Glossary · Nouns · C
L1 — paginated flat list. Pick a POS, pick a letter.
TermTypeDefinitionClassificationsUpdated
Cuttlenounten-armed oval-bodied cephalopod with narrow fins as long as the body and a large calcareous internal shellverified
Cuttlefishnounten-armed oval-bodied cephalopod with narrow fins as long as the body and a large calcareous internal shellverified
Cutworknounembroidery in which the design is outlined in a buttonhole stitch and the intervening material is cut awayverified
CutwormnounNorth American moth whose larvae feed on young plant stems cutting them off at the groundverified
Cy PresnounMWEa rule that when literal compliance is impossible the intention of a donor or testator should be carried out as nearly as possibleverified
Cy Pres DoctrinenounMWEa rule that when literal compliance is impossible the intention of a donor or testator should be carried out as nearly as possibleverified
Cyanic AcidnounMWEa colorless poisonous volatile liquid acid that hydrolyzes readily to ammonia and carbon dioxideverified
Cyanide ProcessnounMWEan industrial process for extracting gold and silver by treating ore with a sodium cyanide solutionverified
Cyanine DyenounMWEany of a class of dyes containing a -CH= group linking two heterocyclic rings containing nitrogenverified
Cyanitenouna grey or greenish-blue mineral consisting of aluminum silicate in crystalline formverified
Cyanobacterianounpredominantly photosynthetic prokaryotic organisms containing a blue pigment in addition to chlorophyllverified
Cyanohydrinnounany organic compound in which the cyano radical -CN and the hydroxyl radical -OH are attached to the same carbon atomverified
cybernounRefers to the interconnected information infrastructure of interactions among persons, processes, data, and information and communications technologies, along with the environment and conditions that influence those interactions.System
cyber assetnounMWEProgrammable electronic devices and communication networks including hardware, software and data.SystemRegulatedCUI
Cyber AttacknounMWEAn attack, via cyberspace, targeting an enterprise’s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the integrity of the data or stealing controlled information.ThreatRegulated
cyber ecosystemnounMWEThe interconnected information infrastructure of interactions among persons, processes, data, and information and communications technologies, along with the environment and conditions that influence those interactions.System
cyber eventnounMWEA cybersecurity change or occurrence that may have an impact on organizational operations (including mission, capabilities, or reputation).Event
cyber exercisenounMWEA planned event during which an organization simulates a cyber disruption to develop or test capabilities such as preventing, detecting, mitigating, responding to or recovering from the disruption.Process
cyber governancenounMWEArrangements an organisation puts in place to establish, implement and review its approach to managing cyber risks.Process
cyber incidentnounMWEActions taken through the use of computer networks that result in an actual or potentially adverse effect on an information system and/or the information residing therein. See Incident.EventRegulated
cyber incident response plannounMWEThe series of actions and processes associated with a security event associated with 'cyberspace' (i.e. the Internet, corporate networks, etc.).ProcessRegulated
cyber incident response procedurenounMWEA documented series of steps that are taken to detect, triage, and resolve events regarding cybersecurity that disrupt operations and alert applicable personnel and clients in conformance with pertinent standards.Requirement
cyber incident response roles and responsibilitiesnounMWEThe functions and duties of personnel who are responsible for triaging, and resolving events regarding cybersecurity events that disrupt operations and alerting interested personnel and affected parties in conformance with pertinent standards.ProcessRegulated
cyber infrastructurenounMWEIncludes electronic information and communications systems and services and the information contained in these systems and services. Information and communications systems and services are composed of all hardware and software that process, store, and communicate information, or any combination of all of these elements. Processing includes the creation, access, modification, and destruction of information. Storage includes paper, magnetic, electronic, and all other media types. Communications include sharing and distribution of information. For example: computer systems; control systems (e.g., supervisory control and data acquisition–SCADA); networks, such as the Internet; and cyber services (e.g., managed security services) are part of cyber infrastructure.SystemRegulated
cyber maturity modelnounMWEA mechanism to have cyber resilience controls, methods and processes assessed according to management best practice, against a clear set of external benchmarks.Framework
Cyber OperationsnounMWEIn the NICE Workforce Framework, cybersecurity work where a person: Performs activities to gather evidence on criminal or foreign intelligence entities in order to mitigate possible or real-time threats, protect against espionage or insider threats, foreign sabotage, international terrorist activities, or to support other intelligence activities.CapabilityRestrictedCUI
Cyber Operations PlanningnounMWEin the NICE Workforce Framework, cybersecurity work where a person: Performs in-depth joint targeting and cyber planning process. Gathers information and develops detailed Operational Plans and Orders supporting requirements. Conducts strategic and operational-level planning across the full range of operations for integrated information and cyberspace operationsProcessRestrictedCUI
cyber resiliencenounMWEThe ability of a system or domain to withstand cyber attacks or failures and, in such events, to reestablish itself quickly.Capability
cyber resilience frameworknounMWEConsists of the policies, procedures and controls an FMI has established to identify, protect, detect, respond to and recover from the plausible sources of cyber risks it faces.FrameworkRegulated
cyber resilience strategynounMWEAn FMI’s high level principles and medium term plans to achieve its objective of managing cyber risks.ProcessInternal
cyber risknounMWEThe combination of the probability of an event occurring within the realm of an organisation’s information assets, computer and communication resources and the consequences of that event for an organisation.Metric
cyber risk managementnounMWEThe process used by an FMI to establish an enterprise-wide framework to manage the likelihood of a cyber attack and develop strategies to mitigate, respond to, learn from and coordinate its response to the impact of a cyber attack. The management of an FMI’s cyber risk should support the business processes and be integrated in the FMI’s overall risk management framework.ProcessRegulated
cyber risk profilenounMWEThe cyber risk actually assumed, measured at a given point in time.MetricInternal
cyber risk tolerancenounMWEThe propensity to incur cyber risk, being the level of cyber risk that an FMI intends to assume in pursuing its strategic objectives.MetricInternal
cyber supply chain risk assessment processnounMWEThe foundational task in the cyber supply chain risk assessment process, cyber supply chain risk assessments are aimed at identifying and assessing applicable risk of Information and operational technology (IT/OT) outsourcing, diverse distribution routes, assorted technologies, laws, policies, procedures, and practices.ProcessRegulated
Cyber Supply Chain Risk Management PlannounMWEA plan that includes confidentiality, integrity, and availability controls for mitigating the risks associated with the distributed and interconnected nature of IT/OT product and service supply chains. It covers the entire life cycle of a system (including design, development, distribution, deployment, acquisition, maintenance, and destruction) as supply chain threats and vulnerabilities may intentionally or unintentionally compromise an IT/OT product or service at any stage.ProcessInternal
cyber supply chain risk management processnounMWEA detailed description of the steps necessary to mitigating the risks associated with the distributed and interconnected nature of IT/OT product and service supply chains. It covers the entire life cycle of a system (including design, development, distribution, deployment, acquisition, maintenance, and destruction) as supply chain threats and vulnerabilities may intentionally or unintentionally compromise an IT/OT product or service at any stage.ProcessRegulated
cyber system recovery plannounMWEA step-by-step outline of the processes and procedures to be performed to bring a cyber system back to working order after an incident has occurred.ProcessRegulatedCUI
cyber threatnounMWEAn internal or external circumstance, event, action, occurrence, or person with the potential to exploit technology-based vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society.ThreatRegulated
cyber threat intelligencenounMWEOrganized, analyzed and refined information about potential or current attacks that threaten an organization. The primary purpose of threat intelligence is helping organizations understand the risks of the most common and severe external threats, such as zero-day threats, advanced persistent threats (APTs) and exploits. Although threat actors also include internal (or insider) and partner threats, the emphasis is on the types that are most likely to affect a particular organization's environment. Threat intelligence includes in-depth information about specific threats to help an organization protect itself from the types of attacks that could do them the most damage. In a military, business or security context, intelligence is information that provides an organization with decision support and possibly a strategic advantage. Threat intelligence is a component of security intelligence and, like SI, includes both the information relevant to protecting an organization from external and inside threats as well as the processes, policies and tools designed to gather and analyze that information. Threat intelligence services provide organizations with current information related to potential attack sources relevant to their businesses; some also offer consultation service.CapabilityRestricted
cyber threat response strategynounMWEA plan of action designed to achieve a long-term or overall aim regarding how to resolve cyber incidents.ProcessInternal
Cyber-Terroristnouna programmer who breaks into computer systems in order to steal or change or destroy information as a form of cyber-terrorismverified
Cybercafenouna cafe whose customers sit at computer terminals and log on to the internet while they eat and drinkverified
Cybercrimenouncrime committed using a computer and the internet to steal a person's identity or sell contraband or stalk victims or disrupt operations with malevolent programsverified
Cyberculturenounthe culture that emerges from the use of computers for communication and entertainment and businessverified
CyberespionagenounActivities conducted in the name of security, business, politics or technology to find information that ought to remain secret. It is not inherently military.ThreatRestrictedCUI
Cyberneticsnoun(biology) the field of science concerned with processes of communication and control (especially the comparison of these processes in biological and artificial systems)verified
Cyberpunknouna programmer who breaks into computer systems in order to steal or change or destroy information as a form of cyber-terrorismverified
CybersecuritynounThe ability to protect or defend the use of cyberspace from cyber attacks.Capability
cybersecurity activitynounMWESecurity controls that are specific to the realm of Cybersecurity.Process
Cybersecurity architecturenounMWEDescribes the structure, components and topology (connections and layout) of security controls within an enterprise's IT infrastructure Scope Note: The security architecture shows how defense-in-depth is implemented and how layers of control are linked and is essential to designing and implementing security controls in any complex environment.Capability
cybersecurity awarenessnounMWEThe extent to which individuals of an organization or those who have access to an organizations information understand their individual responsibilities regarding cybersecurity risks and the need to identify, assess, and mitigate these risks in light of the increasing volume and sophistication of cyber threats.CapabilityInternal
Cybersecurity CategorynounMWEThe subdivision of a Function into groups of cybersecurity outcomes, closely tied to programmatic needs and particular activities. Examples of Cybersecurity Categories include “Asset Management,” “Identity Management and Access Control,” and “Detection Processes.”.Framework
cybersecurity controlnounMWEPractices and procedures established to protect organizational assets, user assets, and the cyber environment from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide integrity, confidentiality, and availability.ControlRegulated
cybersecurity eventnounMWEAny act or attempt, successful or unsuccessful, to gain unauthorized access to, disrupt or misuse an Information System or information stored on such Information System.EventRegulated
Cybersecurity Framework CorenounMWEA set of cybersecurity activities and references that are common across critical infrastructure sectors and are organized around particular outcomes. The Framework Core comprises four types of elements: Functions, Categories, Subcategories, and Informative References.FrameworkPublic
Cybersecurity Framework Implementation TiernounMWEA lens through which to view the characteristics of an organization’s approach to risk—how an organization views cybersecurity risk and the processes in place to manage that risk.FrameworkInternal
cybersecurity functionnounMWEOne of the main components of the Cybersecurity Framework. Cybersecurity functions provide the highest level of structure for organizing basic cybersecurity activities into Cybersecurity Categories and Cybersecurity Subcategories. The five Cybersecurity functions are the Identify function, Protect function, Detect function, Respond function, and Recover function.Capability
cybersecurity incident responsenounMWEThe process of managing and resolving cybersecurity events that disrupt the organization's operations and restoring services.ProcessRegulated
cybersecurity incident response groupnounMWEA group of people that prepares for and resolves events that disrupt an organization's cybersecurity operations.Organization
cybersecurity law, rule, or regulationnounMWEAny federal, state, or local statute or ordinance or any rule or regulation adopted according to any federal, state, or local statute or ordinance that deals specifically with the topic of protecting or defending computerized environments, organizational computerized assets, and user’s computerized assets.RequirementRegulated
Cybersecurity outcomenounMWEA Cybersecurity outcome is the business need defined and tiered implementation of the outcomes listed in either the Categories or Subcategories section of Table 2 in the NIST Cybersecurity Framework.RequirementRegulated
cybersecurity patchnounMWEComputer code intended to fix a cybersecurity vulnerability.ControlRegulated
cybersecurity personnelnounMWEAll people who are employed by an organization to perform cybersecurity activities.Role
cybersecurity plannounMWEFormal document that provides an overview of the cybersecurity requirements for an Information Technology and industrial control system and describes the cybersecurity controls in place or planned for meeting those requirements.RequirementRegulatedCUI
cybersecurity policynounMWEA set of criteria for the provision of security services.RequirementRegulated
cybersecurity procedurenounMWEA detailed description of the steps necessary to implement cybersecurity in conformance with applicable standards.Requirement
Cybersecurity ProfilenounMWEA representation of the outcomes that a particular system or organization has selected from the Framework Categories and Subcategories.ArtifactInternal
cybersecurity programnounMWEAn integrated group of activities designed and managed to meet cybersecurity objectives for the organization and/or the function. A cybersecurity program may be implemented at either the organization or the function level, but a higher-level implementation and enterprise viewpoint may benefit the organization by integrating activities and leveraging resource investments across the entire enterprise.ProcessRegulated
cybersecurity requirementnounMWERequirements levied on an Information Technology and Operations Technology that are derived from organizational mission and business case needs (in the context of applicable legislation, Executive Orders, directives, policies, standards, instructions, regulations, procedures) to ensure the confidentiality, integrity, and availability of the services being provided by the organization and the information being processed, stored, or transmitted.RequirementRegulated
cybersecurity risknounMWEA risk to organizational operations, (including mission, functions, image, and reputation), resources, and other organizations due to the potential for unauthorized access, use, disclosure, disruption, modification, or destruction of information, Information Technology, and/or Operations Technology.ThreatRegulated