Miami Cybersecurity Terminology and Definitions
Cybersecurity carries a dense vocabulary drawn from technical standards, federal regulation, and field practice — and that vocabulary shifts meaning depending on context. This page defines the terms most relevant to organizations operating in Miami's regulatory and business environment, from federally mandated definitions to street-level practitioner shorthand. Understanding precise definitions matters because misapplied terminology drives misconfigured controls, failed audits, and legal exposure. Readers seeking broader context can visit the Miami Cybersecurity Authority index for an orientation to how these definitions fit within the local threat and compliance landscape.
Regulatory terminology
Federal agencies and standards bodies publish formal definitions that carry legal or compliance weight. Organizations in Miami — particularly those in finance, healthcare, and critical infrastructure — must use these definitions as authoritative baselines, not the informal versions circulating in trade press.
Information System — The National Institute of Standards and Technology (NIST) defines this in NIST SP 800-53, Rev. 5 as "a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information." This definition governs scope determinations under the Federal Information Security Modernization Act (FISMA, 44 U.S.C. § 3551 et seq.).
Controlled Unclassified Information (CUI) — Defined by the National Archives and Records Administration (NARA) under 32 C.F.R. Part 2002 as information the government creates or possesses that requires safeguarding per law, regulation, or policy, but is not classified. Miami-area defense contractors and federal subcontractors handling CUI must satisfy NIST SP 800-171 controls.
Protected Health Information (PHI) — The Department of Health and Human Services (HHS) defines PHI under 45 C.F.R. § 160.103 as individually identifiable health information transmitted or maintained in any form. Miami's large hospital networks and over 4,500 licensed healthcare providers in Miami-Dade County fall under HIPAA's Security Rule whenever they process electronic PHI (ePHI).
Breach — Under the FTC Safeguards Rule (16 C.F.R. Part 314), a breach is unauthorized acquisition of unencrypted customer financial information. HHS uses a slightly different formulation under HIPAA: unauthorized acquisition, access, use, or disclosure of PHI that compromises security or privacy. The distinction matters operationally — a HIPAA breach can occur without any data leaving the organization.
The regulatory context for Miami cybersecurity page maps which of these federal frameworks applies to specific industry sectors active in the metro area.
Terms practitioners use
Below the regulatory layer sits the working vocabulary that security teams use daily. These terms are not always standardized but carry consistent meaning within professional communities.
Threat Actor — Any individual, group, or nation-state with intent and capability to cause harm to an information system. The Cybersecurity and Infrastructure Security Agency (CISA) categorizes threat actors by motivation: financial, ideological, state-sponsored, and insider.
Attack Surface — The aggregate of all points where an unauthorized user can attempt to enter or extract data from an environment. Expanding remote work and cloud adoption in Miami's financial sector has measurably enlarged attack surfaces for organizations that once relied on perimeter-only controls.
Zero-Day Vulnerability — A software flaw unknown to the vendor at the time of exploitation. The term "zero-day" refers to the zero days the vendor has had to patch the flaw. The National Vulnerability Database (NVD) maintained by NIST tracks publicly disclosed vulnerabilities using the Common Vulnerabilities and Exposures (CVE) numbering system.
Lateral Movement — Post-intrusion techniques used by attackers to progressively move through a network, escalating privileges and accessing additional systems. The MITRE ATT&CK framework (attack.mitre.org) documents lateral movement as a distinct tactic category with 9 documented techniques as of its Enterprise matrix.
Threat Intelligence — Contextualized, analyzed information about adversaries and their tactics. Distinguished from raw threat data by the addition of analysis, relevance scoring, and actionability. The conceptual overview of Miami cybersecurity explains how threat intelligence integrates into local incident response workflows.
Common confusions and distinctions
Vulnerability vs. Threat vs. Risk
These three terms are frequently conflated but represent distinct concepts in frameworks like NIST SP 800-30:
- Vulnerability — A weakness in a system, process, or control that could be exploited.
- Threat — A potential event or actor capable of exploiting a vulnerability.
- Risk — The likelihood that a threat will exploit a vulnerability, multiplied by the resulting impact.
Risk = (Threat × Vulnerability) / Controls is a simplified but widely used formulation. An unpatched server (vulnerability) facing active ransomware campaigns (threat) in an uninsured organization represents high risk; the same server behind mature compensating controls represents lower risk.
Authentication vs. Authorization
Authentication confirms identity — proving a user is who they claim to be. Authorization determines what that confirmed identity is permitted to do. A credential stuffing attack defeats authentication; a misconfigured access control list defeats authorization. Both failures appear in the process framework for Miami cybersecurity, where access management phases address each separately.
Encryption at Rest vs. Encryption in Transit
Encryption at rest protects stored data on disks, databases, or backup media. Encryption in transit protects data moving across networks using protocols like TLS 1.2 or 1.3. HIPAA's Security Rule requires both for ePHI, but organizations sometimes implement only one layer, creating an exploitable gap.
Acronyms and abbreviations
| Acronym | Full Term | Governing Source |
|---|---|---|
| CISA | Cybersecurity and Infrastructure Security Agency | DHS, established under 6 U.S.C. § 651 |
| NIST | National Institute of Standards and Technology | U.S. Department of Commerce |
| CVE | Common Vulnerabilities and Exposures | MITRE Corporation |
| CVSS | Common Vulnerability Scoring System | FIRST.org |
| SOC | Security Operations Center | Industry standard; no single governing body |
| MFA | Multi-Factor Authentication | NIST SP 800-63B defines assurance levels |
| EDR | Endpoint Detection and Response | Industry classification |
| SIEM | Security Information and Event Management | Industry classification |
| PHI | Protected Health Information | 45 C.F.R. § 160.103 (HHS) |
| CUI | Controlled Unclassified Information | 32 C.F.R. Part 2002 (NARA) |
| PII | Personally Identifiable Information | NIST SP 800-122 definition |
| TLP | Traffic Light Protocol | FIRST.org standard for information sharing |
| IOC | Indicator of Compromise | Practitioner term; referenced in CISA advisories |
Scope and coverage limitations
The terminology defined on this page reflects definitions as applied within Miami-Dade County and the broader Miami metropolitan area, under federal frameworks that govern U.S.-domiciled organizations. State-level obligations derive from Florida Statutes Chapter 501 (Florida's data breach notification law) and Chapter 282 (state agency cybersecurity), which apply specifically to entities operating under Florida jurisdiction.
This page does not address: cybersecurity law in other U.S. states, international frameworks such as the EU's NIS2 Directive or ISO/IEC 27001 (except where Miami-based multinationals face cross-border obligations), or classified national security definitions outside publicly available NIST and NARA publications. Organizations with operations in Broward, Palm Beach, or Monroe counties should verify whether county-specific ordinances create additional terminology obligations not covered here. The Miami Cybersecurity in local context page addresses jurisdictional boundaries in greater operational detail.