A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A

Affidavit - a sworn statement a person makes outside of the court before a notary or officer of the court asserting that certain facts are true

Analysis - Process in which information is turned into intelligence; systematic examination of information to identify significant facts, make judgments, and draw conclusions; interpreting incomplete information to provide insights, often under uncertainty

Analysis of Alternatives - systematic evaluation of differing hypotheses to explain events or phenomena (See ICD 203, Standard 4)

Analytic Tradecraft - practiced skill of applying learned techniques and methodology appropriate to an issue to mitigate bias, gain insight, and provide persuasive understanding of the issue to decisionmakers (See ICD 203)

Assumption - unexamined belief accepted as true, without proof

Attribution - process of assigning an observed behavior or activity to a group or individual based on an analysis of digital signatures and forensic artifacts

• Non-Attribution - an activity or event that cannot be attributed because no digital signatures, forensic artifacts, or other evidence of the activity persists
• Misattribution - the act of causing an activity or event to be attributed to a specific group or individual other than that which carried it out
• Managed Attribution- the holistic and deliberate act of curating digital signatures and forensic artifacts to project a desired image online 

B

Bias - unconscious, systemic deviations from rationality; a preference or inclination that inhibits impartial judgment; a prejudice; a tendency to believe or support a particular perspective

BLUF - Bottom Line Up Front; statement at beginning of a document or report that summarizes the main idea and conclusions; n analytic intelligence products, it conveys the primary assessment, including a “what” and a “so what”, confidence, likelihood, and timeliness

Business Email Compromise (BEC) - cyber fraud scheme in which criminals gain access to legitimate business or personal email accounts—through spoofing, social engineering, or technical intrusion—to deceive victims into sending money or sensitive data, often by manipulating trusted financial or operational workflows

C

Collection - process of gathering data or information to be integrated into the intelligence cycle

Collection Plan - systematic process of gathering data or information from all available sources to answer key intelligence questions, address requirements, and fill intelligence gaps

D

Dark Web/Darknet - encrypted, unindexed, private networks requiring special software to access; intentionally hidden to provide anonymity for both users and services; hosts a mix of criminal marketplaces and legitimate privacy‑seeking activity. *Note: definition provided includes the most commonly used elements

Digital Footprint - (colloquial) unique trail of data a person or business creates when using the internet

Dissemination - delivery of intelligence to decisionmakers (See Intelligence Cycle)

E

Encryption - the cryptographic transformation of data into a form that ensures the confidentiality of the original data

Ethical Hacking - the use of hacking techniques to find and fix vulnerabilities within a system, network, or application. Ethical hackers may engage in a broad range of activities, to include reverse engineering, malware analysis, social engineering, etc. *Note: often used interchangeably with pentesting

Exploit - code or technique that takes advantage of a vulnerability

Exploitation - transforming and organizing information into a usable form for analysis

G

Geographical Intelligence (GEOINT) - use of imagery and geospatial information to describe and depict features, activities, and locations on Earth, helping users visualize what happened at a particular time and place

H

Hacker - a person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular

Hacking - the act of manipulating a system in a way not intended by the creator of that system to discover its hidden logic

Human Intelligence (HUMINT) - intelligence gathering through the use of human sources and interpersonal relations, can be overt or covert

I

ICD 203 - United States Intelligence Community Directive establishing analytic standards for the production and evaluation of intelligence products

Imagery Intelligence (IMINT) - the use of satellite imagery, photographs, and other images to collect information

Indicators & Warnings - observable actions, conditions, or behaviors that signal potential occurrence of particular events, developing threats, or shifts in situations; information which suggests a certain event or activity is likely or about to take place

Insider Threat - potential for an insider to use authorized access or information about an organization to cause harm to the organization; perceived threat to an organization that comes from individuals within the organization; can be intentional or unintentional

Intelligence - information that has been analyzed to assess its relevance, reliability, and timeliness to provide actionable insights for decisionmakers; or, the systematic collection, processing, and analysis of information to provide decisionmakers with timely, reliable, and actionable insights

Intelligence Cycle - framework and systematic process used by intelligence analysts to develop raw information and data into finished intelligence. Ravenwood’s six step process consists of Requirements, Planning & Direction, Collection, Processing & Exploitation, Analysis & Production, and Dissemination, plus Evaluation & Feedback throughout the process.

Internet of Things (IoT) - network of physical devices, vehicles, appliances, and other physical objects embedded with sensors, software, and technologies enabling them to connect, exchange data, and act on information over the internet without direct human intervention

K

Key Assumptions Checks - a diagnostic structured analytic technique used to identify, evaluate, and challenge the key working assumptions supporting the basic analysis

L

Least Intrusive Means - doctrine or legal principle that protects an individual’s rights during investigations by requiring the government exhaust less invasive investigatory methods and means before resorting to more intrusive actions or seeking sensitive information; minimizes the interference on individual rights and privacy during legal investigations; *Note: exceptions exist in certain operational circumstances

M

Mindset - set of beliefs and attitudes that shape how individuals perceive information; mental models or cognitive patterns

N

National Security - ability of a nation to protect and defend its citizens; measures and strategies used by a nation to protect its citizens

O

Open Source Intelligence (OSINT) - collection and analysis of publicly available information 

Operational Security (OPSEC) - process used to identify and protect sensitive information that could be exploited by threat actors

P

Penetration Testing (Pentesting) - the authorized execution of real-world computer network attack methodologies to find and verify vulnerabilities under controlled circumstances; involves safe, professional exploitation of identified flaws according to a carefully designed scope and rules of engagement to determine business risk and potential impact, with the goal of helping an organization improve security practices

Personally Identifiable information (PII) - any data or information that can be used to distinguish or trace an individual’s identity

Probable Cause - the facts and circumstances within an officer’s knowledge that would lead a reasonable person to believe a crime has been committed (for an arrest) or that evidence of a crime is present in a specific location (for a search); more than a bare suspicion, but less than evidence that would justify a conviction 

Production - as used in the intelligence cycle: the formal process of compiling intelligence into products suitable for a decisionmaker’s needs; includes written reports, verbal briefings, interactive online resources, etc.

R

Reasonable Suspicion - a particularized and objective basis, supported by specific and articulable facts, for suspecting a person of criminal activity; more than an unparticularized hunch, but less than the level of certainty required for probable cause

Red Teams - the use of teams to test the effectiveness of an entire security program by emulating real-world attacker TTPs using many of the same tools as pentesters, but red teams are designed to test detection and response capabilities. *Note: red teams focus on testing people; pentesters focus on testing technology

Relevance - having some value or tendency to prove a matter of fact significant to the case, Federal Rule of Evidence 401 states that “evidence is relevant if: (a) it has any tendency to make a fact more or less probable than it would be without the evidence; and (b) the fact is of consequence in determining the action”

Risk - measure of the extent to which an entity is threatened by a potential event or circumstance; potential for loss or damage; often calculated as: risk = likelihood * impact

Risk Assessment - process of identifying, analyzing, and evaluating risks to operations, individuals, organizations, or events, determining the probability of occurrence, the impact, and mitigation measures

S

Search Warrant - written order by a judge or magistrate authorizing law enforcement to conduct a search of a person or a specific place and to seize evidence; requires probable cause

Security Audit - independent review and examination of an organization’s systems to ensure policies, procedures, and security controls are in place and properly implemented following a fixed standard

Signals Intelligence (SIGINT) - intelligence derived from the collection, processing, and analysis of electronic signals, communications, and information systems, including phone calls and emails

Structured Analytic Techniques (SATs) - systematic methods of organizing and evaluating information to help challenge judgements, identify mental mindsets, stimulate creativity, and manage uncertainty

Subpoena - legal, written order to compel an individual to give testimony on a particular subject at a specific time and place, or to provide documents or other tangible objects

• Subpoena duces tecum - subpoena ordering the production of specific documents or records
• Subpoena ad testificandum - subpoena ordering a witness to appear and give testimony

T

Threat Actor - individuals or groups who act with malicious intent 

V

Vulnerability - weakness in a system, security procedure, internal control, or implementation that could be exploited or triggered by a threat source

Vulnerability Assessment - focus on finding, quantifying, and ranking vulnerabilities without regard for exploitation