tlctc.net / blog 2026-05-15 · Series Index
TLCTC Glossary Fixes · Series Index
249 entries · 169 framework · 80 industry · series open
Buzzword Bingo

The Cybersecurity Vocabulary Audit

A live register of every TLCTC framework term and every industry buzzword the framework files elsewhere. → A-Z reference view

Type
Status
Category
Axis (industry)
249 / 249
Abuse of Functions (#1)ClusterFramework Accessibility (Data Risk Event)DRE / BREFramework Actor ArchetypeConceptFramework Actor GroupConceptFramework "Adware"Other · TBDQueued AI / AGI / ASI (Positioning in TLCTC)ConceptFramework "Amplification Attack"Other · TBDQueued "ARP Spoofing"Other · TBDQueued Attack PathConceptFramework Attack Path NotationNotationFramework Attack Sequence SchemaConceptV2.0 Attack StepConceptV2.0 Attack VectorConceptFramework Attack Velocity (Δt)NotationV2.0 Attacker ProfileConceptV2.1 Attacker's ViewConceptFramework Availability (Data Risk Event)DRE / BREFramework AxiomAxiomFramework Axiom Quick ReferenceAxiomFramework "BEC (Business Email Compromise) / CEO Fraud"Other · TBDQueued "BGP Hijacking"Other · TBDQueued "Botnet"Temporal · DisclosureQueued Bounded ΔtNotationFramework Bow-Tie ModelConceptFramework Bridge ClusterConceptFramework Bridge StepConceptFramework "Brute-Force Attack"Other · TBDQueued "Buffer Overflow"Other · TBDQueued Business Impact (BI)ConceptFramework Business Risk Event (BRE)DRE / BREFramework BxIs (Base Level Indicators)ConceptFramework Call-Level Mapping RuleConceptFramework Capacity ExhaustionConceptFramework "CAPEC (Common Attack Pattern Enumeration and Classification)"Other · TerminologyQueued Central EventConceptFramework "ClickFix"Other · ActorQueued Client-Role ComponentConceptFramework Client-Server RelationshipConceptFramework Cluster Quick ReferenceConceptFramework CoderConceptFramework "Command Injection"Other · TBDQueued Compliance Risk EventConceptFramework ConsequencesConceptFramework ControlConceptFramework Control Design EffectivenessConceptFramework Control FailureConceptFramework Control ObjectiveConceptFramework Control Operational EffectivenessConceptFramework Credential / Identity ArtifactConceptFramework Credential AcquisitionConceptFramework Credential ApplicationConceptFramework Credential ForgeryConceptFramework "Cross-Site Scripting (XSS)"Other · TBDQueued CVE (Common Vulnerabilities and Exposures)ConceptFramework "CWE (Common Weakness Enumeration)"Other · TerminologyQueued Cyber Bow-TieConceptFramework Cyber IncidentConceptFramework Cyber RiskConceptFramework Cyber Risk EventConceptFramework Cyber Threat RadarConceptFramework "DAST (Dynamic Application Security Testing)"Other · TBDQueued Data Processing PathwaysConceptFramework Data Risk Event (DRE)DRE / BREFramework Data vs Code BoundaryConceptFramework "DDoS (Distributed Denial of Service)"Other · TBDQueued "Defense-in-Depth"Other · ControlQueued Delta t (Δt)NotationV2.0 Designed Execution CapabilityConceptFramework Detection Coverage Score (DCS)ConceptV2.0 Developer's ViewConceptFramework "Directory Traversal"Other · TBDQueued "DNS Spoofing"Other · TBDQueued DomainConceptFramework Domain BoundaryConceptFramework Domain Boundary Operator (||)NotationV2.0 "Domain Squatting"Other · TBDQueued "DORA (Digital Operational Resilience Act)"Other · TBDQueued "Drive-By Download"Other · TBDQueued Dual-Use ToolConceptFramework Edge (in attack path)ConceptFramework "EDR (Endpoint Detection and Response)"Other · TBDQueued Estimated ΔtNotationFramework Event ChainConceptFramework Event Chain LengthConceptV2.0 "Evil Maid Attack"Other · TBDQueued Exploit CodeConceptFramework Exploiting Client (#3)ClusterFramework Exploiting Server (#2)ClusterFramework Eₙ Event Notation (Regulatory)NotationV2.0 Fast Velocity ClassConceptV2.0 "Fileless Execution / Fileless Malware"Other · TBDQueued Flooding Attack (#6)ClusterFramework Foreign Executable Content (FEC)ConceptFramework Framework LayerConceptV2.0 Generic VulnerabilityConceptFramework GOVERN (GV)ConceptFramework "HTTP Flood"Other · TBDQueued "ICMP Flooding"Other · TBDQueued Identity Theft (#4)ClusterFramework Implementation Defect (Availability Context)ConceptFramework Implementation FlawConceptFramework "Insecure Deserialization"Other · TBDQueued Intelligence LayerConceptV2.0 Internal ClusterConceptFramework Intra-System Boundary Operator (|...|)NotationV2.1 JSON ArchitectureConceptV2.0 KCI (Key Control Indicator)ConceptFramework "Keylogger"Other · ActorQueued "Kill Chain"Other · TBDQueued KPI (Key Performance Indicator)ConceptFramework KRI (Key Risk Indicator)ConceptFramework KxI FrameworkConceptFramework Latent/Slow Velocity ClassConceptV2.0 "Lateral Movement"Effect · TransitionCalled Living Off the Land / LOLBAS (Living Off the Land Binaries and Scripts)ConceptFramework Local ControlsConceptFramework Loss of Accessibility (LoAc)ConceptFramework Loss of Availability (LoA)ConceptFramework Loss of Confidentiality (LoC)ConceptFramework Loss of Control / System CompromiseConceptFramework Loss of Integrity (LoI)ConceptFramework Malicious CodeConceptFramework "Malvertising"Other · TBDQueued Malware (#7)ClusterFramework Man in the Middle (#5)ClusterFramework Medium Velocity ClassConceptV2.0 "MFA Bombing / MFA Fatigue"Other · TBDQueued Mitigating ControlsConceptFramework MitM PositionConceptFramework MITRE ATT&CKConceptFramework "NIS2 (Network and Information Security Directive 2)"Other · TBDQueued NIST CSF (Cybersecurity Framework)ConceptFramework Normative KeywordsConceptFramework Notation SystemsNotationFramework "OAuth Attack"Other · DeliveryQueued Observed ΔtNotationFramework Operational LayerConceptFramework "Operational Risk (OpRisk)"Other · TBDQueued Operational Security LayerConceptFramework "OWASP (Open Worldwide Application Security Project)"Other · TBDQueued Parallel Operator (+)NotationFramework Parallel StepsConceptFramework "Pass-the-Hash / Pass-the-Ticket"Other · ActorQueued "Password Spraying"Other · TBDQueued "Patient Zero"Effect · TransitionQueued "Phishing"Other · DeliveryQueued Physical Attack (#8)ClusterFramework "Pineapple Attack"Other · TBDQueued "Ping of Death"Other · TBDQueued Position Acquisition vs Position ExploitationConceptFramework "Pretexting"Other · DeliveryQueued Preventive ControlsConceptFramework "Privilege Escalation"Effect · TransitionCalled "Process Injection"Other · TBDQueued ProgrammerConceptFramework Propagated PRConceptV2.0 Protection Ring ArchitectureConceptFramework R-* Rules Quick ReferenceRuleFramework R-ABUSE (Function Misuse Determination)RuleFramework R-CRED (Credential Lifecycle Non-Overlap)RuleFramework R-EXEC (Foreign Execution Recording Rule)RuleFramework R-FLOOD (Capacity Exhaustion vs Implementation Defect)RuleFramework R-HUMAN (Human Manipulation Isolation)RuleFramework R-INTRA (Intra-System Boundary Rules)RuleV2.1 R-MITM (Position vs Action)RuleFramework R-PHYSICAL (Physical Domain Isolation)RuleFramework R-ROLE (Server vs Client Determination)RuleFramework R-SUPPLY (Trust Acceptance Event Placement)RuleFramework R-TRANSIT (Transit Boundary Rules)RuleV2.1 "Ransomware"Consequence · OutcomeQueued "RCE (Remote Code Execution)"Other · TerminologyCalled Realtime Velocity ClassConceptV2.0 Regulatory Trigger PointConceptV2.0 Responsibility SphereConceptFramework "RFID Skimming"Other · TBDQueued "Risk Appetite / Risk Tolerance"Other · TBDQueued Risk EventConceptFramework "Rogue Hotspot"Other · TBDQueued Role DeterminationConceptFramework "Rootkit"Other · TBDQueued RS Container (Respond Container)ConceptV2.0 "SAST (Static Application Security Testing)"Other · TBDQueued "SBOM (Software Bill of Materials)"Other · BoundaryQueued "SCA (Software Composition Analysis)"Other · BoundaryQueued Scope of Client SoftwareConceptFramework Scope of Server SoftwareConceptFramework Secure Software Development Life Cycle (SSDLC)ConceptFramework Semantic Guardrails (SG-1 through SG-7)GuardrailV2.1 Semantic Guardrails Quick ReferenceGuardrailV2.1 SequenceConceptFramework Sequence Operator (→)NotationFramework Server-Role ComponentConceptFramework "Session Hijacking"Other · ActorQueued "SIEM (Security Information and Event Management)"Other · TBDQueued "Slowloris"Other · TBDQueued "Smishing"Other · DeliveryQueued "SOAR (Security Orchestration, Automation, and Response)"Other · TBDQueued Social Engineering (#9)ClusterFramework "Spear Phishing"Other · DeliveryQueued "Spyware"Consequence · OutcomeQueued "SQL Injection"Consequence · OutcomeQueued "SSL Stripping"Other · TBDQueued "SSRF (Server-Side Request Forgery)"Other · TBDQueued STIX (Structured Threat Information Expression)ConceptFramework Strategic Layer (Human-First)ConceptFramework Strategic Management LayerConceptFramework "STRIDE"Other · TBDQueued Sub-ThreatConceptFramework Supply Chain Attack (#10)ClusterFramework "SYN Flood"Other · TBDQueued System CompromiseConceptFramework System Risk Event (SRE)ConceptFramework "Tailgating"Other · DeliveryQueued Tech Enablers OverlayConceptV2.1 Techniques (TTPs)ConceptFramework "TEMPEST"Other · TBDQueued Temporal NotationNotationV2.0 Third-Party Trust Link (TTL)ConceptFramework Threat (in TLCTC)ConceptFramework Threat ClusterConceptFramework Threat TopologyConceptFramework Tie-Breaker RulesConceptFramework TLCTC (Top Level Cyber Threat Clusters)ConceptFramework TLCTC EnumerationConceptFramework "Token Hijacking"Other · TBDQueued Transit Boundary Operator (⇒)NotationV2.1 "Trojan"Consequence · OutcomeQueued Trust Acceptance Event (TAE)ConceptFramework Trust Artifact / Trust Decision (TAD)ConceptFramework TTP (Tactics, Techniques, and Procedures)ConceptFramework Two-Tiered ApproachConceptFramework "Typosquatting"Other · DeliveryQueued "UDP Flood"Other · TBDQueued Umbrella ControlsConceptFramework Unknown ΔtNotationFramework Unresolved-Step Operators (`?`, `…`)NotationV2.1 "USB Baiting"Other · TBDQueued "Van Eck Phreaking"Other · TBDQueued Velocity AnnotationNotationFramework Velocity ClassConceptFramework Vertical Stack ApplicationConceptFramework "Vishing"Other · DeliveryQueued VulnerabilityConceptFramework "WAF (Web Application Firewall)"Other · ControlQueued "Watering Hole Attack"Other · TBDQueued WeaknessConceptFramework "Whaling"Other · DeliveryQueued "Worm"Other · TBDQueued "XXE (XML External Entity) Injection"Other · TBDQueued
Pick a row to preview
Hover to preview here. Click a row to open the full entry in an overlay.

The deeper observation

That's the audit. The register above holds every defined TLCTC framework term and every industry buzzword the framework refuses to file as a cause — sitting side by side, with the same test applied to each. A handful have been called in full essays so far; the rest are queued, or are simply definitions that anchor the vocabulary the buzzwords keep getting confused with. The cockpit and the cases are two readings of the same point. Either should land.