Terminology

Definition: The process of verifying the identity or other attributes of an entity (user, process, or device).

Extended Definition: Also the process of verifying the source and integrity of data.

From: CNSSI 4009, NIST SP 800-21, NISTIR 7298

Definition: A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under remote the command and control of a remote administrator.

Extended Definition: A member of a larger collection of compromised computers known as a botnet.

Definition: A botnet is a group of computers or devices under the control of an attacker used to perform malicious activity against a targeted victim.

From: https://www.proofpoint.com/us/threat-reference

Definition: The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation.

Extended Definition: Strategy, policy, and standards regarding the security of and operations in cyberspace, and encompass[ing] the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure.

From: CNSSI 4009, NIST SP 800-53 Rev 4, NIPP, DHS National Preparedness Goal; White House Cyberspace Policy Review, May 2009

Definition: An unauthorized user who attempts to or gains access to an information system.

From: CNSSI 4009

Definition: A digital form of social engineering to deceive individuals into providing sensitive information.

From: NCSD Glossary, CNSSI 4009, NIST SP 800-63 Rev 1

Definition:  Smishing is a form of phishing in which an attacker uses a compelling text message to trick targeted recipients into clicking a link and sending the attacker private information or downloading malicious programs to a smartphone. 

From: https://www.proofpoint.com/us/threat-reference/smishing

Definition: The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.

From: CNSSI 4009

Definition: Faking the sending address of a transmission to gain illegal [unauthorized] entry into a secure system.

Extended Definition: The deliberate inducement of a user or resource to take incorrect action. Note: Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing.

From: CNSSI 4009

Definition: Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.

From: CNSSI 4009, NIST SP 800-53 Rev 4

Definition: A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer.

From: CNSSI 4009

Definition:  A scammer uses social engineering to get you to share personal information and financial details, such as account numbers and passwords using phone calls or voice messages to lure targets. The scammer might say your account has been compromised, claim to represent your bank or law enforcement, or offer to help you install software. Warning: It's probably malware.