Cyber Security Glossary

The Fraud Committee, convened by NEACH and tasked with combating issues related to fraud through the development of relevant content, consists of financial institution and business professionals across the financial sector. Their collective perspectives and experiences, augmented by industry research, shaped the content reflected in this glossary. A very sincere thank you to the volunteer members of this committee.

A

Acceptable Use Policy (AUP)

A document detailing limitations and practices that a user must agree to for access to a corporate network or the Internet. Businesses should require that employees sign an acceptable use policy before being granted a network ID.

Back to Top

Account Takeover

Form of identity fraud where a fraudster gains access to a victim’s accounts to initiate unauthorized transfers.

Back to Top

Administrative Safeguards (aka Administrative Controls)

Administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected information and to manage the conduct of the covered entity’s workforce in relation to the protection of that information.

Back to Top

Annual Loss Expectancy (ALE)

A total dollar amount that is assigned to a specific threat type, multiplied by the annual rate of expected occurrence. Also see Single Loss Expectancy

Back to Top

Theme picker

B

Bot

A software program that can execute commands, reply messages, or perform routine tasks either automatically or with minimal human intervention (often used in combination). “Bad” Bots are sophisticated programs designed to mimic human behavior to thwart security protocols during fraud and/or cyber attacks.

Back to Top

Botnet

A network of private computers infected with malicious software and controlled as a group without the owners' knowledge, e.g., to send spam messages or commit a DDoS attack.

Back to Top

Bring Your Own Device (BYOD)

Trend of employees using their personal devices for work purposes. The device referred to could be a laptop, smartphone, tablet, portable hard drive or any consumer piece of information technology. Some businesses do not allow this practice due to the risks.

Back to Top

Browser

An application software for accessing the World Wide Web. When a user requests a web page from a particular website, the web browser retrieves the necessary content from a web server and then displays the page on the user's device.

Back to Top

Brute Force

A password guessing attack which utilizes a trial and error method for an unauthorized user to gain control of an account. Enforcement of an account lockout policy tends to thwart this type of attack.

Back to Top

Theme picker

C

Clickjacking (aka Click-Jacking)

A hacking attack that tricks victims into clicking on an unintended link or button, usually disguised as something harmless.

Back to Top

Cloud Computing (aka Cloud)

Rather than keeping files on a proprietary hard drive or local storage device, cloud-based storage makes it possible to save them to a remote database. If an electronic device has access to the web, it has access to the data and the software programs to run it. Cloud computing can be both public and private.

Back to Top

Controls

The ability to manage, organize, or run something on a computer. When working with a computer a user controls the computer using input devices such as a keyboard, mouse, joystick, and gamepads. Also see Security Controls.

Back to Top

Credential Reuse

The act of sharing passwords across multiple personal and business accounts. This practice tends to lead to wide-scale account takeover attempts after a data breach occurs.

Back to Top

Critical Security Controls

A recommended set of actions for cyber defense that provide specific and actionable ways to stop today's most pervasive and dangerous attacks.

Back to Top

Cybersecurity Maturity Assessment (CSMA)

A gap analysis and risk assessment that utilizes cybersecurity best practices and recognized cyber frameworks to test the effectiveness of an organization’s cybersecurity program.  

Back to Top

Theme picker

D

Data Breach

The intentional or unintentional release of secure or private/confidential information to an untrusted environment. Other terms for this phenomenon include unintentional information disclosure, data leak, information leakage and data spill. Data Breach is often used to define an intentional act / theft of private data.

Back to Top

Data Privacy (Information Privacy)

An area of data protection that concerns the proper handling of sensitive data including, notably, personal data but also other confidential data such as certain financial data and intellectual property data, to meet regulatory requirements as well as protecting the confidentiality and immutability of the data.

Back to Top

Deep Fake

An audio or video clip that has been edited and manipulated to seem real or believable. The most dangerous consequence is that they can sometimes convince people into believing a certain story or theory that may result in a desired user-behavior. Typically created for political or financial gain.

Back to Top

Denial of Service (DoS)

Any type of attack where the attackers (hackers) attempt to prevent legitimate users from accessing a service. In a DoS attack, the attacker usually sends excessive messages asking the network or server to authenticate requests that have invalid return addresses, thereby tying up the service so legitimate users cannot access it

Back to Top

Distributed Denial of Service (DDoS)

Attack where multiple compromised computer systems attack a target, such as a server, website or other network resource, and cause a denial of service for users of the targeted resource. The flood of incoming messages, connection requests, etc. sent to the target system forces it to slow down or even crash and shut down, thereby denying service to legitimate users or systems.

Back to Top

Domain

A domain contains a group of computers that can be accessed and administered with a common set of rules. For example, a company may require all local computers to be networked within the same domain so that each computer can be seen from other computers within the domain or located from a central server. On the Internet, a domain is controlled by one particular company that has its own Internet presence and IP address.

Back to Top

Domain Name System (DNS)

The internet's system for converting alphabetic names into numeric IP addresses. For example, when a Web address (URL) is typed into a browser, DNS servers return the IP address of the Web server associated with that name. 

Back to Top

Theme picker

E

Encryption

The process of encoding information. Information or data is converted into a code to prevent unauthorized access.

Back to Top

Exploit

A piece of software that takes advantage of a flaw (i.e. unpatched software) to compromise a computer system or network. Also see Zero Day Exploit

Back to Top

Theme picker

F

Firewall

Part of a computer system or network designed to block unauthorized access while permitting outward communication. A network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules.

Back to Top

Theme picker

G

General Data Protection Regulation (GDPR)

EU legislation that is designed to safeguard the personal information of individuals within the EU. Establishes principles for data management and the rights of the individual, while also imposing fines for non-compliance. The GDPR covers all companies world-wide that deal with data of EU citizens.  

Back to Top

Theme picker

H

Honeypot

A trap for hackers; a sacrificial computer system that is intended to attract cyberattacks, like a decoy. It mimics a target for hackers and uses their intrusion attempts to gain information about cybercriminals and the way they are operating or to distract them from other targets.

Back to Top

Theme picker

I

Information Privacy
Information Security (InfoSec)

Protocols designed to protect against unauthorized use of information, especially electronic data. Controls and practice of protecting information by mitigating threats.

Back to Top

Inherent Risk

Category of threat that describes potential losses or pitfalls that exist before internal security controls or mitigating factors are implemented. Ex: Without proper controls, Online Banking has an inherent risk of account takeover.

Back to Top

Internet Protocol (IP) Address

A unique string of characters that identifies each computer using the Internet Protocol to communicate over a network.

Back to Top

Theme picker

J

Theme picker

K

Keylogger

A computer program that records every keystroke made by a computer user, used most often to gain access to passwords and other confidential information for fraudulent purposes.

Back to Top

Theme picker

L

Likelihood

The condition of being likely or probable. Also see Inherent Risk. ​

Back to Top

Theme picker

M

Malicious Software (Malware)

Malware is software designed to cause harm to a computer and user. Some forms of malware “spy” on user Internet traffic. Examples of Malware include worms, viruses, spyware, and adware.

Back to Top

Man-in-the-Browser (MITB, MitB, MIB, MiB)

A type of Man-in-the-Middle attack specifically involving a browser infected with some type of proxy malware. This malware allows an attacker to intercept or modify information sent from a user’s browser to a server and works regardless of the existence of a two or three-step authentication system for a web application. Such attacks are often carried out to steal financial information by intercepting a user’s traffic to a banking site. Users who are under such an attack are rarely able to tell as are the web applications he or she is interacting with. The Zeus Trojan is an example of malware that possesses MITB attack capabilities.

Back to Top

Man-in-the-Middle (MITM, MitM, MIM, MiM)

Form of eavesdropping where communication between two users is monitored and modified by an unauthorized party. Think of an online banking user trying to access their account, yet a third-party (fraudster) is monitoring or even intercepting the communications between the Institution and account holder.  

Back to Top

Theme picker

N

Theme picker

O

Operating System

System software that manages computer hardware, software resources, and provides common services for computer programs. Manages the computer's memory and processes, as well as all its software and hardware. It also allows you to communicate with the computer without knowing how to speak the computer's language.

Back to Top

Theme picker

P

Patch

A software update comprised code inserted (or patched) into the code of a program. Typically, a patch is installed into an existing software program. Patches are often temporary fixes between full releases of a software package. Patches include addressing software stability issues, fixing or eliminating a software bug, addressing a security vulnerability, etc.

Back to Top

Penetration Test (Pen-Test or Ethical Hacking)

An authorized, simulated cyberattack on a computer system, performed to evaluate the security of the system. Not to be confused with a vulnerability assessment.

Back to Top

Phishing

Scam by which an Internet user is duped (i.e. by a deceptive e-mail message, text, etc.) into revealing personal or confidential information which the scammer can use for fraud including Account Takeover. Disguised as an electronic communication from a trustworthy entity, Phishing can also be a method to deliver malware. Also see Spear Phishing.

Back to Top

Theme picker

Q

Theme picker

R

Ransomware

Type of malware program that infects, locks, or takes control of a system and demands ransom to undo it. Ransomware attacks a computer with the intention of extorting money from its owner. This type of attack typically encrypts all of a user’s documents in the hopes that the affected individual will pay the attacker a fee for the password to decrypt the files. There is no guarantee that the bad actor will provide the method to decrypt the files, nor any guarantee that the infection is removed.

Back to Top

Residual Risk

The amount of risk (or danger) associated with an action or event remaining after inherent risks have been reduced by controls.

Back to Top

Rootkit

A type of malware designed to remain hidden on your computer. Rootkits give cybercriminals the ability to remotely control your computer. Rootkits can contain a number of tools, ranging from programs that allow hackers to steal your passwords to modules that make it easy for them to steal your credit card or online banking information. Rootkits can also give hackers the ability to subvert or disable security software and track the keys you tap on your keyword, making it easy for criminals to steal your personal information.

Back to Top

Theme picker

S

Security Controls

Safeguards or countermeasures to avoid, detect, counteract, and/or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the confidentiality, integrity and availability of information.

Back to Top

Security Risk

Anything on your computer that may damage or steal your data or allow someone else to access your computer without your knowledge or consent. Malware is a serious Security Risk.

Back to Top

Single Loss Expectancy (SLE)

A dollar amount that is assigned to a single event that represents the organization’s potential loss should a specific threat take place. Also see Annual Loss Expectancy

Back to Top

Social Engineering

The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. Bad actors may target consumers to collect account credentials or PII, or businesses to gain unauthorized access to accounts.

Back to Top

Spear Phishing

A Phishing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information. Spear phishing is often harder to identify as fraudsters researched the intended target and use true information to convince the recipient the message is legitimate.

Back to Top

SpyEye

A malware program that attacks users running certain operating systems or using vulnerable browsers. This malware uses keystroke logging and form grabbing to steal user credentials for malicious use. Also see Spyware.

Back to Top

Spyware

Software that is installed on a computer without the user's knowledge that collects and transmits information about the user's activities to a third-party. Spyware can refer to legitimate software that monitors your data for commercial purposes like advertising. However, malicious spyware is explicitly used to profit from stolen data.

Back to Top

Structured Query Language (SQL) Injection Attack

A form of attack on a database-driven Web site where the attacker executes unauthorized commands by taking advantage of a vulnerability. SQL injection attacks are used to steal information from a database from which the data would normally not be available and/or to gain access to an organization's host computers through the computer that is hosting the database.

Back to Top

Theme picker

T

Trojan Horse

A program that appears harmless but is in fact malicious. It is a standalone malicious file or program that does not attempt to inject itself into other files (unlike a computer virus) and often masquerades as a legitimate file or program to evade detection.

Back to Top

Theme picker

U

Theme picker

V

Virtual Private Network (VPN)

An encrypted connection over the Internet from a device to a network. The encrypted connection helps ensure that sensitive data is transmitted securely. Prevents unauthorized people from eavesdropping on the traffic and allows the user to conduct work remotely. VPN technology is widely used in corporate environments.

Back to Top

Virus

Very similar to a flu virus in that it is designed to spread from host to host with the ability to replicate itself (i.e. infect others). A type of malicious code or program written to alter the way a computer operates and/or steal information.

Back to Top

Vishing

Form of Phishing, the scammer (impersonating a legitimate business) uses the phone to trick potential victims into surrendering private information that will be used for identity theft or fraud. Vishing attacks can also target employees where the attacker is attempting to gain access to an organization’s network.   

Back to Top

Vulnerability Assessment

The process of identifying risks and vulnerabilities in computer networks, systems, hardware, applications, and other parts of the IT ecosystem. Vulnerability assessments provide security teams and other stakeholders with the information they need to analyze and prioritize risks for potential remediation in the proper context.

Back to Top

Theme picker

W

Whaling

A form of Phishing, targets are high-ranking officials, executives, or others in powerful positions within an organization. Similar to Spear Phishing, this is often difficult to detect as fraudsters research the intended target and these communications often do not possess common traits of a simple Phishing email.

Back to Top

Worm (Computer Worm)

A standalone malware computer program that replicates itself to spread to other computers or programs (such as email). It often uses a computer network to spread itself, relying on security failures on the target computer.

Back to Top

Theme picker

X

Theme picker

Y

Theme picker

Z

Zero Day Exploit

A malicious computer attack that takes advantage of a security hole before the vulnerability is known to the public. May involve viruses, trojan horses, worms or other malicious code that can be run within a vulnerable software program. 

Back to Top

Theme picker