access control mechanism Definition: Security measures designed to detect and deny unauthorized access and permit authorized access to an information system or a physical facility.

active attack Definition: An actual assault perpetrated by an intentional threat source that attempts to alter a system, its resources, its data or its operations.

advanced persistent threat(s) Definition: An adversary that possesses sophisticated levels of expertise and significant resources that allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical and deception). From: NIST SP 800-53 Rev 4.

antivirus software Definition: A program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents, sometimes by removing or neutralizing the malicious code.

API DefinitionAn application programming interface, which is a set of definitions of the ways one piece of computer software communicates with another. It is a method of achieving abstraction, usually (but not necessarily) between higher-level and lower-level software. —source

API analytics Definition: Rate limiting will be part of any API platform, without some sort of usage log and analytics showing developers where they stand, the rate limits will cause nothing but frustration. Clearly show developers where they are at with daily, weekly or monthly API usage and provide proper relief valves allowing them to scale their usage properly. —source

API Documentation Definition: Quality API documentation is the gateway to a successful API. API documentation needs to be complete, yet simple–a very difficult balance to achieve. This balance takes work and will take the work of more than one individual on an API development team to make happen. API documentation can be written by developers of the API, but additional edits should be made by developers who were not responsible for deploying the API. As a developer, it’s easy to overlook parameters and other details that developers have made assumptions about. —source

Application Library Definition: Complete, functioning applications built on an API is the end goal of any API owner. Make sure and showcase all applications that are built on an API using an application showcase or directory. App showcases are a great way to showcase not just applications built by the API owner, but also showcase the successful integrations of ecosystem partners and individual developers. —source

attack Definition: An attempt to gain unauthorized access to system services, resources or information or an attempt to compromise system integrity.

attack pattern Definition: Similar cyber events or behaviors that may indicate that an attack has occurred or is occurring, resulting in a security violation or a potential security violation.

attack signature Definition: A characteristic or distinctive pattern that can be searched for or that can be used in matching to previously identified attacks.

attack surface Definition: The set of ways in which an adversary can enter a system and potentially cause damage. Extended definition: An information system’s characteristics that permit an adversary to probe, attack, or maintain presence in the information system. Adapted from: Manadhata, P.K., & Wing, J.M. in Attack Surface Measurement,

authentication Definition: The process of verifying the identity or other attributes of an entity (user, process or device). Extended definition: Also the process of verifying the source and integrity of data.



basic auth Definition: a way for a web browser or application to provide credentials in the form of a username and password. Because Basic Auth is integrated into HTTP protocol it is the easiest way for users to authenticate with a RESTful API. Basic Auth is easily integrated, however if SSL is not used, the username and password are passed in plain text and can be easily intercepted on the open Internet.

botnet Definition: A collection of computers compromised by malicious code and controlled across a network.

Build Security Definition: A set of principles, practices and tools to design, develop and evolve information systems and software that enhance resistance to vulnerabilities, flaws and attacks.


capability Definition: The means to accomplish a mission, function or objective.

catalog Definition: A catalog is a collection of datasets or web services. —source

chief information officer Definition: Chief information officer (CIO), chief digital information officer (CDIO) is a job title commonly given to the most senior executive in an enterprise responsible for the information technology and computer systems that support enterprise goals. CIOs or CDIOs form a key part of any business that utilizes technology and data.

chief information security officer (CISO) is the senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.

cloud computing Definition: A model for enabling on- demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Computer Network Defense Analysis Definition: Where a person uses defensive measures and information collected from a variety of sources to identify, analyze and report events that occur or might occur within the network in order to protect information, information systems and networks from threats.

Content API Definition: A web service that provides dynamic access to the page content of a website, includes the title, body, and body elements of individual pages. Such an API often but not always functions atop a Content Management System. —source

critical infrastructure Definition: The systems and assets, whether physical or virtual, so vital to society that their incapacity or destruction may have a debilitating impact on the security, economy, public health or safety, environment or any combination of these matters.

CSV Definition: A comma separated values (CSV) file is a computer data file used for implementing the tried and true organizational tool, the Comma Separated List. The CSV file is used for the digital storage of data structured in a table of lists form. Each line in the CSV file corresponds to a row in the table. Within a line, fields are separated by commas, and each field belongs to one table column. CSV files are often used for moving tabular data between two different computer programs (like moving between a database program and a spreadsheet program). —source

CSW Definition: Catalog Service for the Web (CSW) is an API used by geospatial systems to provide metadata in open standards, including in the FGDC-endorsed ISO 19115 schema. The CSW-provided metadata can be mapped into the Project Open Data metadata schema. –source

cryptography Definition: The use of mathematical techniques to provide security services, such as confidentiality, data integrity, entity authentication, and data origin authentication.

cyber ecosystem Definition: The interconnected information infrastructure of interactions among persons, processes, data, and information and communications technologies, along with the environment and conditions that influence those interactions.

cybersecurity: Short definition: The “activity or process, ability or capability or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification or exploitation.” Extended definition: Strategy, policy and standards regarding the security of and operations in cyberspace, and encompass[ing] the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military and intelligence missions as they relate to the security and stability of the global information and communications infrastructure. Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4, NIPP, DHS National Preparedness Goal; White House Cyberspace Policy Review, May 2009.

cyberspace Definition: The electronic world created by interconnected networks of information technology and the information on those networks.


data Definition: A value or set of values representing a specific concept or concepts. Data become “information” when analyzed and possibly combined with other data in order to extract meaning, and to provide context. The meaning of data can vary depending on its context. Data includes all data. It includes, but is not limited to, 1) geospatial data 2) unstructured data, 3) structured data, etc. —source

data asset Definition: A collection of data elements or datasets that make sense to group together. Each community of interest identifies the Data Assets specific to supporting the needs of their respective mission or business functions. Notably, a Data Asset is a deliberately abstract concept. A given Data Asset may represent an entire database consisting of multiple distinct entity classes, or may represent a single entity class. –source

database Definition: A collection of data stored according to a schema and manipulated according to the rules set out in one Data Modelling Facility. —source

dataset Definition: A dataset is an organized collection of data. The most basic representation of a dataset is data elements presented in tabular form. Each column represents a particular variable. Each row corresponds to a given value of that column’s variable. A dataset may also present information in a variety of non-tabular formats, such as an extensible mark-up language (XML) file, a geospatial data file, or an image file, etc. —source

data mining Definition: The process or techniques used to analyze large sets of existing information to discover previously unrevealed patterns or correlations.

denial of service Definition: An attack that prevents or impairs the authorized use of information system resources or services.

/Developer page Definition: A hub for API discovery which provides a common location where an organization’s APIs and their associated documentation. Such a hub is often located at —source

digital forensics Definition: The processes and specialized techniques for gathering, retaining and analyzing system-related data (digital evidence) for investigative purposes.

digital rights management Definition: A form of access control technology to protect and manage use of digital content or devices in accordance with the content or device provider’s intentions.

distributed denial of service Definition: A denial of service technique that uses numerous systems to perform the attack simultaneously.


endpoint Definition: An association between a binding and a network address, specified by a URI, that may be used to communicate with an instance of a service. An end point indicates a specific location for accessing a service using a specific protocol and data format. —source

enterprise risk management Definition: A comprehensive approach to risk management that engages people, processes and systems across an organization to improve the quality of decision making for managing risks.

exploit Definition: A technique to breach the security of a network or information system in violation of security policy


firewall Definition: A capability to limit network traffic between networks and/or information systems.


GitHub is a social coding platform allowing developers to publicly or privately build code repositories and interact with other developers around these repositories–providing the ability to download or fork a repository, as well as contribute back, resulting in a collaborative environment for software development. —source


hacker Definition: An unauthorized user who attempts to gain or gains access to an information system.

hackathon Definition: An event in which computer programmers and others in the field of software development, like graphic designers, interface designers, project managers and computational philologists, collaborate intensively on software projects. Occasionally, there is a hardware component as well. Hackathons typically last between a day and a week in length. Some hackathons are intended simply for educational or social purposes, although in many cases the goal is to create usable software. Hackathons tend to have a specific focus, which can include the programming language used, the operating system, an application, an API, the subject, or the demographic group of the programmers. In other cases, there is no restriction on the type of software being created. —source


ICT supply chain threat Definition: A man-made threat achieved through exploitation of the information and communications technology (ICT) system’s supply chain, including acquisition processes.

information Definition: Information, as defined in OMB Circular A-130, means any communication or representation of knowledge such as facts, data, or opinions in any medium or form, including textual, numerical, graphic, cartographic, narrative, or audiovisual forms. —source

information life cycle, as defined in OMB Circular A-130, means the stages through which information passes, typically characterized as creation or collection, processing, dissemination, use, storage, and disposition. —source

information system, as defined in OMB Circular A-130, means a discrete set of information resources organized for the collection, processing, maintenance, transmission, and dissemination of information, in accordance with defined procedures, whether automated or manual. —source 

information system life cycle, as defined in OMB Circular A-130, means the phases through which an information system passes, typically characterized as initiation, development, operation, and termination. —source

inside(r) threat Definition: A person or group of per- sons within an organization who pose a potential risk through violating security policies. Extended definition: One or more individuals with the access and/or inside knowledge of a company, organization or enterprise that would allow them to exploit the vulnerabilities of that entity’s security, systems, services, products or facilities with the intent to cause harm.

integrated risk management Definition: The structured approach that enables an enterprise or organization to share risk information and risk analysis and to synchronize independent yet complementary risk management strategies to unify efforts across the enterprise.

intrusion Definition: An unauthorized act of bypassing the security mechanisms of a network or information system.

intrusion detection Definition: The process and methods for analyzing information from networks and information systems to determine whether a security breach or security violation has occurred.


keylogger Definition: Software or hardware that tracks keystrokes and keyboard events, usually surreptitiously/ secretly, to monitor actions by the user of an information system.


malicious code Definition: Program code intended to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity or availability of an information system.

malware Definition: Software that compromises the operation of a system by performing an unauthorized function or process.

metadata Definition: To facilitate common understanding, a number of characteristics, or attributes, of data are defined. These characteristics of data are known as “metadata”, that is, “data that describes data.” For any particular datum, the metadata may describe how the datum is represented, ranges of acceptable values, its relationship to other data, and how it should be labeled. Metadata also may provide other relevant information, such as the responsible steward, associated laws and regulations, and access management policy. Each of the types of data described above has a corresponding set of metadata. Two of the many metadata standards are the Dublin Core Metadata Initiative (DCMI) and Department of Defense Discovery Metadata Standard (DDMS). The metadata for structured data objects describes the structure, data elements, interrelationships, and other characteristics of information, including its creation, disposition, access and handling controls, formats, content, and context, as well as related audit trails. Metadata includes data element names (such as Organization Name, Address, etc.), their definition, and their format (numeric, date, text, etc.). In contrast, data is the actual data values such as the “US Patent and Trade Office” or the “Social Security Administration” for the metadata called “Organization Name”. Metadata may include metrics about an organization’s data including its data quality (accuracy, completeness, etc.). —source


network resilience Definition: The ability of a network to (1) provide continuous operation (i.e., highly resistant to disruption and able to operate in a degraded mode if damaged); (2) recover effectively if failure does occur; and (3) scale to meet rapid or unpredictable demands.

non-repudiation Definition: A property achieved through cryptographic methods to protect against an individual or entity falsely denying having performed a particular action related to data. Extended definition: Provides the capability to determine whether a given individual took a particular action, such as creating information, sending a message, approving information or receiving a message.


OAuth Definition: An open standard for authorization. It allows users to share their private resources stored on one site with another site without having to hand out their credentials, typically username and password. —source

Open Source Software Definition: Computer software that is available in source code form: the source code and certain other rights normally reserved for copyright holders are provided under an open-source license that permits users to study, change, improve and at times also to distribute the software. Open source software is very often developed in a public, collaborative manner. Open source software is the most prominent example of open source development and often compared to (technically defined) user-generated content or (legally defined) open content movements. —source

Open Standard Definition: A standard developed or adopted by voluntary consensus standards bodies, both domestic and international. These standards include provisions requiring that owners of relevant intellectual property have agreed to make that intellectual property available on a non-discriminatory, royalty-free or reasonable royalty basis to all interested parties. —source


passive attack Definition: An actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system but does not attempt to alter the system, its resources, its data or its operations.

phishing Definition: A digital form of social engineering to deceive individuals into providing sensitive information.


redundancy Definition: Additional or alternative systems, sub-systems, assets or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset or process.

resilience Definition: The ability to adapt to changing conditions and prepare for, withstand and rapidly recover from disruption.

Resource Description Framework – A family of specifications for a metadata model. The RDF family of specifications is maintained by the World Wide Web Consortium (W3C). The RDF metadata model is based upon the idea of making statements about resources in the form of a subject-predicate-object expression…and is a major component in what is proposed by the W3C’s Semantic Web activity: an evolutionary stage of the World Wide Web in which automated software can store, exchange, and utilize metadata about the vast resources of the Web, in turn enabling users to deal with those resources with greater efficiency and certainty. RDF’s simple data model and ability to model disparate, abstract concepts has also led to its increasing use in knowledge management applications unrelated to Semantic Web activity. —source

REST Definition: A style of software architecture for distributed systems such as the World Wide Web. REST has emerged as a predominant Web service design model. REST facilitates the transaction between web servers by allowing loose coupling between different services. REST is less strongly typed than its counterpart, SOAP. The REST language is based on the use of nouns and verbs, and has an emphasis on readability. Unlike SOAP, REST does not require XML parsing and does not require a message header to and from a service provider. This ultimately uses less bandwidth. —source

risk analysis Definition: The systematic examination of the components and characteristics of risk. Extended definition: The appraisal of the risks facing an entity, asset, system or network, organizational operations, individuals, geographic area, other organizations or society; includes determining the extent to which adverse circumstances or events could result in harmful consequences.

risk management Definition: The process of identifying, analyzing, assessing and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken. Extended definition: Includes (1) conducting a risk assessment; (2) implementing strategies to mitigate risks; (3) monitoring risk continuously over time; and (4) documenting the overall risk management program.


schema Definition: An XML schema defines the structure of an XML document. An XML schema defines things such as which data elements and attributes can appear in a document; how the data elements relate to one another; whether an element is empty or can include text; which types of data are allowed for specific data elements and attributes; and what the default and fixed values are for elements and attributes. A schema is also a description of the data represented within a database. The format of the description varies but includes a table layout for a relational database or an entity-relationship diagram. It is method for specifying constraints on XML documents. —source

Service Oriented Architecture Definition: Expresses a software architectural concept that defines the use of services to support the requirements of software users. In a SOA environment, nodes on a network make resources available to other participants in the network as independent services that the participants access in a standardized way. Most definitions of SOA identify the use of Web services (using SOAP and WSDL) in its implementation. However, one can implement SOA using any service-based technology with loose coupling among interacting software agents. —source

SOAP (Simple Object Access Protocol) is a message-based protocol based on XML for accessing services on the Web. It employs XML syntax to send text commands across the Internet using HTTP. SOAP is similar in purpose to the DCOM and CORBA distributed object systems, but is more lightweight and less programming-intensive. Because of its simple exchange mechanism, SOAP can also be used to implement a messaging system. —source

Software Development Kits (SDK) are the next step in providing code for developers, after basic code samples. SDKs are more complete code libraries that usually include authentication and production ready objects, that developers can use after they are more familiar with an API and are ready for integration. Just like with code samples, SDKs should be provided in as many common programming languages as possible. Code samples will help developers understand an API, while SDKs will actually facilitate their integration of an API into their application. When providing SDKs, consider a software licensing that gives your developers as much flexibility as possible in their commercial products. —source

spam Definition: The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.

spoofing Definition: Faking the sending address of a transmission to gain illegal (unauthorized) entry into a secure system.

spyware Definition: Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.

Supervisory Control and Data Acquisition (SCADA) Definition: A generic name for a computerized system that is capable of gathering and processing data and applying operational controls to geographically dispersed assets over long distances.

supply chain Definition: A system of organizations, people, activities, information and resources for creating and moving products, including product components and/or services from suppliers through to their customers.

supply chain risk management Definition: The process of identifying, analyzing and assessing supply chain risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.


threat Definition: A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations or society.

threat actor/agent Definition: An individual, group, organization or government that conducts or has the intent to conduct detrimental activities.

threat assessment Definition: The product or process of identifying or evaluating entities, actions or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations and/or property.

threat vector Definition: The means of introducing the threat to the target or the line of approach taken to actualize a threat.

Trojan horse Definition: A computer program that appears to have a useful function but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.


Unstructured Data Definition: Data that is more free-form, such as multimedia files, images, sound files, or unstructured text. Unstructured data does not necessarily follow any format or hierarchical sequence, nor does it follow any relational rules. Unstructured data refers to masses of (usually) computerized information which do not have a data structure which is easily readable by a machine. Examples of unstructured data may include audio, video and unstructured text such as the body of an email or word processor document. Data mining techniques are used to find patterns in, or otherwise interpret, this information. Merrill Lynch estimates that more than 85 percent of all business information exists as unstructured data – commonly appearing in e-mails, memos, notes from call centers and support operations, news, user groups, chats, reports, letters, surveys, white papers, marketing material, research, presentations, and Web pages (“The Problem with Unstructured Data.”) —source

unauthorized access Definition: Any access that violates the stated security policy.


virus Definition: A computer program that can replicate itself, infect a computer without permission or knowledge of the user and then spread or propagate to another computer.

vulnerability Definition: A characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard.


web service Definition: A Web service is a software system designed to support interoperable machine-to-machine interaction over a network. It has an interface described in a machine-processable format (specifically WSDL). Other systems interact with the Web service in a manner prescribed by its description using SOAP messages, typically conveyed using HTTP with an XML serialization in conjunction with other Web-related standards.—source

worm Definition: A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.


Zero-day exploit Definition: An attack exploiting an unrecognized vulnerability launched without warning and detected only once underway.

Derived from multiple sources.