Software programs that use AI techniques to achieve specific goals. This includes Generative AI such as ChatGPT, Copilot, and DALL-E’

Someone who tries to steal information or exploit computer systems and networks maliciously. These cybercriminals operate outside the rules with the intent of doing damage or nabbing information.

Using physical characterstics (either finger print or facial features) as a security method to enforce access control.

Bots are automated software programs to perform certain tasks like customer service and web search. However, Bad Actors often utilize bots to spread viruses, steal personal information, or control another computer system.

This sophisticated hack targets email communication within organizations. When successful, BEC can lead to financial losses, reputational damage, and compromised sensitive information.

Security method which uses digital certificates to verify users' identity and enforce access control. Think of it as a "Virtual ID Card" that contains information about its user, either granting or preventing access to certain networks or programs.

Exeuctive within a company who is responsible for the organization's Information Security policies, strategies, risk management, training, ad incident response planning. The CISO plays a crucial role within an organization, helping safeguard assets and personal information of its organization and employees while maintaining strong security culture.

System of remote servers which facilitates the storage, management, and processing of data on the internet rather than locally on a device. The cloud allows users to access their resources and apps from anywhere with an internet connection as opposed to only on their native devices.

Cookies are pieces of data stored on a user's device by a web browser while using a site, eventually creating a"trail of crumbs" which details your browsing history and is used by sites to enhance your experience by personalizing ads, remembering preferences, and retaining history like online cart items. It is important to be aware when your cookies are being tracked - websites must ask for your consent before doing so!

Malicious software designed specifically to facilitate criminal activity

This refers to the essentual systems which are crucial for our nation's secrutiy, economy, public health, and safety. They are the necessary functions of a proper society (including energy, transportation, utilities, healthcare, communications, banking, etc.), meaning the privacy and security of their data is paramount. Protecting CNI is essential for the security of our nation, making it one of our key focuses.

The practice of protecting private information, computer systems, and device networks from unauthorized access which could result in damages or theft of information. These practices involve the application of various technologies, processes, and security measures to defend against a world of threats to your data.

Data brokers are organizations or individuals that collect, analyze, and see personal information about consumers to other organizations (often without the data owner's consent). Sometimes this data includes Personally Identifiable Information (PII) like phone numbers and demographics, but can also include other info such as purchasing habits and general online behavior.

Data governance is the management framework for a database or other data strcutrue which establishes standards and processes to ensure data integrity, security, and availability within an organization. Within the domain of cybersecurity, it is necessary for protecting sensitive information and compliance with legal requirements.

This principle encourages organizations to collect/retain only data which is necessary for a specific purpose or goal. Data minimization aims to reduce the amount of sensitive information that could be exposed in a data breach, creating a more secure environment. Addition by subtraction!

Data mining is the process of contextualizing very large sets of data (a.k.a. "Big Data") to uncover trends, patterns, and other insights into market tendencies. In the context of our mission, data mining aids in extracting useful information from security-related data sets to improve processes in threat detection, incident response, and overall security measures.

Information that has been processed to hide personal identifiers , making it more difficult to be traced back to an individual. This allows organizations to protect sensitive PII.

Decryption is the process of un-scrambling encrypted data and reverting it back to its readable (original) format. For cybersecurity experts, it is a crtical function which enables certain authorized users to access and comprehend dats which has been secured via encryption.

Comparable to "Cyber Vandalism," defacement is when an unauthorized bad actor alters an existing web page to change its visual appearance and/or content. It is often done by exploiting vulnerabilities in a website's security and is done with the intention of making an organization's website inaccessible to either slander the organzation or compromise information.

Type of cyberattack in which an attackr overloads a server, webite, or network with traffic requests in an attempt to prevent access to said system.

Electronic form containing a public key with information on a user which is used to confirm the identity of a person or device during online transactions.

Like the internet's address book, it ensures users reach the correct websites when visiting a URL. DNS is often the target of spoofing attempts, which redirect users to malicious sites.

A method of scrambling data to make it unreadable. Only someone/something with a decryption key can read the data in this format, keeping sensitive information protected.

Wired internet connection to more quickly transmit data. Ethernet is more secure than wireless connection, as physical cables make unauthorized access more difficult.

Security tool that monitors incoming and outgoing network traffic, flagging and preventing unauthorized access. It acts as a virtual barrier, only allowing trusted data through and blocking harmful connections.

This is a type of cyber attack in which a network is overwhelmed wih excessive traffic with the intent of slowing down or crashing services. It is often used in Denial of Service (DDoS) attacks.

Access points between networks which help manage traffic, exchange data, and filter potential threats.

An encryption which secures your access to a website. It protects the data exchanged between your browser and a site.

Like your home address on the internet - it's a unique string of numbers attached to device. This helps networks track suspicious activity.

When a bad actor pretends to be an authorized user to gain access to sensitive information. The attacker attempts to bypass security measures by "masquerading" as an authorized user.

A method of irreversibly encrypting data - it is ideal for storing sensitive information as it prevents data from being readble, even if it were to be access by unauthorized users.

Think of this as a "unit" of data which is sent across or between networks. Packets are often monitored for unauthorized access or suspicious traffic patterns.

A type of cyberattack that redirects users from legitimate websites to a malicious one.

Intermediary server between devices and the internet which handles a user's requests. Proxy servers enhance security and privacy measures by masking your IP address and filtering traffic to block access to harmful websites.

The process of identifying, analyzing, and evaluating potential security risks to an organization. Understanding these risks is crucial for firms in developing strategies to protect their sensitive information.

A security approach in which users are granted access permissions based on their role within an organization. RBAC is critical in making sure information is only accessed by those with proper authorization.

A type of malicious software that is planted on a device and allows bad actors to control the system undetected. Rootkits are dangerous as they can conceal other malware, making them even more difficult to detect.

A psychological disposition people have towards making an evaluative judgment about security (i.e., the way we think or feel about it). For reporting attitudes, we used 5- and 10-point Likert scales (e.g., “strongly disagree” to “strongly agree”) to examine positive and negative views people hold about particular security topics.

Online accounts holding identity, location, and payment information (e.g., payment-related sites, social media accounts, and work accounts)

A system which provides services and/or data to "clients" over a network. Servers often store sensitive information and handle many connections, making them a prime target for cyber attacks.

A manipulative strategy in which bad actors trick users into revealing sensitive information or granting unauthorized access to a system. Social Engineering often involves impersonation or other forms of persuasion to bypass security without directly attacking a network.

Most commonly observed with websites, spoofing is the impersonation of a legitimate entity to trick users into disclosing sensitive information. Always make sure to hover over a URL before visiting the website!

Technique used by attackers to hide malicious software or suspicious activity from being detected. Bad pose a major threat by operating undetected while infiltrating a system.

The altering of data, devices, or systems without authorized permission to manipulate information. It compromises Data Integrity and reliability of data systems.

Any individual or group that serves as a potential cybersecurity risk. They can range from cybercriminals/hackers to state-sponsored groups with varying motives to carry out attacks.

A type of malicious software that disguises itself as a legitimate program, deceiving users into installing it. Once activated, Trojan Horse software can grant access to unauthorized threat actors.

A type of malware that replicates itself and spreads accross networks without needing to "attach" to a host file/program. Worms, like digital parasites, can cause damage by consuming bandwidth and exploiting vulnerabilities to infect devices within a network.

This refers to any security flaw in software that is unknown to the vendor. These vulnerabilities are particularly dangerous as attackers can exploit them before protective measures are implemented.