The ability to read, write, modify or use any of a company’s system resources.

Access control
Prevention of unauthorized use of any company’s system resources either externally (by an intruder) or internally (by an employee who should not have access).

Access Control List (ACL)
A mechanism that implements access control for a system resource by enumerating the identities of the system entities that are permitted to access the resources.

Ensuring that activities on supported systems can be traced to an individual who is held responsible for the integrity of the data.

The official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls.

A pneumatic, hydraulic, or electrically powered device that supplies force and motion so as to position a valve’s closure member at or between the open or closed position.

Advanced Persistent Threat
Advanced persistent threat (APT) usually refers to a group, such as a foreign government, with both the capability and the intent to persistently and effectively target a specific entity. The term is commonly used to refer to cyber threats, in particular that of Internet-enabled espionage using a variety of intelligence gathering techniques to access sensitive information, but applies equally to other threats such as that of traditional espionage or attack. Other recognized attack vectors include infected media, supply chain compromise, and social engineering. Individuals, such as an individual hacker, are not usually referred to as an APT as they rarely have the resources to be both advanced and persistent even if they are intent on gaining access to, or attacking, a specific target.

Any software application that displays advertising banners while the program is running. Adware often includes code that tracks a user’s personal information and passes it on to third parties without the user’s authorization or knowledge. And if you gather enough of it, adware slows down your computer significantly. Over time, performance can be so degraded that you may have trouble working productively. See also Spyware and Malware.

A device or function that signals the existence of an abnormal condition by making an audible or visible discrete change, or both, so as to attract attention to that condition.

Alternating Current Drive
Synonymous with Variable Frequency Drive (VFD).

Antivirus Software
Software designed to detect and potentially eliminate viruses before they have had a chance to wreak havoc within the system. Anti-virus software can also repair or quarantine files that have already been infected by virus activity. See also Virus and Electronic Infections.

Antivirus Tools
Software products and technology used to detect malicious code, prevent it from infecting a system, and remove malicious code that has infected the system.

Software that performs automated functions for a user, such as word processing, spreadsheets, graphics, presentations and databases—as opposed to operating system (OS) software.

Application Server
A computer responsible for hosting applications to user workstations.

A level of confidence that the information system architecture meditates and enforces the organization’s security policy.

A file that has been added to an email—often an image or document. It could be something useful to you or something harmful to your computer. See also Virus.

An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity, availability, or confidentiality.

Audit trail
A documented record of events allowing an auditor (or security administrator) to reconstruct past system activities.

To verify the identity of a user, device, or any other system entity.

Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources in an information system.

The right or a permission that is granted to a system entity to access a system resource. Granting officially approved access rights to a user, process or program in accordance with company’s security policy.


Back Door
Code that is specifically written into applications or operating systems to allow unauthorized access. Also called a trap door. An undocumented way of gaining access to a computer system. A backdoor is a potential security risk. Hidden software or hardware mechanism used to circumvent security controls.

File copies that are saved as protection against loss, damage or unavailability of the primary data. Saving methods include high-capacity tape, separate disk sub-systems or on the Internet. Off-site backup storage is ideal, sufficiently far away to reduce the risk of environmental damage such as flood, which might destroy both the primary and the backup if kept nearby.

See Malware, Adware and Spyware.

The capacity of a communication channel to pass data such as text, images, video or sound through the channel in a given amount of time. Usually expressed in bits per second.

Batch Process
A process that leads to the production of finite quantities of material by subjecting quantities of input materials to an ordered set of processing activities over a finite time using one or more pieces of equipment.

Blacklisting Software
A form of filtering that blocks only websites specified as harmful. Parents and employers sometimes use such software to prevent children and employees from visiting certain websites. You can add and remove sites from the “not permitted” list. This method of filtering allows for more full use of the Internet, but is less efficient at preventing access to any harmful material that is not on the list. See also Whitelisting Software.

Blended Threat
Blended threats combine the characteristics of viruses, worms, Trojan horses, and malicious code with system and Internet vulnerabilities to initiate, transmit and spread an attack. By using multiple methods and techniques, blended threats can rapidly spread and cause widespread damage. A computer network attack that seeks to maximize the severity of damage and speed of contagion by combining methods—for example, using characteristics of both viruses and worms. See also Electronic Infection.

Short for “Web log,” a blog is usually defined as an online diary or journal. It is usually updated frequently and offered in a dated log format with the most recent entry at the top of the page. It often contains links to other websites along with commentary about those sites or specific subjects, such as politics, news, pop culture or computers.

A botnet is a collection of internet-connected programs communicating with other similar programs in order to perform tasks. This can be as mundane as keeping control of an IRC channel, or it could be used to send spam email or participate in DDoS attacks. The word botnet stems from the two words robot and network.

Transmission to all devices in a network without any acknowledgment by the receivers.

General term used to refer to high-speed network connections such as cable modem and Digital Subscriber Line (DSL). These types of “always on” Internet connections are actually more susceptible to some security threats than computers that access the Web via dial-up service.

A client software program that can retrieve and display information from servers on the World Wide Web. Often known as a “Web browser” or “Internet browser,” Examples include Microsoft’s Internet Explorer, Google’s Chrome, Apple’s Safari, and Mozilla’s Firefox.

Brute Force Attack
An exhaustive password-cracking procedure that tries all possibilities, one by one. See also Dictionary Attack and Hybrid Attack.

Buffer Overflow
A buffer overflow is a type of progmmatic flaw that is due to a programmer allowing for an unbounded operation on a data. Buffer overflow conditions commonly occur during memory copy operations. In these cases, a lack of bounds checking can allow memory to be written beyond the buffer, corrupting potentially sensitive values in adjacent memory. Buffer overflow conditions have typically been exploited to hijack program execution flow by overwriting activation records in stack memory. Buffer overflows in the heap has also proven exploitable, enabling attackers to have their own instructions executed in the process space of the affected program.

Bulletin Board
Enable users from the Internet to write or read messages posted by other users and exchange programs and flies.


A comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.

Clear Desk Policy
A policy that directs all personnel to clear their desks at the end of each working day, and file everything appropriately. Desks should be cleared of all documents and papers, including the contents of the “in” and “out” trays —not simply for cleanliness, but also to ensure that sensitive papers and documents are not exposed to unauthorized persons outside of working hours.

Clear Screen Policy
A policy that directs all computer users to ensure that the contents of the screen are protected from prying eyes and opportunistic breaches of confidentially. Typically, the easiest means of compliance is to use a screen saver that engages either on request or after a specified short period of time. See also Shoulder Surfing.

Clear Text
Information that is not encrypted.

Violation of the company’s system security policy by an intruder. It can result in the modification, destruction or theft of data.

Computer crime
Any form of illegal act involving electronic information and computer equipment.

Computer fraud
A computer crime that an intruder commits to obtain money or something of value from a company. Often, all traces of the crime are covered up. Computer fraud typically involves modification, destruction, theft or disclosure of data.

Ensuring that sensitive data is limited to a specific individual (internal or external) or groups within an organization. The confidentiality of the information is based on the degree to which an organization must protect its information – for example, registered, proprietary or non-proprietary. Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.

Configuration (of a system or device)
Step in system design; for example, selecting functional units, assigning their locations, and defining their interconnections.

Configuration Control
Process for controlling modifications to hardware, firmware, software, and documentation to ensure the information system is protected against improper modifications before, during, and after system implementation.

Conflict-of-interest Escalation
A present procedure for escalating a security incident if any members of the support or security teams are suspect.

Contingency Plan
A security plan to ensure that mission-critical computer resources are available to a company in the event of a disaster (such as earthquake or flood). It includes emergency response actions, backup operations and post-disaster recovery.

Continuous Process
A process that operates on the basis of continuous flow, as opposed to batch, intermittent, or sequenced operations.

A protective action that a company takes to reduce its risk of exposure.

Control Algorithm
A mathematical representation of the control action to be performed.

Control Center
An equipment structure or group of structures from which a process is measured, controlled, and/or monitored.

Control Loop
A combination of field devices and control functions arranged so that a control variable is compared to a set point and returns to the process in the form of a manipulated variable.

Control Network
Those networks of an enterprise typically connected to equipment that controls physical processes and that is time or safety critical. The control network can be subdivided into zones, and there can be multiple separate control networks within one enterprise and site.

Control Server
A server that hosts the supervisory control system, typically a commercially available application for DCS or SCADA system.

Control System
A system in which deliberate guidance or manipulation is used to achieve a prescribed value for a variable. Control systems include SCADA, DCS, PLCs and other types of industrial measurement and control systems.

Controlled Variable
The variable that the control system attempts to keep at the set point value. The set point may be constant or variable.

A device or program that operates automatically to regulate a controlled variable.

A small file that is downloaded by some websites to store a packet of information on your browser. Companies and organizations use cookies to remember your login or registration identification, site preferences, pages viewed and online “shopping-cart” so that the next time you visit a site, your stored information can automatically be pulled up for you. A cookie is obviously convenient but also presents potential security issues. You can configure your browser to alert you whenever a cookie is being sent. You can refuse to accept all cookies or erase all cookies saved on your browser.

An action that a company’s data has not been exposed to modification or destruction either by accident or from malicious acts.

Relating to, or characteristic of, the culture of computers, information technology and virtual reality (OED)

Sending or posting harmful, cruel, rude or threatening messages, or slanderous information, text or images using the Internet or other digital communication devices.

Cycle Time
The time, usually expressed in seconds, for a controller to complete one control loop where sensor signals are read into memory, control algorithms are executed, and corresponding control signals are transmitted to actuators that create changes the process resulting in new sensor signals.


A darknet is a private, distributed P2P file sharing network where connections are made only between trusted peers — sometimes called “friends” (F2F) — using non-standard protocols and ports. Darknets are distinct from other distributed P2P networks as sharing is anonymous (that is, IP addresses are not publicly shared), and therefore users can communicate with little fear of governmental or corporate interference.

A repository of information that usually holds plant wide information including process data, recipes, personnel data, and financial data.

Data Historian
A centralized database supporting data analysis using statistical process control techniques.

DC Servo Drive
A type of drive that works specifically with servo motors. It transmits commands to the motor and receives feedback from the servo motor resolver or encoder.

Denial of Service (DoS)
The prevention of authorized access to a system resource or the delaying of system operations and functions. An action or series of actions taken by an intruder. It causes systems to be unavailable for their intended purpose.

Denial of Service Attack
The prevention of authorized access to a system resource or the delaying of system operations and functions. Often this involves a cybercriminal generating a large volume of data requests. See also Flooding.

Information concerning known failure modes and their characteristics. Such information can be used in troubleshooting and failure analysis to help pinpoint the cause of a failure and help define suitable corrective measures.

Dictionary Attack
A password-cracking attack that tries all of the phrases or words in a dictionary. See also Brute Force Attack and Hybrid Attack.

Digital Certificate
The electronic equivalent of an ID card that establishes your credentials when doing business or other transactions on the Web. It contains your name, a serial number, expiration dates, a copy of the certificate holder’s public key (used for encrypting messages and digital signatures) and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real.

Disaster Recovery Plan (DRP)
A written plan for processing critical applications in the event of a major hardware or software failure or destruction of facilities.

Discrete Process
A type of process where a specified quantity of material moves as a unit (part or group of parts) between work stations and each unit maintains its unique identity.

Distributed Control System (DCS)
In a control system, refers to control achieved by intelligence that is distributed about the process to be controlled, rather than by a centrally located single unit.

Distributed Plant
A geographically distributed factory that is accessible through the Internet by an enterprise.

An undesired change in a variable being applied to a system that tends to adversely affect the value of a controlled variable.

Domain Controller
A server responsible for managing domain information, such as login identification and passwords.

Domain Hijacking
An attack in which an attacker takes over a domain by first blocking access to the domain’s DNS server and then putting his own server up in its place.

Domain Name System (DNS)
The DNS is the way that Internet domain names are located. A website’s domain name is easier to remember than its IP (Internet Protocol) address.

Dumpster Diving
Recovering files, letters, memos, photographs, IDs, passwords, checks, account statements, credit card offers and more from garbage cans and recycling bins. This information can then be used to commit identity theft.


Easy Access
Breaking into a system with minimal effort by exploiting a well-known vulnerability and gaining super-user access in less than 30 seconds (a piece of cake for an intruder).

Electronic Infections
Often called “viruses,” these malicious programs and codes harm your computer and compromise your privacy. In addition to the traditional viruses, other common types include worms and Trojan horses. They sometimes work in tandem to do maximum damage. See also Blended Threat.

Cryptographic transformation of data (called “plaintext”) into a form (called “cipher text”) that conceals the data’s original meaning to prevent it from being known or used. If the transformation is reversible, the corresponding reversal process is called “decryption”, which is a transformation that restores encrypted data to its original state. A data security technique used to protect information from unauthorized inspection or alteration. Information is encoded so that it appears as a meaningless string of letters and symbols during delivery or transmission. Upon receipt, the information is decoded using an encryption key.

End User License Agreement (EULA)
A contract between you and your software’s vendor or developer. Many times, the EULA is presented as a dialog box that appears the first time you open the software and forces you to check “I accept” before you can proceed. Before accepting, though, read through it and make sure you understand and are comfortable with the terms of the agreement. If the software’s EULA is hard to understand or you can’t find it, beware!

An organization that coordinates the operation of one or more processing sites.

Enterprise Resource Planning (ERP) System
A system that integrates enterprise-wide information including human resources, financials, manufacturing, and distribution as well as connects the organization to its customers and suppliers.

The procedure of reporting (and passing responsibility for resolving) a security breach to a higher level of command.

External escalation
The process of reporting a security breach to an individual or group outside the department, division or company in which it occurred. When a problem is escalated, responsibility for resolving that problem is either accepted or shared with the party to whom the problem is escalated.

A program or technique that takes advantage of a vulnerability in software that can be used for breaking security or otherwise attacking a host.

Extensible Markup Language (XML)
A specification for a generic syntax to mark data with simple, human-readable tags, enabling the definition, transmission, validation, and interpretation of data between applications and between organizations.

An extension of a company’s intranet to include systems outside the company. An extranet can be used to facilitate easy access to databases and other sources of information between the company and its customers or suppliers.

Evil Twins
A fake wireless Internet hot spot that looks like a legitimate service. When victims connect to the wireless network, a hacker can launch a spying attack on their transactions on the Internet, or just ask for credit card information in the standard pay-for-access deal. See also Man-in-the-Middle Attacks.


Fault Tolerant
Of a system, having the built-in capability to provide continued, correct execution of its assigned function in the presence of a hardware and/or software fault.

Field Device
Equipment that is connected to the field side on an ICS. Types of field devices include RTUs, PLCs, actuators, sensors, HMIs, and associated communications.

Field Site
A subsystem that is identified by physical, geographical, or logical segmentation within the ICS. A field site may contain RTUs, PLCs, actuators, sensors, HMIs, and associated communications.

A digital, serial, multi-drop, two-way data bus or communication path or link between low-level industrial field equipment such as sensors, transducers, actuators, local controllers, and even control room devices. Use of fieldbus technologies eliminates the need of point-to-point wiring between the controller and each device. A protocol is used to define messages over the fieldbus network with each message identifying a particular sensor on the network.

File Transfer Protocol (FTP)
FTP is an Internet standard for transferring files over the Internet. FTP programs and utilities are used to upload and download Web pages, graphics, and other files between local media and a remote server which allows FTP access.

File-Sharing Programs
Sometimes called peer-to-peer (P2P) programs, these allow many different users to access the same file at the same time. These programs are often used to illegally upload and download music and other software. Examples include Napster, Grokster, Kazaa, iMesh, Ares and Limewire.

A security system that controls traffic flow between networks. Several configurations exist: filters, application relays, encryption, demilitarized zones (DMZ), and so on. An inter-network gateway that restricts data communication traffic to and from one of the connected networks (the one said to be “inside” the firewall) and thus protects that network’s system resources against threats from the other network (the one that is said to be “outside” the firewall).

An attack that attempts to cause a failure in the security of a computer by providing more input, such as a large volume of data requests, than it can properly process. See also Denial of Service Attack.

Forensic Discovery
Forensic or E-discovery is the search and analysis of electronic documents and data. Electronic documents include virtually anything that is stored on a computer such as e-mail, web pages, word processing files, and computer databases. Electronic records can be found on a wide variety of devices such as desktop and laptop computers, network servers, personal digital assistants and digital phones. Documents and data are “electronic” if they exist in a medium that can only be read by using computers such as cache memory, magnetic disks (for example computer hard drives or floppy disks), optical disks (for example DVDs or CDs), and magnetic tapes. Electronic discovery is frequently distinguished from traditional “paper discovery,” which is the discovery of writings on paper that can be read without the assistance of computers. Forensic Discovery is frequently required in legal proceedings and is submitted as evidence in Court.


Using the Internet to manipulate and gain trust of a minor as a first step towards the future sexual abuse, production or exposure of that minor. Sometimes involves developing the child’s sexual awareness and may take days, weeks, months or in some cases years to manipulate the minor.


A person with malicious intentions who gathers information on computer security flaws and breaks into computers without the system owners’ permission. An individual who attempts to break into a computer without authorization.

Exploiting system vulnerabilities to gain unauthorized access.

A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers.

When used in the first part of a URL (e.g., http://), this term specifies the use of hypertext transfer protocol (HTTP) enhanced by a security mechanism such as Secure Socket Layer (SSL). Always look for the HTTPS on the checkout or order form page when shopping online or when logging into a site and providing your username and password.

Human-Machine Interface (HMI)
The hardware or software through which an operator interacts with a controller. An HMI can range from a physical control panel with buttons and indicator lights to an industrial PC with a color graphics display running dedicated HMI software.

Hybrid Attack
Builds on other password-cracking attacks by adding numerals and symbols to dictionary words. See also Dictionary Attack and Brute Force Attack.


Recognizing users on a company’s systems by using unique names. Not the same as authentication. The process of verifying the identity of a user, process, or device, usually as a prerequisite for granting access to resources in an IT system.

An incident is an event attributable to a human root cause. This distinction is particularly important when the event is the product of malicious intent to do harm. An important note: all incidents are events but many events are not incidents. A system or application failure due to age or defect may be an emergency event but a random flaw or failure is not an incident.

Incident Investigation
The investigation seeks to determine the circumstances of the incident. Every incident will warrant or require an investigation. However, investigation resources like forensic tools, dirty networks, quarantine networks and consultation with law enforcement may be useful for the effective and rapid resolution of an emergency incident.

Incident Response Procedures
Formal written procedures that detail the steps to be taken in the event of a major security problem, such as break-in. Developing detailed incident-response procedures before the occurrence of a problem is a hallmark of a well-designed security system.

Incident Response Team
The incident coordinator manages the response process and is responsible for assembling the team. The coordinator will ensure the team includes all the individuals necessary to properly assess the incident and make decisions regarding the proper course of action. The incident team meets regularly to review status reports and to authorize specific remedies. The team should utilize a pre-allocated physical and virtual meeting place.

Input/Output (I/O)
A general term for the equipment that is used to communicate with a computer as well as the data involved in the communications.

An entity inside the security perimeter that is authorized to access system resources but uses them in a way not approved by those who granted the authorization.

Instant Messaging (IM)
A service that allows people to send and get messages almost instantly. To send messages using instant messaging you need to download an instant messaging program and know the instant messaging address of another person who uses the same IM program. See also Spim.

Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity.

Intelligent Electronic Device (IED)
Any device incorporating one or more processors with the capability to receive or send data/control from or to an external source (e.g., electronic multifunction meters, digital relays, controllers).

Internal escalation
The process of reporting a security breach to a higher level of command with-in the department, division or company in which the breach occurred.

The largest collection of networks in the world. The single interconnected world-wide system of commercial, government, educational, and other computer networks that share the set of protocols specified by the Internet Architecture Board (IAB) and the name and address spaces managed by the Internet Corporation for Assigned Names and Numbers (ICANN).

Internet Protocol (IP) Address
A computer’s inter-network address, written as a series of four 8-bit numbers separated by periods, such as 123.45.678.990. Every website has an IP Address, although finding a website is considerably easier to do when using its domain name instead. See also Domain Name System (DNS).

Internet Service Provider (ISP)
The company through which an individual or organization receives access to the Internet. Typically, ISP’s provide email service and homepage storage in addition to Internet access. Some ISP’s also provide offsite data storage and backup services. A company that provides internet access to customers.

A company’s internal network.

Intrusion Detection System (IDS)
A security service that monitors and analyzes network or system events for the purpose of finding, and providing real-time or near real-time warning of, attempts to access system resources in an unauthorized manner.

Intrusion Prevention System (IPS)
A system that can detect an intrusive activity and can also attempt to stop the activity, ideally before it reaches its targets.


The time or phase difference between the data signal and the ideal clock.


Key Logger
A program designed to record which keys are pressed on a computer keyboard used to obtain passwords or encryption keys and thus bypass other security measures.

Keystroke Logger
A specific type of electronic infection that records victims’ keystrokes and sends them to an attacker. This can be done with either hardware or software. See also Trojan Horse.


Light Tower
A device containing a series of indicator lights and an embedded controller used to indicate the state of a process based on an input signal.

Local Area Network (LAN)
A group of computers and other devices dispersed over a relatively limited area and connected by a communications link that enables any device to interact with any other on the network.

Logic Bomb
A program that an intruder inserts into software. A logic bomb lies dormant until a predefined condition is met; the program then triggers an unauthorized act.


Machine Controller
A control system/motion network that electronically synchronizes drives within a machine system instead of relying on synchronization via mechanical linkage.

Any act that either prevents the failure or malfunction of equipment or restores its operating capability.

Malicious payload
Typically referred to as ‘Payload’ because it’s almost always malicious. Threats can contain programs, often referred to as payloads that perform malicious activities such as denial-of-service attacks, destruction or modification of data, changes to system settings, and information disclosure. Note that the majority of viruses do not contain a payload; they simply replicate.

Software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system. A virus, worm, Trojan horse, or other code-based entity that infects a host. Spyware and some forms of adware are also examples of malicious code (malware). A generic term for a number of different types of malicious code. See also Adware and Spyware.

Management Controls
The security controls (i.e., safeguards or countermeasures) for an information system that focus on the management of risk and the management of information security.

Man-In-the-Middle Attack
Posing as an online bank or merchant, a cyber criminal allows a victim to sign in over a Secure Sockets Layer (SSL) connection. The attacker then logs onto the real server using the client’s information and steals credit card numbers.

Manipulated Variable
In a process that is intended to regulate some condition, a quantity or a condition that the control alters to initiate a change in the value of the regulated condition.

Manufacturing Execution System (MES)
A system that uses network computing to automate production control and process automation. By downloading recipes and work schedules and uploading production results, a MES bridges the gap between business and plant-floor or process-control systems.

Mass Mailer
A threat that self-replicates by sending itself through email. Typically, the threat obtains email addresses by searching for them in files on the system or by responding to messages found in the email client inbox.

Master Terminal Unit (MTU)
See SCADA Server

A device used to convert serial digital data from a transmitting terminal to a signal suitable for transmission over a telephone channel to reconvert the transmitted signal to serial digital data for the receiving terminal.

Monitoring Software
Software products that allow parents to monitor or track the websites or email messages that a child visits or reads. See also Blacklisting Software and Whitelisting Software.

Motion Control Network
The network supporting the control applications that move parts in industrial settings, including sequencing, speed control, point-to-point control, and incremental motion.


Two or more computer systems that are grouped together to share information, software and hardware.

Network Interface Card (NIC)
A circuit board or card that is installed in a computer so that it can be connected to a network.


Object Linking and Embedding (OLE) for Process Control (OPC)
A set of open standards developed to promote interoperability between disparate field devices, automation/control, and business systems.

Operating System
An integrated collection of service routines for supervising the sequencing of programs by a computer. An operating system may perform the functions of input/output control, resource scheduling, and data management. It provides application programs with the fundamental commands for controlling the computer. Programs that manage all the basic functions and programs on a computer, such as allocating system resources, providing access and security controls, maintaining file systems and managing communications between end users and hardware devices. Examples include Microsoft’s Windows, Apple’s Macintosh and Red Hat’s Linux.

Operational Controls
The security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by people (as opposed to systems).


A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization. A secret sequence of characters that is used as a means of authentication to confirm your identity in a computer program or online.

Password Cracker
A software program that tries to match user passwords by using whole dictionaries.

Password Cracking
Password cracking is the process of attempting to guess passwords, given the password file information. See also Brute Force Attacks, Dictionary Attacks and Hybrid Attacks.

Password Sniffing
Passive wiretapping, usually on a local area network, to gain knowledge of passwords.

A patch is a small security update released by a software manufacturer to fix bugs in existing programs. Your computer’s software programs and/or operating system may be configured to check automatically for patches, or you may need to periodically visit the manufacturers’ websites to see if there have been any updates.

Peer-to-Peer (P2P) Programs
See File-Sharing Programs.

Penetration Test
A penetration test, occasionally pentest, is a method of evaluating the computer security of a computer system or network by simulating an attack from malicious outsiders (who do not have an authorized means of accessing the organization’s systems) and malicious insiders (who have some level of authorized access). The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software flaws, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker and can involve active exploitation of security vulnerabilities. Effective penetration tests provides an accurate assessment of the potential impacts to the organization and outline a range of technical and procedural countermeasures to reduce risks.

The act of gaining unauthorized access to a system or network.

The authorized actions that a subject can perform with an object (that is read, write, modify or delete).

Redirecting visitors from a real website to a bogus one. A user enters what is believed to be a valid Web address and is unknowingly redirected to an illegitimate site that steals the user’s personal information. On the spoofed site, criminals may mimic real transactions and harvest private information unknowingly shared by users. With this, the attacker can then access the real website and conduct transactions using the credentials of a valid user.

Tricking individuals into disclosing sensitive personal information by claiming to be a trustworthy entity in an electronic communication (e.g., internet web sites). Soliciting private information from customers or members of a business, bank or other organization in an attempt to fool them into divulging confidential personal and financial information. People are lured into sharing user names, passwords, account information or credit card numbers, usually by an official-looking message in an email or a pop-up advertisement that urges them to act immediately, usually by clicking on a link provided. See also Vishing.

Photo Eye
A light sensitive sensor utilizing photoelectric control that converts a light signal into an electrical signal, ultimately producing a binary signal based on an interruption of a light beam.

Point of Contract (POC)
The person or persons to whom users or system administrators should immediately report a break-in or suspected security breach. The POC is the information-systems equivalent of a 911 emergency line.

The entry or exit point from a computer for connecting communications or peripheral devices.

Port Scanning
Using a program to remotely determine which ports on a system are open (e.g., whether systems allow connections through those ports).

Pressure Regulator
A device used to control the pressure of a gas or liquid.

Pressure Sensor
A sensor system that produces an electrical signal related to the pressure acting on it by its surrounding medium. Pressure sensors can also use differential pressure to obtain level and flow measurements.

A device that converts digital data to human-readable text on a paper medium.

The protection of a company’s data from being accessed by unauthorized parties. Safeguards such as encryption can provide a level of assurance that the integrity of the data is protected from exposure.

Process Controller
A proprietary computer system, typically rack-mounted, that processes sensor input, executes control algorithms, and computes actuator outputs.

Programmable Logic Controller (PLC)
A solid-state control system that has a user-programmable memory for storing instructions for the purpose of implementing specific functions such as I/O control, logic, timing, counting, three mode (PID) control, communication, arithmetic, and data and file processing.

A set of rules (i.e., formats and procedures) to implement and control some type of association (e.g., communication) between systems.

Protocol Analyzer
A device or software application that enables the user to analyze the performance of network data so as to ensure that the network and its associated hardware/software are operating within network specifications.

Proximity Sensor
A non-contact sensor with the ability to detect the presence of a target within a specified range.



Pertaining to the performance of a computation during the actual time that the related physical process transpires so that the results of the computation can be used to guide the physical process.

Redundant Control Server
A backup to the control server that maintains the current state of the control server at all times.

An electromechanical device that completes or interrupts an electrical circuit by physically moving conductive contacts. The resultant motion can be coupled to another mechanism such as a valve or breaker.

The probability that a system will adequately accomplish its tasks for a specific period of time under the expected operating conditions.

Remote Access
Access by users (or information systems) communicating external to an information system security perimeter.

Remote Diagnostics
Diagnostics activities conducted by individuals communicating external to an information system security perimeter.

Remotely Exploitable
Remotely exploitable vulnerabilities are those that can be exploited by attackers across a network. For example, vulnerabilities in web servers that can be exploited by web clients are remotely exploitable vulnerabilities.

Remote Maintenance
Maintenance activities conducted by individuals communicating external to an information system security perimeter.

Remote Terminal Unit (RTU)
A computer with radio interfacing used in remote situations where communications via wire is unavailable. Usually used to communicate with remote field equipment. PLCs with radio communication capabilities are also used in place of RTUs.

Resource Starvation
A condition where a computer process cannot be supported by available computer resources. Resource starvation can occur due to the lack of computer resources or the existence of multiple processes that are competing for the same computer resources.

The probability that a particular vulnerability of a system will be exploited, either intentionally or accidentally. The level of impact on agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system, given the potential impact of a threat and the likelihood of that threat occurring.

Risk Analysis
A process that determines the magnitude of security risks. A risk analysis identifies controls that need improvement.

Risk Assessment
The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis. Incorporates threat and vulnerability analyses.

Risk Management
The process of managing risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system. It includes risk assessment; cost-benefit analysis; the selection, implementation, and assessment of security controls; and the formal authorization to operate the system. The process considers effectiveness, efficiency, and constraints due to laws, directives, policies, or regulations.

A computer that is a gateway between two networks at OSI layer 3 and that relays and directs data packets through that inter-network. The most common form of router operates on IP packets. A hardware device that connects two or more networks and routes incoming data packets to the appropriate network. Many Internet Service Providers (ISPs) provide these devices to their customers, and they often contain firewall protections.

Router Flapping
A router that transmits routing updates alternately advertising a destination network first via one route, then via a different route.


Safety Instrumented System (SIS)
A system that is composed of sensors, logic solvers, and final control elements whose purpose is to take the process to a safe state when predetermined conditions are violated. Other terms commonly used include emergency shutdown system (ESS), safety shutdown system (SSD), and safety interlock system (SIS).

SCADA Server
The device that acts as the master in a SCADA system.

A file containing active content — for example, commands or instructions to be executed by the computer.

Security Audit
Independent review and examination of a system’s records and activities to determine the adequacy of system controls, ensure compliance with established security policy and procedures, detect breaches in security services, and recommend any changes that are indicated for countermeasures. An independent professional security review that tests and examines a company’s compliance with existing controls, the results of which enable an auditor to recommend necessary changes in security controls, policies and procedures.

Security Controls
The management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information.

Security Plan
Formal document that provides an overview of the security requirements for the information system and describes the security controls in place or planned for meeting those requirements.

Security Policy
Security policies define the objectives and constraints for the security program. Policies are created at several levels, ranging from organization or corporate policy to specific operational constraints (e.g., remote access). In general, policies provide answers to the questions “what” and “why” without dealing with “how.” Policies are normally stated in terms that are technology-independent.

Security Procedures
A set of detailed instructions, configurations and recommendations to implement company’s security policies.

A device that produces a voltage or current output that is representative of some physical property being measured (e.g., speed, temperature, flow)

Servo Valve
An actuated valve whose position is controlled using a servo actuator.

Set Point
An input variable that sets the desired value of the controlled variable. This variable may be manually set, automatically set, or programmed.

Shoulder Surfing
Looking over a person’s shoulder to get confidential information. It is an effective way to get information in crowded places because it’s relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine or type a password. Can also be done long-distance with the aid of binoculars or other vision- enhancing devices. To combat it, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand. Also, be sure you password- protect your computer screen when you must leave it unattended, and clear your desk at the end of the day. See also Clear Desk Policy and Clear Screen Policy.

Simple Network Management Protocol (SNMP)
A standard TCP/IP protocol for network management. Network administrators use SNMP to monitor and map network availability, performance, and error rates. To work with SNMP, network devices utilize a distributed data store called the Management Information Base (MIB). All SNMP-compliant devices contain a MIB which supplies the pertinent attributes of a device. Some attributes are fixed or “hard-coded” in the MIB, while others are dynamic values calculated by agent software running on the device.

Single Loop Controller
A controller that controls a very small process or a critical process.

A high-tech method by which thieves capture your personal or account information from your credit card, driver’s license or even passport using an electronic device called a “skimmer.” Such devices can be purchased online for under $50. Your card is swiped through the skimmer and the information contained in the magnetic strip on the card is then read into and stored on the device or an attached computer. Skimming is predominantly a tactic used to perpetuate credit card fraud, but is also gaining in popularity amongst identity thieves.

A copy of what’s a computer’s memory (primary storage, specific registers and so on) contains at a specific point in time. Like a photograph, a snapshot can be used to catch intruders by recording information that the hacker might erase before the attack is completed or repelled.

Snooping tool
A program that an intruder uses to capture passwords and other data. Also known as password sniffer.

Social Engineering
An attempt to trick someone into revealing information (e.g., a password) that can be used to attack systems or networks. A euphemism for non-technical or low-technology means—such as lies, impersonation, tricks, bribes, blackmail and threats—used to attack information systems. Sometimes telemarketers or unethical employees employ such tactics.

Social Networking Websites
Sites specifically focused on the building and verifying of social networks for whatever purpose. Many social networking services are also blog hosting services. There are more than 300 known social networking websites, including Facebook, Twitter, LinkedIn, MySpace and Blogspot. Such sites enable users to create online profiles and post pictures and share personal data such as their contact information, hobbies, activities and interests. The sites facilitate connecting with other users with similar interests, activities and locations. Sites vary in who may view a user’s profile—some have settings which may be changed so that profiles can be viewed only by “friends.” See also Blogs.

Solenoid Valve
A valve actuated by an electric coil. A solenoid valve typically has two states: open and closed.

Unwanted, unsolicited email from someone you don’t know. Often sent in an attempt to sell you something or get you to reveal personal information.

Unwanted, unsolicited instant messages from someone you don’t know. Often sent in an attempt to sell you something or get you to reveal personal information.

To gain access to a system by masquerading as an authorized user.

Masquerading so that a trusted IP address is used instead of the true IP address. A technique used by hackers as a means of gaining access to a computer system.

Software that is secretly or surreptitiously installed onto an information system to gather information on individuals or organizations without their knowledge; a type of malicious code. Software that uses your Internet connection to send personally identifiable information about you to a collecting device on the Internet. It is often packaged with software that you download voluntarily, so that even if you remove the downloaded program later, the spyware may remain. See also Adware and Malware.

SSL (Secure Socket Layer)
An encryption system that protects the privacy of data exchanged by a website and the individual user. Used by websites whose URLs begin with https instead of http.

Statistical Process Control (SPC)
The use of statistical techniques to control the quality of a product or process.

Steady State
A characteristic of a condition, such as value, rate, periodicity, or amplitude, exhibiting only negligible change over an arbitrarily long period of time.

Supervisory Control
A term that is used to imply that the output of a controller or computer program is used as input to other controllers.

Supervisory Control and Data Acquisition (SCADA)
A generic name for a computerized system that is capable of gathering and processing data and applying operational controls over long distances. Typical uses include power transmission and distribution and pipeline systems. SCADA was designed for the unique communication challenges (e.g., delays, data integrity) posed by the various media that must be used, such as phone lines, microwave, and satellite. Usually shared rather than dedicated.


Technical Controls
The security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system.

Temperature Sensor
A sensor system that produces an electrical signal related to its temperature and, as a consequence, senses the temperature of its surrounding medium.

Any circumstance or event with the potential to adversely impact agency operations (including mission, functions, image, or reputation), agency assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Any item that has the potential to compromise the integrity, confidentiality and availability of data.

Tiger team
A group of professional security experts employed by a company to test the effectiveness of security by trying to break in.

Time bomb
A program that an intruder inserts into software. It triggers when a particular time is reached or an interval has elapsed.

Transmission Control Protocol (TCP)
TCP is one of the main protocols in TCP/IP networks. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent.

Trojan Horse
A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program. A computer program that appears to be beneficial or innocuous, but also has a hidden and potentially malicious function that evades security mechanisms. A “keystroke logger,” which records victims’ keystrokes and sends them to an attacker, or remote-controlled “zombie computers” are examples of the damage that can be done by Trojan horses. See also Electronic Infection.


Unauthorized Access
A person gains logical or physical access without permission to a network, system, application, data, or other resource.

Abbreviation for “Uniform (or Universal) Resource Locator.” A way of specifying the location of publicly available information on the Internet. Also known as a Web address.

URL Obfuscation
Taking advantage of human error, some scammers use phishing emails to guide recipients to fraudulent sites with names very similar to established sites. They use a slight misspelling or other subtle difference in the URL, such as “” instead of “” to redirect users to share their personal information unknowingly.


An in-line device in a fluid-flow system that can interrupt flow, regulate the rate of flow, or divert flow to another branch of the system.

Variable Frequency Drive (VFD)
A type of drive that controls the speed, but not the precise position, of a non-servo, AC motor by varying the frequency of the electricity going to that motor. VFDs are typically used for applications where speed and power are important, but precise positioning is not.

Virtual Private Network (VPN)
A restricted-use, logical (i.e., artificial or simulated) computer network that is constructed from the system resources of a relatively public, physical (i.e., real) network (such as the Internet), often by using encryption (located at hosts or gateways), and often by tunneling links of the virtual network across the real network.

A hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting (i.e., inserting a copy of itself into and becoming part of) another program. A virus cannot run by itself; it requires that its host program be run to make the virus active. A malicious computer program that needs assistance to spread.

Virus Definitions
Predefined signatures for known malware used by antivirus detection algorithms.

Soliciting private information from customers or members of a business, bank or other organization in an attempt to fool them into divulging confidential personal and financial information. People are lured into sharing user names, passwords, account information or credit card numbers, usually by an official-looking message in an email or a pop-up advertisement that urges them to act immediately—but in a vishing scam, they are urged to call the phone number provided rather than clicking on a link. See also Phishing.

A particular weakness in a company’s security policy, system design, installation or controls that an intruder can exploit. Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. A flaw that allows someone to operate a computer system with authorization levels in excess of that which the system owner specifically granted.

Vulnerability Assessment
A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system. Examples of systems for which vulnerability assessments are performed include, but are not limited to, information technology systems, energy supply systems, water supply systems, transportation systems, and communication systems. Such assessments may be conducted on behalf of a range of different organizations, from small businesses up to large regional infrastructures. A Vulnerability Assessment has many things in common with risk assessment and provides information on the flaws within the system that can be exploited along with recommendations on measures and processes to adopt or alter.


Whitelisting Software
A form of filtering that only allows connections to a pre-approved list of sites that are considered useful and appropriate for children. Parents sometimes use such software to prevent children from visiting all but certain websites. You can add and remove sites from the “permitted” list. This method is extremely safe, but allows for only extremely limited use of the Internet.

Wide Area Network (WAN)
A physical or logical network that provides data communications to a larger number of independent users than are usually served by a local area network (LAN) and that is usually spread over a larger geographic area than that of a LAN.

Wireless Device
A device that can connect to a manufacturing system via radio or infrared waves to typically collect/monitor data, but also in cases to modify control set points.

A computer used for tasks such as programming, engineering, and design.

A program that makes copies of itself on the network from one network disk drive to another or by copying itself using email or another transport mechanism, for example. A computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively. Originally an acronym for “Write once, read many times,” a type of electronic infection that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively. Once this malicious software is on a computer, it scans the network for another machine with a specific security vulnerability. When it finds one, it exploits the weakness to copy itself to the new machine, and then the worm starts replicating from there, as well. See also Electronic Infection and Blended Threat.




Zombie Computer
A remote-access Trojan horse installs hidden code that allows your computer to be controlled remotely. Digital thieves then use robot networks of thousands of zombie computers to carry out attacks on other people and cover up their tracks. Authorities have a harder time tracing criminals when they go through zombie computers.