BCA 	Bureau of Criminal Apprehension - A Division of the Minnesota Department of Public Safety.
BCA ISO 	A CJIS Information Security Officer (ISO) is a BCA employee who, in addition to the responsibilities described in the CJIS Security Policy, <a href="https://dps.mn.gov/divisions/bca/bca-divisions/mnjis/Documents/MNJIS-5002-CJDN-Network-Security-Policy.pdf">has responsibilities for CJI security</a>.
Business Email Compromise 	Business Email Compromise - Scams targeting organizations, government and other, who conduct wire transfers or electronic payments. The scheme leverages email accounts, either spoofed or compromised, of executives or high-level employees involved with wire transfer payments to do fraudulent transfers. 
Business email compromise 	A business email compromise is a scam that targets organizations, governments, and others who make wire transfers or electronic payments. Scammers use fake or hacked email accounts of executives or important employees to trick people into making fraudulent transfers.
CISA	Cybersecurity and Infrastructure Security Agency (CISA) is the operational lead for federal cybersecurity and the national coordinator for critical infrastructure security and resilience.
CJI 	Criminal Justice Information
CJIS	Criminal Justice Information System
CMS 	Center for Medicare and Medicade Services
Cyber Navigators 	Cyber Navigators lead communication efforts with eligible partner entities interested in Minnesota's whole-of-state cybersecurity services. Cyber Navigators meet with interested organizations to explain the grant program, gather necessary information, and provide the work order along with the tools and services needed.
Compromised account/password 	When a bad actor gains access to someone's account by stealing their password or login credentials. 
Data Breach 	When a bad actor gains access to someone's account by stealing their password or login credentials. 
Defacement 	An attack where a bad actor alters the appearance of a website, usually to spread a message or cause embarrassment.
Denial of Service (DoS) 	When a bad actor overwhelms a website or online service with so much traffic that it becomes unavailable to users.
ISAC	An Information Sharing and Analysis Center (ISAC) collects, analyzes, and disseminates actionable threat information to members and provides them with tools to mitigate risks and improve resiliency. Minnesota participates in the Multi-State Information Sharing and Analysis Center (MS-ISAC) and Election Infrastructure Information Sharing and Analysis Center (EI-ISAC).
EI 	Election Information
FBI 	Federal Bureau of Investigation
FBI-IC3 	The Internet Crime Complaint Center (IC3) is the nation's central hub for reporting cyber crime. It is run by the FBI, the lead federal agency for investigating cyber crime.
FI 	Financial Information
Government Contractor/Vendor 	An individual or entity that performs work for or on behalf of a public agency on a contract basis with access to or hosting of the public agency's network, systems, applications, or information.
Inadvertent data exposure/release 	An accidental exposure of sensitive information, often due to human error. 
Malware 	Malicious software that can damage or disrupt computers or networks, or steal information.
MFA 	 Multi-factor authentication (MFA) is a security process that requires more than one step to log into an account. Users must provide two or more verification factors: something they know, something they have, something they are. For example, along with the password, users might enter a code sent to their email, answer a secret question, or scan a fingerprint. This helps prevent unauthorized account access if a system password has been compromised.
MITM attack 	A Man-in-the-Middle attack is a cyber attack where a threat actor intercepts data and communications between two parties, usually a user and an application, for malicious purposes.
MNFC 	The <a href="https://mn.gov/fusioncenter/">Minnesota Fusion Center</a> (MNFC) is a section of the BCA that allows participating agencies to share information about suspected criminal activity.
MNIT 	Minnesota IT Services (MNIT) is the central IT organization for the State of Minnesota.
Mobile device 	A mobile device or handheld computer is a computer small enough to hold and operate in hand. Mobile devices are typically battery-powered and possess a flat-panel display and one or more built-in input devices, such as a touchscreen or keypad. Modern mobile devices often emphasize wireless networking, to both the Internet and to other devices in their vicinity, such as headsets or in-car entertainment systems, via WiFi, Bluetooth, cellular networks, or near-field communication.
Network attack 	Unauthorized access to a computer network, often with the intent to steal data or cause harm.  
Not public data 	"Not public data" is government data that is classified as confidential, private, nonpublic, or protected nonpublic by state statute, federal law, or temporary classification. Please see definition of the different types of data in the <a href="https://www.revisor.mn.gov/statutes/cite/13.02">Office of the Revisor of Statutes 13.025 2023 Minnesota Statutes</a>.
OLA 	Office of Legislative Auditor (OLA) is the auditor of Minnesota state government.
OSS 	Office of Secretary of State (OSS) oversees statewide elections; the review, approval, and filing for all businesses and organizations operating in the state; and administers the state's address confidentiality program.
OT/ICS/SCADA 	Operational Technology (OT), Industrial Control System (ICS), and Supervisory Control and Data Acquisition (SCADA) attacks target systems that control industrial processes, such as factories or utilities. 
PHI 	Protected Health Information
PII 	Personally Identifiable Information
Ransomware 	Malware that encrypts (locks) users out of their data or systems until a ransom is paid to the attacker.
SOC 	Security Operations Center (SOC) is a centralized team or facility that monitors, detects, and responds to security threats in an organization. MNIT's SOC has a seat in the MNFC to provide cybersecurity analysis and cyber threat intelligence sharing statewide.
Social engineering 	When a bad actor tricks, manipulates, influences, or deceives people into sharing information they shouldn't share, downloading software that they shouldn't download, or performing actions that compromise security to gain control over a computer system or to steal information. Phishing is a type of social engineering where a bad actors sends fraudulent messages, often via email, to trick individuals into selecting links, revealing personal information, or installing malware.
SQL Injection 	 Structured Query Language - SQL injection is a common cyberattack technique that allows hackers to steal sensitive data from applications that use a SQL database. It works by inserting malicious SQL statements into an entry field, which are then executed by the database.
Unauthorized access 	Gaining access to a system, network, or data without permission. 
Vishing 	Voice phishing, is a type of phishing attack that involves using phone calls to trick people into providing sensitive information.
Web application attack 	An attack targeting a website or online service to steal data, disrupt services, or gain unauthorized access.