomalies that may indicate compromised accounts or insider threats.

The internal security team responsible for defending an organization's systems, networks, and data against cyber threats and attack simulations.

The process of creating systems and procedures to ensure critical business functions continue during and after a disaster or major disruption.

Automated tools and practices that continuously monitor cloud infrastructure configurations to identify and remediate security risks and compliance violations.

A DoD framework requiring defense contractors to meet specific cybersecurity standards before being awarded federal contracts.

Commercially available hardware or software that can be purchased and deployed without custom development, enabling faster deployment and easier maintenance.

U.S. military teams trained to defend DoD networks, conduct vulnerability assessments, and respond to cyber incidents on priority systems.

An automated attack that uses stolen username and password combinations to gain unauthorized access to user accounts across multiple services.

A framework developed by Lockheed Martin that describes the stages of a cyberattack from reconnaissance through actions on objectives, used to identify and disrupt attacks.

A MITRE framework that maps defensive cybersecurity techniques to known attack patterns, complementing ATT&CK for blue team operations.

A database is an organized collection of data that can be easily accessed, managed, and updated. It is used to store information in a structured way, allowing for efficient retrieval and manipulation of data.

Security technology and policies that detect and prevent unauthorized access, use, or transmission of sensitive data outside an organization's network.

The integration of security practices into every phase of the software development lifecycle, ensuring code is secure, compliant, and production-ready by default.

The process of collecting, preserving, analyzing, and presenting digital evidence from computers, networks, and storage devices in support of investigations.

The system that translates domain names into IP addresses.

A programming interface for web documents.

Security technology that continuously monitors endpoints to detect, investigate, and respond to advanced threats in real time.

Comprehensive security software deployed on endpoints to prevent, detect, and respond to malware, exploits, and other cyber threats.

A piece of software or technique that takes advantage of a vulnerability in a system to cause unintended behavior or gain unauthorized access.

A U.S. government program providing a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

A network security device or software that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

U.S. federal legislation that defines a comprehensive framework for protecting government information, operations, and assets against natural and man-made threats.

Client-side development focused on what users see and interact with.

The process of receiving, packaging, and shipping orders for goods.

A developer proficient in both front-end and back-end development.

The essential literacy and numeracy skills that apprentices need to succeed in their chosen field (reading, writing, comprehension, computer skills, among others).

A network node that connects two different networks and allows data to flow between them.

A decoy system or network designed to attract and detect unauthorized access attempts, providing intelligence on attacker techniques and behavior.

Specialized systems used to monitor and control physical infrastructure and industrial processes, increasingly targeted by sophisticated cyber threats.

The framework of policies and technologies that ensures the right individuals access the right resources at the right times and for the right reasons.

A structured methodology for detecting, containing, and recovering from security breaches to minimize damage and restore normal operations quickly.

The techniques attackers use to progressively move through a network after initial compromise, seeking higher-value targets and expanding their access.

Malicious software designed to disrupt, damage, or gain unauthorized access to computer systems, including viruses, ransomware, trojans, and spyware.

The average time required to detect and contain a security incident — a key KPI for measuring SOC efficiency and operational maturity.

A security mechanism requiring users to verify their identity using two or more independent factors before gaining access to a system or application.

The practice of dividing a computer network into smaller subnetworks to improve security and limit the spread of breaches within an organization's environment.

A catalog of security and privacy controls published by NIST for federal information systems, widely used as a compliance baseline for government and enterprise environments.

The collection and analysis of information from publicly available sources to support threat intelligence, investigations, and security assessments.

Hardware and software that monitors and controls physical devices, processes, and events in industrial and critical infrastructure environments.

The systematic process of identifying, acquiring, testing, and applying software updates to fix vulnerabilities and improve system security and stability.

A simulated cyberattack conducted by authorized professionals to identify vulnerabilities in systems, networks, and applications before real attackers do.

A social engineering attack that uses deceptive emails, messages, or websites to trick users into revealing credentials, downloading malware, or transferring funds.

Security solutions that manage, monitor, and control elevated access rights for users, accounts, and systems across an IT environment.

Malicious software that encrypts a victim's data or locks systems and demands payment for restoration, representing one of the most damaging cyber threats today.

An independent group that simulates real-world adversary tactics to test and improve an organization's detection and response capabilities.

A structured NIST process for integrating security, privacy, and cyber supply chain risk management into the system development lifecycle.

Educational programs designed to help employees recognize, avoid, and report cybersecurity threats including phishing, social engineering, and policy violations.

A centralized team and facility that continuously monitors, detects, analyzes, and responds to cybersecurity incidents across an organization's environment.

A platform that aggregates and analyzes security data from across an organization's environment to detect threats and generate alerts in real time.

Technology that automates security workflows, orchestrates tools, and accelerates incident response — transforming manual SOC tasks into intelligent, repeatable processes.

Technology that automates security workflows, orchestrates tools, and accelerates incident response — transforming manual SOC tasks into intelligent, repeatable processes.

The practice of identifying and mitigating cybersecurity risks introduced through an organization's vendors, suppliers, software dependencies, and third-party services.

A proactive security practice where analysts actively search for hidden threats and adversaries within an organization's environment before alerts are triggered.

Actionable information about cyber threats, threat actors, and their tactics, techniques, and procedures, used to inform and improve defensive security decisions.

The behavior patterns and methods used by threat actors to plan and execute cyberattacks, used to build threat-informed defenses.

The continuous practice of identifying, classifying, prioritizing, remediating, and mitigating vulnerabilities across an organization's technology environment.

Automated identification and analysis of security weaknesses in systems, networks, and applications to prioritize remediation efforts.

A security solution that monitors, filters, and blocks HTTP traffic to and from web applications, protecting against application-layer attacks.

A security model based on the principle of never trust always verify — requiring continuous authentication and authorization for every user device and connection regardless of location.