Definition: cybersecurity (cybersecurity, computer network security) refers to the specialization of computer network security that consists of technologies, policies, and procedures that protect networked computer systems from unauthorized use or harm. Broadly speaking, cybersecurity topics can be subdivided into two complementary areas: cyberattacks, which are essentially offensive and emphasize network penetration techniques; and cyber defenses, which are essentially protective and emphasize counter-measures intended to eliminate or mitigate cyber attacks.
cyber threat: A potential cyber attack, which may be assigned a probability of occurrence that can be used for cyber risk assessment.
cyber risk: A risk assessment that has been assigned to a cyber threat, such as a DDoS attack or a data breach. A cyber risk assessment may be either qualitative or quantitative, where the latter should estimate the risk (R) as a function of the magnitude of the potential loss (L) and the probability that L will occur (i.e., R = p * L).
Malware is an umbrella term derived from “malicious software”, and refers to any software that is intrusive (unauthorized access), disruptive, or destructive to computer systems and networks. Malware may take many forms (executable code, data files) and includes, but is not limited to, computer viruses, worms, trojan horses (trojans), bots (botnets), spyware (system monitors, adware, tracking cookies), rogueware (scareware, ransomware), and other malicious programs. The majority of active malware threats are usually worms or trojans rather than viruses.
Definition: cyber hygiene (cybersecurity hygiene, cybersecurity hygiene) is a colloquial term that refers to best practices and other activities that computer system administrators and users can undertake to improve their cybersecurity while engaging in common online activities, such as web browsing, emailing, texting, etc.
In the context of software-intensive systems, the term framework may refer to either a computer/network architecture (i.e., an architecture framework) or a process (process framework). Consequently, in the context of software-intensive cybersecurity systems the term cybersecurity framework may apply to either a cybersecurity architecture framework or a cybersecurity process framework, depending upon whether the framework emphasizes architecture elements (e.g., cybersecurity network devices, secure communication protocols) or process activities (e.g., guidelines, best practices).
The NIST Framework for Improving Critical Infrastructure, commonly referred to as the NIST cybersecurity framework, is a cybersecurity process framework first published by the National Institute of Standards and Technology (NIST) in February 2014.
The NIST cybersecurity framework was created through the collaboration between the U.S. government and industry and is voluntary guidance for a broad range of organizations to better manage and reduce their cybersecurity risks. The framework consists of industry standards, practical guidelines, and best practices for managing and reducing cybersecurity risks, and can be applied to diverse organizations—both government and commercial, ranging from small to large in size. The NIST cybersecurity framework is also designed to foster communications among internal and external organization stakeholders, so they can better collaborate to manage and reduce cybersecurity risks.
Cryptography (cryptology) is the practice of techniques for secure (confidential or private) communication in the presence of third parties, referred to as adversaries in this context, because the latter may intercept and compromise (usually by decoding or deciphering) the secure communication for nefarious purposes.
In general practice, cryptography is concerned with designing and analyzing secure communication protocols that thwart adversaries. Cryptographic techniques tend to be multi-disciplinary and involve the disciplines of mathematics, computer science, and electrical engineering. Common applications of cryptography include computer passwords, ATM cards, smart credit cards, and electronic commerce transactions.
The term cryptography is sometimes conflated with the term cryptology, where the former is the practical application of secure communication techniques, whereas the latter is the formal study of these techniques.
Since cybersecurity defenses are typically based on strong authentication and encryption techniques, which the latter are based on cryptography techniques, cryptography is a key enabling technology for cybersecurity.
Encryption is the process of encoding messages or other information, referred to as plaintext, into ciphertext, in a manner in which only the encoder or other authorized parties can convert the ciphertext back to plaintext. Stated otherwise, the ciphertext is encoded (i.e., encrypted), whereas plaintext is decoded (i.e., decrypted). Although encryption does not inherently prevent message interception or information access, it in effect denies information content to interceptors who may be adversarial in nature.
Decryption is the inverse process of encryption, in which encoded messages, referred to as ciphertext, are decoded into plaintext, so that their original unencrypted content may be read.
Definition: cryptography key (a.k.a. encryption/decryption key, or crypto key for short) is an input parameter to a cryptographic algorithm or cipher function, which uniquely encodes plaintext (messages or other information) into ciphertext during encryption, and vice versa during decryption.
Public-key encryption is an asymmetrical cryptographic system which uses a pair of mathematically related cryptographic keys:
- public key: As its name implies, the public cryptographic key is widely known. Public keys are typically made available via a public directory or repository.
- private key: As its name implies, the private cryptographic key is confidential, and is closely held by the message recipient or information concealer.
End-to-end encryption is a term used to describe a communication system where only the sender (the origin end) and the recipient (the destination end) of a message, and no intermediaries, can read the subject message, which is rigorously encrypted throughout its transit from the source end to the receiver end. When end-to-end encryption is properly implemented, only the sender and the recipient of the message possess the cryptographic keys needed to decrypt the message—even the intermediate message service has zero knowledge of the cryptographic keys required.