Glossary of Identity and Cybersecurity Terms

IDWise Logo

Explore the definitions of commonly used identity and cybersecurity terms.


Active Attack (noun). An actual assault performed by an intentional threat source that attempts to alter a system, its resources, its data, or its operations.

Active Content (noun). Software that is able to automatically carry out or trigger actions without the explicit intervention of a user.

Alert (noun). A notification that an attack on an organization's information systems has been detected.

Anti Spyware Software (noun). A program that specializes in detecting, blocking, and removing forms of spyware.

Antivirus Software (noun). A program that monitors a computer or network to detect or identify major types of malicious code and prevent or contain malware incidents by removing or neutralizing the malicious code.

Asset (noun). A resource that has value; can refer to people, relationships, or reputations, as well as facilities, materials, processes, or information.

Attack (noun). An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity.

Authentication (noun). The process of verifying the identity or other attributes of an entity (user, process, or device).

Authenticity (noun). A property, achieved through cryptographic methods, of being genuine and being able to be verified and trusted, resulting in confidence in the validity of a transmission, information or message, or sender of information or a message.

Authorization (noun). A process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource.


Behavior Monitoring (noun). Observing the activities of users, information systems, and processes and measuring those activities against baselines of normal activity, thresholds, and trends, as well as organizational policies and rules.

Blacklist (noun). A list of entities that are blocked or denied privileges or access.

Bot (noun). A computer connected to the Internet that has been surreptitiously compromised to perform activities under the command and control of a remote administrator.

Botnet (noun). A collection of computers compromised by malicious code and controlled across a network without the owners' knowledge or consent.

Bug (noun). An unexpected and relatively small defect, fault, flaw, or imperfection in an information system or device.


Ciphertext (noun). Data or information in its encrypted form.

Cloud Computing (noun). The practice of using a network of remote servers hosted on the Internet to allow centralized data storage and online access to computer services or resources.

Computer Network Defense (noun). The actions taken to defend against unauthorized activity within computer networks.

Confidentiality (noun). The principle that PII will not be shared unless authorization to do so has been granted.

CRA (noun). Credit reporting agency; the three largest in the US are Experian, Equifax and Transunion. CRA's maintain historical information pertaining to credit experience on individuals or businesses. They collect data from various sources, most commonly credit card companies, banks and credit unions, along with other businesses that extend credit. They also collect information from public records, such as bankruptcies.

Cryptography (noun). The use of mathematical techniques to provide security services, such as confidentiality, data integrity, entity authentication, and data origin authentication.

Customer Service and Technical Support (noun). Cybersecurity work where a person installs, configures, troubleshoots, and provides maintenance and training in response to customer requirements or inquiries (e.g., tiered-level customer support).

Credit Freeze (noun). The locking of the data at the credit reporting agencies (CRAs) thus preventing new creditors (banks, credit card companies, other lenders) from viewing a credit report or score.

Cyber Ecosystem (noun). The interconnected infrastructure of interactions among persons, processes, information, and communications technologies, along with the environment and conditions that influence those interactions.

Cybersecurity (noun). The process whereby communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use, modification, or exploitation.

Cyberspace (noun). The interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, embedded processors, and controllers.


Data Aggregation (noun). The process of gathering and combining data from different sources, so that the combined data reveals new information.

Data Breach (noun). The unauthorized access or disclosure of sensitive information to a party, usually outside an organization, that is not authorized to have or see that information.

Data Integrity (noun). The property that data is complete, intact, and trusted and has not been modified or destroyed in an unauthorized or accidental manner.

Data Loss (noun). The result of intentionally or unintentionally deleting data, forgetting where it is stored, or exposure to an unauthorized party.

Data Loss Prevention (noun). A set of procedures and mechanisms to stop sensitive data from leaving a security boundary.

Data Mining (noun). The process or techniques used to analyze large sets of existing information to discover previously unrevealed patterns or correlations.

Data Theft (noun). The deliberate or intentional act of stealing information.

Decrypt (verb). To make coded information accessible.

Digital Forensics (noun). The processes and specialized techniques for gathering, retaining, and analyzing system-related data (digital evidence) for investigative purposes.


Encode (verb). To convert plain text to ciphertext by means of a code.

Encryption (noun). The process of transforming plaintext into ciphertext.

Exfiltration (noun). The unauthorized transfer of information from an information system.

Exposure (noun). The state of being unprotected; can allow access to information or capabilities which an identity thief can use to target a system or network.


Firewall (noun). A set of related computer programs, located at a network gateway server, designed to block unauthorized access while permitting outward communication.



Hacker (noun). An unauthorized user who gains access to an information system.


Identity cloning (noun). A variation of identity theft; instead of stealing PII for financial gain, identity clones actually attempt to live and work as another person.

Identity fraud (noun). Occurs when a transaction happens in a person's name without their knowledge.

Identity and Access Management (noun). The methods and processes used to manage subjects and their authentication and authorizations to access specific objects.

Information Security Policy (noun). An aggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information.

Information System (noun). A computerized database designed to store, process, and analyze data and to report results on a regular, ongoing basis. Includes the database, software, and hardware used to manage it as well as the people who create, manage, and operate it.

Insider Threat (noun). A person or group of persons within an organization who pose a potential risk to that organization through violations of security policies.

Investigation (noun). A systematic and formal inquiry using digital forensics, along with traditional criminology techniques, to collect evidence and determine the events that transpired in a given incident.


Key (noun). The numerical value used to control cryptographic operations, such as encryption and decryption, as well as signature generation and verification.

Keylogger (noun). Software or hardware that tracks keystrokes and keyboard events, usually surreptitiously, to monitor actions by the user of an information system.



Macro Virus (noun). A type of malicious code that attaches itself to documents and uses the macro programming capabilities of the document's application to execute, replicate, and propagate itself.

Malware (noun). Software that compromises the operation of a system by performing an unauthorized function or process.



Outsider Threat (noun). A person or group of persons external to an organization who are not authorized to access its assets and pose a potential risk to the organization.


Passive Attack (noun). An actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations.

Password (noun). A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization.

Personally Identifying Information. See "PII."

Phishing (noun). A digital form of social engineering intended to deceive individuals into providing sensitive information.

PHI (noun). Protected health information, or personal health information. See also: PII.

PII (noun). Personally identifying information; allows the identity of an individual to be directly or indirectly inferred.

Privacy (noun). Generally speaking, the right to keep one's personal matters and relationships secret; in computing, refers to the right to determine whether, when, how, and to whom, one's personal or organizational information is to be revealed.

Public Key Infrastructure (noun). A framework consisting of standards and services to enable secure, encrypted communication and authentication over potentially insecure networks such as the Internet.



Recovery (noun). The activities after an incident or event to restore essential services and operations in the short and medium term and fully restore all capabilities in the longer term.

Red Flags Rule (noun). A law requiring certain businesses and organizations including doctors offices, hospitals, finance companies, auto dealers, mortgage brokers, utilities, telecommunication companies, etc, to develop a written program to spot the warning signs of identity theft.

Risk (noun). The potential for an incident or occurrence to lead to an adverse outcome, as determined by the likelihood that a given threat will exploit a particular vulnerability.

Risk Assessment (noun). The process by which information is collected and value is assigned to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making.

Risk Management (noun). The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.


Security Automation (noun). The use of information technology in place of manual processes for incident response and management.

Security Policy (noun). A rule or set of rules that governs the acceptable use of an organization's information and services to a level of acceptable risk; the means for protecting the organization's information assets.

Skim (verb). To steal credit card information by using a small, handheld electronic device to scan and store data from the card's magnetic strip; can be done manually by a corrupt employee while out of sight (usually at restaurants or bars) or automatically by placing a skimming device on top of a regular credit card reader (usually at gas stations or ATMs) and retrieving it later.

Software Assurance (noun). The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner.

Spam (verb). The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages; also (noun): the junk mail used to try and lure victims into various phishing schemes.

Spoof (verb). To send an email using a false return address in order to gain unauthorized entry into a secure system.

Spyware (noun). Software that is installed into an information system without the knowledge of the system user or owner.

Synthetic Identity Fraud (noun). A type of fraud in which identity thieves use a combination of real and false information to either establish an account with a partially fictional identity, or create an entirely new identity from false information.


Tiered-level customer support. See "Customer Support and Technical Support."

Threat (noun). A circumstance or event that has the potential to exploit vulnerabilities and adversely impact organizational operations or assets (including information and information systems), individuals, other organizations, or society.

Threat Assessment (noun). The process of identifying and evaluating entities, actions, or occurrences that have or indicate the potential to harm life, information, operations, and/or property.

Threat Source (noun). A person or a method that intentionally targets an organization's vulnerability, or an unintentional triggering of said vulnerability.

Trojan Horse (noun). A computer program that has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting the legitimate authorizations of a system entity that invokes the program.


Unauthorized Access (noun). Any entry into an information system that violates a stated security policy.


Vishing (noun). A voice phishing scam that involves getting consumers to dial into a voicemail system that records personal information. See: Phishing.

Virus (noun). A computer program that can replicate itself, infect a computer without permission or knowledge of the user. Can also spread or propagate to another computer.

Vulnerability (noun). A characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard.


Weakness (noun). A shortcoming or imperfection in software code, design, architecture, or deployment that, under proper conditions, could become a vulnerability or contribute to the introduction of vulnerabilities.

Worm (noun). A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.




This glossary is compiled of terms from the Glossary of Common Cybersecurity Terminology from National Initiative for Cybersecurity Careers and Studies, as well as entries from and

IDWise Logo
What is IDWise?

Funded by a partnership with the Texas Legislature, and powered by the Center for Identity, IDWise is a resource center for the public on identity theft, fraud, and privacy. IDWise offers clear and accessible resources to empower citizens—both online and offline—to be better informed and make smarter choices to protect their personal information.

Sign Up for IDWise