# Glossary **Asymmetric ciphers**: Alternatively named public-key ciphers, use two keys, one for encryption and another for decryption. **CFAA**: Computer Fraud and Abuse Act. Cipher: An algorithm that performs encryption/decryption. Sometimes, the term cryptosystem is used instead of cipher. There are two types of ciphers depending on the use of keys: symmetric and asymmetric. **Cryptanalysis**: A study of techniques for “cracking” encryption ciphers, i.e., attacks on cryptosystems. **Encryption**: A process of transforming simple text/data, called plaintext, into unintelligible form, named as ciphertext. Decryption is the inverse process of encryption. **Hashing algorithms**: Involves taking an input of any length and outputting a fixed-length string, called a hash. Which can be used, for example, as signatures or for data-integrity purposes. **ISO 22301**: The international standard for Business Continuity Management Systems (BCMS). It provides a framework for organizations to plan, establish, implement, operate, monitor, review, maintain, and continually improve a documented management system to protect against, reduce the likelihood of, and ensure recovery from disruptive incidents. **ISO/IEC 27001**: An information security standard. It specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). ISO/IEC 27001 was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, with revisions in 2013 and 2022. **Key**: A secret string of characters or symbols that is used for the encryption/decryption of plaintext/ciphertext. **NIST Cybersecurity Framework (CSF)**: A set of voluntary guidelines developed by the U.S. National Institute of Standards and Technology (NIST) designed to help organizations assess and improve their ability to prevent, detect, and respond to cybersecurity risks. **NIST Special Publication 800-37 Rev2** (Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy): A risk management framework for information systems developed by the Joint Task Force Transformation Initiative Working Group. **NIST SP 800-115:** A technical guide to information security testing and assessment by the National Institute of Standards and Technology (NIST). **PCI DSS:** The Payment Card Industry Data Security Standard ensures secure handling of credit card data. **PIPEDA (2000):** Canada’s Private Sector Privacy Law. The Personal Information Protection and Electronic Documents Act applies to private-sector organizations handling personal data. **Privacy Act (1983):** Applies to Canadian federal government institutions and regulates how they collect, use, and disclose personal information. **SSAE 16** (Statement on Standards for Attestation Engagements no. 16): An auditing standard for service organizations, produced by the American Institute of Certified Public Accountants (AICPA) Auditing Standards Board, which supersedes Statement on Auditing Standards no. 70 and has been superseded by SSAE No. 18. **Symmetric ciphers**: Also referred as secret-key ciphers, use the same key for encryption and decryption. Symmetric cryptosystems are divided into two groups: block and stream ciphers. In block ciphers, operations of encryption/decryption are performed on blocks of bits or bytes, whereas stream ciphers operate on individual bits/bytes. **Threat Vector**: The method used to deliver the attack (e.g., phishing emails for credential theft). --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://dti-techs.gitbook.io/practical-foundations-in-cybersecurity/7.-conclusion/glossary.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.