Threat Actors
An unskilled or amateur individual who uses scripts or programs developed by others for malicious purposes.
Script Kiddie
A flaw or weakness capable of being exploited by a threat actor.
Vulnerability
Information or data that can be used to uncover an individual's identity.
Personally Identifiable Information (PII)
The fraudulent practice of sending emails or other messages in order to induce the recipient to reveal personal information, such as passwords, credit card information, etc.
Phishing
Network security device that monitors and filters incoming and outgoing network traffic based on defined rules.
Firewall
Individuals who commit cyber crimes for enjoyment or because they enjoy the challenge.
Thrill Seekers
The combination of the likelihood that a vulnerability will be exploited and the severity of the consequences, if the vulnerability is successfully exploited.
Risk
Material or information pertaining to a company's products, business or activities.
Proprietary Information
An attack in which files on a device or network are encrypted and the attackers demand money to reveal the decryption key.
Ransomware
Software that scans a device's files and network activity to detect malicious files and/or behavior.
Anti Virus Software
Hackers or groups that commit cyber crimes to advance politically motivated agendas.
Hacktivists
The sum of all possible points or vectors that an attacker can attempt to exploit to gain unauthorized access to a network.
Attack Surface
Information or data related to a company's financial activities and/or information pertaining to the financial health of a company.
Financial Data
A malicious file that is disguised as a legitimate program (i.e. a program that claims to be anti-malware software, but is actually a malicious program).
Trojan Horse
A mechanism for creating a secure connection between a computing device and a network or between multiple networks over an insecure medium (i.e. the public internet).
Virtual Private Network (VPN)
An individual who is an employee or otherwise has access to an organization's resources who uses their knowledge and access to steal data, plant malware or otherwise harm an organization.
Insider Threat
A vulnerability that is discovered or disclosed, but that is not yet patched, requiring intermediate solutions until the vulnerability can be officially corrected.
Zero Day Vulnerability
Information provided or made accessible to an organization or entity by another organization or entity that must be protected by the receiving entity.
Third Party Data
An attack in which a trusted, third-party vendor is compromised who offers services, software or material to the targeted organization.
Supply Chain Attack
The process of encoding information in such a way that it is unreadable by unauthorized parties.
Encryption
State-sponsored groups that are well funded and perform some of the most sophisticated and clandestine cyber attacks.
Nation States or Advanced Persistent Threats
The use of hardware or software by a department or individual without the knowledge or authorization of IT and Security.
Shadow IT
Any information about health status, provisioning of health care or payment for health care that is created or collected by a Covered Entity and can be linked to a specific individual.
Protected Health Information (PHI)
A web-based attack in which a user's browsing session is hijacked or eavesdropped on by an attacker who compromises or predicts a user's session token.
Session Hijacking
The evaluation of information and context to come to a measured conclusion and identify unusual activity.
Human Judgment