Copywriteroffice

Serp data

Request Result Detail

The request result help you to show your API requests results.

Copywriteroffice - cybersecurity terms serp result detail
Keyword cybersecurity terms
Search Urlhttps://www.google.com/search?q=cybersecurity+terms&oq=cybersecurity+terms&num=30&hl=en&gl=US&sourceid=chrome&ie=UTF-8
Devicedesktop
Languageen
LocationUS
Search Enginegoogle.com
No. Of Results148000000
RelatedSearch
cyber security glossary pdfhttps://www.google.com/search?num=30&hl=en&gl=us&q=Cyber+security+glossary+PDF&sa=X&ved=2ahUKEwi-x5Tsvq71AhV_RjABHcj_AyAQ1QJ6BAgmEAE
cybersecurity terms quizlethttps://www.google.com/search?num=30&hl=en&gl=us&q=Cybersecurity+terms+Quizlet&sa=X&ved=2ahUKEwi-x5Tsvq71AhV_RjABHcj_AyAQ1QJ6BAg0EAE
cyber termshttps://www.google.com/search?num=30&hl=en&gl=us&q=Cyber+terms&sa=X&ved=2ahUKEwi-x5Tsvq71AhV_RjABHcj_AyAQ1QJ6BAgsEAE
cyber security definitionshttps://www.google.com/search?num=30&hl=en&gl=us&q=Cyber+security+definitions&sa=X&ved=2ahUKEwi-x5Tsvq71AhV_RjABHcj_AyAQ1QJ6BAgvEAE
a to z of cyber securityhttps://www.google.com/search?num=30&hl=en&gl=us&q=A+to+Z+of+cyber+security&sa=X&ved=2ahUKEwi-x5Tsvq71AhV_RjABHcj_AyAQ1QJ6BAguEAE
cool cyber termshttps://www.google.com/search?num=30&hl=en&gl=us&q=Cool+cyber+terms&sa=X&ved=2ahUKEwi-x5Tsvq71AhV_RjABHcj_AyAQ1QJ6BAgtEAE
cyber security word of the dayhttps://www.google.com/search?num=30&hl=en&gl=us&q=Cyber+security+word+of+the+day&sa=X&ved=2ahUKEwi-x5Tsvq71AhV_RjABHcj_AyAQ1QJ6BAgwEAE
glossary of security terms, definitions and acronymshttps://www.google.com/search?num=30&hl=en&gl=us&q=glossary+of+security+terms%2C+definitions+and+acronyms&sa=X&ved=2ahUKEwi-x5Tsvq71AhV_RjABHcj_AyAQ1QJ6BAgnEAE
Result 1
TitleCybersecurity Glossary | National Initiative for Cybersecurity Careers and Studies
Urlhttps://niccs.cisa.gov/about-niccs/cybersecurity-glossary
DescriptionThe NICCS glossary contains key cybersecurity terms that enable clear communication and a common understanding of cybersecurity definitions
Date
Organic Position1
H1Cybersecurity Glossary
H2Explore Terms: A Glossary of Common Cybersecurity Terminology
H3Letter: A
Letter: B
Letter: C
Letter: D
Letter: E
Letter: F
Letter: G
Letter: H
Letter: I
Letter: J
Letter: K
Letter: L
Letter: M
Letter: N
Letter: O
Letter: P
Letter: Q
Letter: R
Letter: S
Letter: T
Letter: U
Letter: V
Letter: W
Letter: X
Letter: Y
Letter: Z
H2WithAnchorsExplore Terms: A Glossary of Common Cybersecurity Terminology
BodyCybersecurity Glossary Explore Terms: A Glossary of Common Cybersecurity Terminology. The NICCS Portal’s cybersecurity lexicon is intended to serve the cybersecurity communities of practice and interest for both the public and private sectors. It complements other lexicons such as the NISTIR 7298 Glossary of Key Information Security Terms. Objectives for lexicon are to enable clearer communication and common understanding of cybersecurity terms, through use of plain English and annotations on the definitions. The lexicon will evolve through ongoing feedback from end users and stakeholders. a | b | c | d | e | f | g | h | i | j | k | l | m | n | o | p | q | r | s | t | u | v | w | x | y | z Click one of the letters above to advance the page to terms beginning with that letter. A Letter: A. access Definition: The ability and means to communicate with or otherwise interact with a system, to use system resources to handle information, to gain knowledge of the information the system contains, or to control system components and functions. From: CNSSI 4009 access and identity management Synonym(s): identity and access management access control   Definition: The process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities. Related Term(s): access control mechanism Adapted from: CNSSI 4009 access control mechanism   Definition: Security measures designed to detect and deny unauthorized access and permit authorized access to an information system or a physical facility. Adapted from: CNSSI 4009 active attack   Definition: An actual assault perpetrated by an intentional threat source that attempts to alter a system, its resources, its data, or its operations. Related Term(s): passive attack Adapted from: IETF RFC 4949, NIST SP 800-63 Rev 1 active content   Definition: Software that is able to automatically carry out or trigger actions without the explicit intervention of a user. Adapted from: CNSSI 4009 Advanced Persistent Threat   Definition: An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). From: NIST SP 800-53 Rev 4 adversary   Definition: An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities. Related Term(s): threat agent, attacker From: DHS Risk Lexicon air gap   Definition: To physically separate or isolate a system from other systems or networks (verb). Extended Definition: The physical separation or isolation of a system from other systems or networks (noun). alert   Definition: A notification that a specific attack has been detected or directed at an organization’s information systems. Adapted from: CNSSI 4009 Allowlist Definition: A list of entities that are considered trustworthy and are granted access or privileges. Related Term(s): Blocklist Adapted from: DHS personnel All Source Intelligence  Definition: In the NICE Framework, cybersecurity work where a person: Analyzes threat information from multiple sources, disciplines, and agencies across the Intelligence Community. Synthesizes and places intelligence information in context; draws insights about the possible implications. From: NICE Framework Analyze Definition: A NICE Framework category consisting of specialty areas responsible for highly specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence. From: NICE Framework antispyware software   Definition: A program that specializes in detecting and blocking or removing forms of spyware. Related Term(s): spyware Adapted from: NCSD Glossary antivirus software Definition: A program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents. Sometimes by removing or neutralizing the malicious code. Adapted from: NCSD Glossary asset Definition: A person, structure, facility, information, and records, information technology systems and resources, material, process, relationships, or reputation that has value. Extended Definition: Anything useful that contributes to the success of something, such as an organizational mission; assets are things of value or properties to which value can be assigned. Adapted from: DHS Risk Lexicon asymmetric cryptography   Synonym(s): public key cryptography attack Definition: An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity. Extended Definition: The intentional act of attempting to bypass one or more security services or controls of an information system. Related Term(s): active attack, passive attack From: NCSD Glossary. NTSSI 4009 (2000), CNSSI 4009 attack method   Definition: The manner or technique and means an adversary may use in an assault on information or an information system. Adapted from: DHS Risk Lexicon, NCSD Glossary attack mode Synonym(s): attack method attack path   Definition: The steps that an adversary takes or may take to plan, prepare for, and execute an attack. Adapted from: DHS Risk Lexicon, NCSD Glossary attack pattern   Definition: Similar cyber events or behaviors that may indicate an attack has occurred or is occurring, resulting in a security violation or a potential security violation. Extended Definition: For software, descriptions of common methods for exploiting software systems. Related Term(s): attack signature Adapted from: Oak Ridge National Laboratory Visualization Techniques for Computer Network Defense, MITRE's CAPEC web site attack signature   Definition: A characteristic or distinctive pattern that can be searched for or that can be used in matching to previously identified attacks. Extended Definition: An automated set of rules for identifying a potential threat (such as an exploit or the presence of an attacker tool) and possible responses to that threat. Related Term(s): attack pattern Adapted from: NCSD Glossary, CNSSI 4009, ISSG V1.2 Database attack surface   Definition: The set of ways in which an adversary can enter a system and potentially cause damage. Extended Definition: An information system's characteristics that permit an adversary to probe, attack, or maintain presence in the information system. Adapted from: Manadhata, P.K., & Wing, J.M. in Attack Surface Measurement; DHS personnel attacker Definition: An individual, group, organization, or government that executes an attack. Extended Definition: A party acting with malicious intent to compromise an information system. Related Term(s): adversary, threat agent Adapted from: Barnum & Sethi (2006), NIST SP 800-63 Rev 1 authenticate Related Term(s): authentication authentication   Definition: The process of verifying the identity or other attributes of an entity (user, process, or device). Extended Definition: Also the process of verifying the source and integrity of data. Adapted from: CNSSI 4009, NIST SP 800-21, NISTIR 7298 authenticity   Definition: A property achieved through cryptographic methods of being genuine and being able to be verified and trusted, resulting in confidence in the validity of a transmission, information or a message, or sender of information or a message. Related Term(s): integrity, non-repudiation Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4 authorization Definition: A process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource. Extended Definition: The process or act of granting access privileges or the access privileges as granted. From: OASIS SAML Glossary 2.0; Adapted from CNSSI 4009 availability   Definition: The property of being accessible and usable upon demand. Extended Definition: In cybersecurity, applies to assets such as information or information systems. Related Term(s): confidentiality, integrity Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4, 44 U.S.C., Sec 3542 B Letter: B. behavior monitoring   Definition: Observing activities of users, information systems, and processes and measuring the activities against organizational policies and rule, baselines of normal activity, thresholds, and trends. Adapted from: DHS personnel behavioral monitoring   Synonym(s): behavior monitoring Blocklist   Definition: A list of entities that are blocked or denied privileges or access. Related Term(s): Allowlist Adapted from: DHS personnel Blue Team   Definition: A group that defends an enterprise's information systems when mock attackers (i.e., the Red Team) attack, typically as part of an operational exercise conducted according to rules established and monitored by a neutral group (i.e., the White Team). Extended Definition: Also, a group that conducts operational vulnerability evaluations and recommends mitigation techniques to customers who need an independent technical review of their cybersecurity posture. Related Term(s): Red Team, White Team Adapted from: CNSSI 4009 bot Definition: A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under remote the command and control of a remote administrator. Extended Definition: A member of a larger collection of compromised computers known as a botnet. Synonym(s): zombie Related Term(s): botnet bot herder Synonym(s): bot master bot master Definition: The controller of a botnet that, from a remote location, provides direction to the compromised computers in the botnet. Synonym(s): bot herder botnet   Definition: A collection of computers compromised by malicious code and controlled across a network. bug   Definition: An unexpected and relatively small defect, fault, flaw, or imperfection in an information system or device. Adapted from: NCSD Glossary Build Security In   Definition: A set of principles, practices, and tools to design, develop, and evolve information systems and software that enhance resistance to vulnerabilities, flaws, and attacks. Adapted from: Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program (2011), US-CERT's Build Security In website. C Letter: C. capability   Definition: The means to accomplish a mission, function, or objective. Related Term(s): intent Adapted from: DHS Risk Lexicon cipher Synonym(s): cryptographic algorithm ciphertext   Definition: Data or information in its encrypted form. Related Term(s): plaintext From: CNSSI 4009 cloud computing   Definition: A model for enabling on-demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Adapted from: CNSSI 4009, NIST SP 800-145 Collect & Operate Definition: A NICE Framework category consisting of specialty areas responsible for specialized denial and deception operations and collection of cybersecurity information that may be used to develop intelligence. From: NICE Framework Collection Operations Definition: In the NICE Framework, cybersecurity work where a person: Executes collection using appropriate strategies and within the priorities established through the collection management process. From: NICE Framework computer forensics Synonym(s): digital forensics computer network defense Definition: The actions taken to defend against unauthorized activity within computer networks. From: CNSSI 4009 Computer Network Defense Analysis   Definition: In the NICE Framework, cybersecurity work where a person: Uses defensive measures and information collected from a variety of sources to identify, analyze, and report events that occur or might occur within the network in order to protect information, information systems, and networks from threats. From: NICE Framework Computer Network Defense Infrastructure Support Definition: In the NICE Framework, cybersecurity work where a person: Tests, implements, deploys, maintains, reviews, and administers the infrastructure hardware and software that are required to effectively manage the computer network defense service provider network and resources; monitors network to actively remediate unauthorized activities. From: NICE Framework computer security incident Synonym(s): incident Related Term(s): event confidentiality Definition: A property that information is not disclosed to users, processes, or devices unless they have been authorized to access the information. Extended Definition: Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. Related Term(s): availability, integrity Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4, 44 U.S.C., Sec 3542 consequence Definition: The effect of an event, incident, or occurrence. Extended Definition: In cybersecurity, the effect of a loss of confidentiality, integrity or availability of information or an information system on an organization's operations, its assets, on individuals, other organizations, or on national interests. Adapted from: DHS Risk Lexicon, National Infrastructure Protection Plan, NIST SP 800-53 Rev 4 Continuity of Operations Plan Definition: A document that sets forth procedures for the continued performance of core capabilities and critical operations during any disruption or potential disruption. Related Term(s): Business Continuity Plan, Disaster Recovery Plan, Contingency Plan Adapted from: CPG 101, CNSSI 4009 critical infrastructure   Definition: The systems and assets, whether physical or virtual, so vital to society that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters. Related Term(s): key resource Adapted from: National Infrastructure Protection Plan critical infrastructure and key resources   Synonym(s): critical infrastructure cryptanalysis  Definition: The operations performed in defeating or circumventing cryptographic protection of information by applying mathematical techniques and without an initial knowledge of the key employed in providing the protection. Extended Definition: The study of mathematical techniques for attempting to defeat or circumvent cryptographic techniques and/or information systems security. Adapted from: CNSSI 4009, NIST SP 800-130 cryptographic algorithm   Definition: A well-defined computational procedure that takes variable inputs, including a cryptographic key, and produces an output. Related Term(s): key, encryption, decryption, symmetric key, asymmetric key From: CNSSI 4009 cryptography   Definition: The use of mathematical techniques to provide security services, such as confidentiality, data integrity, entity authentication, and data origin authentication. Extended Definition: The art or science concerning the principles, means, and methods for converting plaintext into ciphertext and for restoring encrypted ciphertext to plaintext. Related Term(s): plaintext, ciphertext, encryption, decryption From: NIST SP 800-130; Adapted from: CNSSI 4009 cryptology   Definition: The mathematical science that deals with cryptanalysis and cryptography. Related Term(s): cryptanalysis, cryptography From: CNSSI 4009 Customer Service and Technical Support   Definition: In the NICE Framework, cybersecurity work where a person: Addresses problems, installs, configures, troubleshoots, and provides maintenance and training in response to customer requirements or inquiries (e.g., tiered-level customer support). From: NICE Framework cyber ecosystem   Definition: The interconnected information infrastructure of interactions among persons, processes, data, and information and communications technologies, along with the environment and conditions that influence those interactions. Adapted from: DHS personnel cyber exercise   Definition: A planned event during which an organization simulates a cyber disruption to develop or test capabilities such as preventing, detecting, mitigating, responding to or recovering from the disruption. Adapted from: NCSD Glossary, DHS Homeland Security Exercise and Evaluation Program cyber incident   Synonym(s): incident Related Term(s): event cyber incident response plan   Synonym(s): incident response plan cyber infrastructure   Definition: An electronic information and communications systems and services and the information contained therein. Extended Definition: The information and communications systems and services composed of all hardware and software that process, store, and communicate information, or any combination of all of these elements: • Processing includes the creation, access, modification, and destruction of information. • Storage includes paper, magnetic, electronic, and all other media types. • Communications include sharing and distribution of information. Adapted from: NIPP Cyber Operations   Definition: In the NICE Framework, cybersecurity work where a person: Performs activities to gather evidence on criminal or foreign intelligence entities in order to mitigate possible or real-time threats, protect against espionage or insider threats, foreign sabotage, international terrorist activities, or to support other intelligence activities. From: NICE Framework Cyber Operations Planning   Definition: in the NICE Framework, cybersecurity work where a person: Performs in-depth joint targeting and cyber planning process. Gathers information and develops detailed Operational Plans and Orders supporting requirements. Conducts strategic and operational-level planning across the full range of operations for integrated information and cyberspace operations From: NICE Framework cybersecurity   Definition: The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation. Extended Definition: Strategy, policy, and standards regarding the security of and operations in cyberspace, and encompass[ing] the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure. Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4, NIPP, DHS National Preparedness Goal; White House Cyberspace Policy Review, May 2009 cyberspace   Definition: The interdependent network of information technology infrastructures, that includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers. Adapted from: NSPD 54/HSPD -23, CNSSI 4009, NIST SP 800-53 Rev 4 Cyber Threat Intelligence (CTI)   Definition: The collecting, processing, organizing, and analyzing data into actionable information that relates to capabilities, opportunities, actions, and intent of adversaries in the cyber domain to meet a specific requirement determined by and informing decision-makers.  Adapted from: ICD 203, CIA, SANS, Dragos, Carnegie Mellon D Letter: D. Data Administration Definition: In the NICE Framework, cybersecurity work where a person: Develops and administers databases and/or data management systems that allow for the storage, query, and utilization of data. From: NICE Framework data aggregation   Definition: The process of gathering and combining data from different sources, so that the combined data reveals new information. Extended Definition: The new information is more sensitive than the individual data elements themselves and the person who aggregates the data was not granted access to the totality of the information. Related Term(s): data mining Adapted from: CNSSI 4009 data breach   Definition: The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information. Related Term(s): data loss, data theft, exfiltration data integrity Definition: The property that data is complete, intact, and trusted and has not been modified or destroyed in an unauthorized or accidental manner. Related Term(s): integrity, system integrity Adapted from: CNSSI 4009, NIST SP 800-27 data leakage   Synonym(s): data breach data loss   Definition: The result of unintentionally or accidentally deleting data, forgetting where it is stored, or exposure to an unauthorized party. Related Term(s): data leakage, data theft data loss prevention Definition: A set of procedures and mechanisms to stop sensitive data from leaving a security boundary. Related Term(s): data loss, data theft, data leak Adapted from: Liu, S., & Kuhn, R. (2010, March/April). Data loss prevention. IEEE IT Professional, 11(2), pp. 10-13. data mining   Definition: The process or techniques used to analyze large sets of existing information to discover previously unrevealed patterns or correlations. Related Term(s): data aggregation Adapted from: DHS personnel data spill Synonym(s): data breach data theft   Definition: The deliberate or intentional act of stealing of information. Related Term(s): data aggregation, data leakage, data loss decipher   Definition: To convert enciphered text to plain text by means of a cryptographic system. Synonym(s): decode, decrypt From: CNSSI 4009 decode   Definition: To convert encoded text to plain text by means of a code. Synonym(s): decipher, decrypt From: CNSSI 4009 decrypt   Definition: A generic term encompassing decode and decipher. Synonym(s): decipher, decode From: CNSSI 4009 decryption   Definition: The process of transforming ciphertext into its original plaintext. Extended Definition: The process of converting encrypted data back into its original form, so it can be understood. Synonym(s): decode, decrypt, decipher Adapted from: ICAM SAML 2.0 WB SSO Profile 1.0.2 denial of service   Definition: An attack that prevents or impairs the authorized use of information system resources or services. Adapted from: NCSD Glossary designed-in security Synonym(s): Build Security In digital forensics   Definition: The processes and specialized techniques for gathering, retaining, and analyzing system-related data (digital evidence) for investigative purposes. Extended Definition: In the NICE Framework, cybersecurity work where a person: Collects, processes, preserves, analyzes, and presents computer-related evidence in support of network vulnerability, mitigation, and/or criminal, fraud, counterintelligence or law enforcement investigations. Synonym(s): computer forensics, forensics Adapted from: CNSSI 4009; From: NICE Framework digital rights management   Definition: A form of access control technology to protect and manage use of digital content or devices in accordance with the content or device provider's intentions. digital signature Definition: A value computed with a cryptographic process using a private key and then appended to a data object, thereby digitally signing the data. Related Term(s): electronic signature Adapted from: CNSSI 4009, IETF RFC 2828, ICAM SAML 2.0 WB SSO Profile 1.0.2, InCommon Glossary, NIST SP 800-63 Rev 1 disruption   Definition: An event which causes unplanned interruption in operations or functions for an unacceptable length of time. Adapted from: CNSSI 4009 distributed denial of service   Definition: A denial of service technique that uses numerous systems to perform the attack simultaneously. Related Term(s): denial of service, botnet Adapted from: CNSSI 4009 dynamic attack surface   Definition: The automated, on-the-fly changes of an information system's characteristics to thwart actions of an adversary. Adapted from: DHS personnel E Letter: E. Education and Training Definition: In the NICE Framework, cybersecurity work where a person: Conducts training of personnel within pertinent subject domain; develop, plan, coordinate, deliver, and/or evaluate training courses, methods, and techniques as appropriate. From: NICE Framework electronic signature  Definition: Any mark in electronic form associated with an electronic document, applied with the intent to sign the document. Related Term(s): digital signature Adapted from: CNSSI 4009 encipher   Definition: To convert plaintext to ciphertext by means of a cryptographic system. Synonym(s): encode, encrypt From: CNSSI 4009 encode   Definition: To convert plaintext to ciphertext by means of a code. Synonym(s): encipher, encrypt From: CNSSI 4009 encrypt   Definition: The generic term encompassing encipher and encode. Synonym(s): encipher, encode From: CNSSI 4009 encryption Definition: The process of transforming plaintext into ciphertext. Extended Definition: Converting data into a form that cannot be easily understood by unauthorized people. Synonym(s): encode, encrypt, encipher Adapted from: CNSSI 4009, ICAM SAML 2.0 WB SSO Profile 1.0.2 enterprise risk management   Definition: A comprehensive approach to risk management that engages people, processes, and systems across an organization to improve the quality of decision making for managing risks that may hinder an organization’s ability to achieve its objectives. Extended Definition: Involves identifying mission dependencies on enterprise capabilities, identifying and prioritizing risks due to defined threats, implementing countermeasures to provide both a static risk posture and an effective dynamic response to active threats; and assessing enterprise performance against threats and adjusts countermeasures as necessary. Related Term(s): risk management, integrated risk management, risk Adapted from: DHS Risk Lexicon, CNSSI 4009 event Definition: An observable occurrence in an information system or network. Extended Definition: Sometimes provides an indication that an incident is occurring or at least raise the suspicion that an incident may be occurring. Related Term(s): incident Adapted from: CNSSI 4009 exfiltration  Definition: The unauthorized transfer of information from an information system. Related Term(s): data breach From: NIST SP 800-53 Rev 4 exploit   Definition: A technique to breach the security of a network or information system in violation of security policy. Adapted from: ISO/IEC 27039 (draft), DHS personnel Exploitation Analysis   Definition: In the NICE Framework, cybersecurity work where a person: Analyzes collected information to identify vulnerabilities and potential for exploitation. From: NICE Framework exposure   Definition: The condition of being unprotected, thereby allowing access to information or access to capabilities that an attacker can use to enter a system or network. Adapted from: NCSD glossary F Letter: F. Failure   Definition: The inability of a system or component to perform its required functions within specified performance requirements. From: NCSD Glossary firewall Definition: A capability to limit network traffic between networks and/or information systems. Extended Definition: A hardware/software device or a software program that limits network traffic according to a set of rules of what access is and is not allowed or authorized. Adapted from: CNSSI 4009 forensics   Synonym(s): digital forensics G Letter: G. H Letter: H. hacker   Definition: An unauthorized user who attempts to or gains access to an information system. From: CNSSI 4009 hash value   Definition: A numeric value resulting from applying a mathematical algorithm against a set of data such as a file. Synonym(s): cryptographic hash value Related Term(s): hashing Adapted from: CNSSI 4009 hashing   Definition: A process of applying a mathematical algorithm against a set of data to produce a numeric value (a 'hash value') that represents the data. Extended Definition: Mapping a bit string of arbitrary length to a fixed length bit string to produce the hash value. Related Term(s): hash value Adapted from: CNSSI 4009, FIPS 201-2 hazard   Definition: A natural or man-made source or cause of harm or difficulty. Related Term(s): threat From: DHS Risk Lexicon I Letter: I. ICT supply chain threat Definition: A man-made threat achieved through exploitation of the information and communications technology (ICT) system’s supply chain, including acquisition processes. Related Term(s): supply chain, threat From: DHS SCRM PMO identity and access management   Definition: The methods and processes used to manage subjects and their authentication and authorizations to access specific objects. impact   Synonym(s): consequence incident   Definition: An occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences. Extended Definition: An occurrence that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. Related Term(s): event Adapted from: CNSSI 4009, FIPS 200, NIST SP 800-53 Rev 4, ISSG incident management Definition: The management and coordination of activities associated with an actual or potential occurrence of an event that may result in adverse consequences to information or information systems. Adapted from: NCSD Glossary, ISSG NCPS Target Architecture Glossary incident response Definition: The activities that address the short-term, direct effects of an incident and may also support short-term recovery. Extended Definition: In the Workforce framework, cybersecurity work where a person: Responds to crisis or urgent situations within the pertinent domain to mitigate immediate and potential threats; uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of life, preservation of property, and information security. Investigates and analyzes all relevant response activities. Synonym(s): response Related Term(s): recovery From: Workforce Framework incident response plan Definition: A set of predetermined and documented procedures to detect and respond to a cyber incident. Adapted from: CNSSI 4009 indicator   Definition: An occurrence or sign that an incident may have occurred or may be in progress. Related Term(s): precursor Adapted from: CNSSI 4009, NIST SP 800-61 Rev 2 (DRAFT), ISSG V1.2 Database Industrial Control System Definition: An information system used to control industrial processes such as manufacturing, product handling, production, and distribution or to control infrastructure assets. Related Term(s): Supervisory Control and Data Acquisition, Operations Technology Adapted from: NIST SP 800-53 Rev 4, NIST SP 800-82 information and communication(s) technology Definition: Any information technology, equipment, or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information. Related Term(s): information technology Adapted from: The Access Board's 2011 Advance Notice of Proposed Rulemaking for Section 508 information assurance Definition: The measures that protect and defend information and information systems by ensuring their availability, integrity, and confidentiality. Related Term(s): information security Adapted from: CNSSI 4009 Information Assurance Compliance Definition: In the NICE Framework, cybersecurity work where a person: Oversees, evaluates, and supports the documentation, validation, and accreditation processes necessary to assure that new IT systems meet the organization's information assurance and security requirements; ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives. From: NICE Framework information security policy Definition: An aggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information. Related Term(s): security policy From: CNSSI 4009; NIST SP 800-53 Rev 4 information sharing   Definition: An exchange of data, information, and/or knowledge to manage risks or respond to incidents. Adapted from: NCSD glossary information system resilience   Definition: The ability of an information system to: (1) continue to operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (2) recover effectively in a timely manner. Related Term(s): resilience Adapted from: NIST SP 800-53 Rev 4 Information Systems Security Operations Definition: In the NICE Framework, cybersecurity work where a person: Oversees the information assurance program of an information system in or outside the network environment; may include procurement duties (e.g., Information Systems Security Officer). From: NICE Framework information technology   Definition: Any equipment or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information. Related Term(s): information and communication(s) technology Adapted from: CNSSI 4009, NIST SP 800-53 rev. 4, based on 40 U.S.C. sec. 1401 inside( r) threat   Definition: A person or group of persons within an organization who pose a potential risk through violating security policies. Extended Definition: One or more individuals with the access and/or inside knowledge of a company, organization, or enterprise that would allow them to exploit the vulnerabilities of that entity's security, systems, services, products, or facilities with the intent to cause harm. Related Term(s): outside( r) threat Adapted from: CNSSI 4009; From: NIAC Final Report and Recommendations on the Insider Threat to Critical Infrastructure, 2008 integrated risk management   Definition: The structured approach that enables an enterprise or organization to share risk information and risk analysis and to synchronize independent yet complementary risk management strategies to unify efforts across the enterprise. Related Term(s): risk management, enterprise risk management Adapted from: DHS Risk Lexicon integrity   Definition: The property whereby information, an information system, or a component of a system has not been modified or destroyed in an unauthorized manner. Extended Definition: A state in which information has remained unaltered from the point it was produced by a source, during transmission, storage, and eventual receipt by the destination. Related Term(s): availability, confidentiality, data integrity, system integrity Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4, 44 U.S.C., Sec 3542, SANS; From SAFE-BioPharma Certificate Policy 2.5 intent   Definition: A state of mind or desire to achieve an objective. Related Term(s): capability Adapted from: DHS Risk Lexicon interoperability   Definition: The ability of two or more systems or components to exchange information and to use the information that has been exchanged. Adapted from: IEEE Standard Computer Dictionary, DHS personnel intrusion   Definition: An unauthorized act of bypassing the security mechanisms of a network or information system. Synonym(s): penetration Adapted from: CNSSI 4009 intrusion detection   Definition: The process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred. Adapted from: CNSSI 4009, ISO/IEC 27039 (draft) Investigate   Definition: a NICE Framework category consisting of specialty areas responsible for the investigation of cyber events and/or crimes of IT systems, networks, and digital evidence From: NICE Framework investigation   Definition: A systematic and formal inquiry into a qualified threat or incident using digital forensics and perhaps other traditional criminal inquiry techniques to determine the events that transpired and to collect evidence. Extended Definition: In the NICE Framework, cybersecurity work where a person: Applies tactics, techniques, and procedures for a full range of investigative tools and processes to include but not limited to interview and interrogation techniques, surveillance, counter surveillance, and surveillance detection, and appropriately balances the benefits of prosecution versus intelligence gathering. Adapted from: ISSG V1.2 Database; Conrad, E., Misenauer, S., & Feldman, J. (2010). CISSP® Study Guide. Burlington, MA: Syngress; From: NICE Workforce Framework IT asset   Synonym(s): asset J Letter: J. K Letter: K. key Definition: The numerical value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification. Related Term(s): private key, public key, secret key, symmetric key From: CNSSI 4009 key pair   Definition: A public key and its corresponding private key. Extended Definition: Two mathematically related keys having the property that one key can be used to encrypt a message that can only be decrypted using the other key. Related Term(s): private key, public key Adapted from: CNSSI 4009, Federal Bridge Certificate Authority Certification Policy 2.25 key resource   Definition: A publicly or privately controlled asset necessary to sustain continuity of government and/or economic operations, or an asset that is of great historical significance. Related Term(s): critical infrastructure From: NCSD glossary keylogger   Definition: Software or hardware that tracks keystrokes and keyboard events, usually surreptitiously / secretly, to monitor actions by the user of an information system. Related Term(s): spyware Knowledge Management Definition: In the NICE Framework, cybersecurity work where a person: Manages and administers processes and tools that enable the organization to identify, document, and access intellectual capital and information content. From: NICE Framework L Letter: L. Legal Advice and Advocacy Definition: In the NICE Framework, cybersecurity work where a person: Provides legally sound advice and recommendations to leadership and staff on a variety of relevant topics within the pertinent subject domain; advocates legal and policy changes and makes a case on behalf of client via a wide range of written and oral work products, including legal briefs and proceedings. From: NICE Framework M Letter: M. machine learning and evolution   Definition: A field concerned with designing and developing artificial intelligence algorithms for automated knowledge discovery and innovation by information systems. Adapted from: DHS personnel macro virus Definition: A type of malicious code that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute, replicate, and spread or propagate itself. Related Term(s): virus Adapted from: CNSSI 4009 malicious applet   Definition: A small application program that is automatically downloaded and executed and that performs an unauthorized function on an information system. Related Term(s): malicious code From: CNSSI 4009 malicious code   Definition: Program code intended to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system. Extended Definition: Includes software, firmware, and scripts. Related Term(s): malicious logic Adapted from: CNSSI 4009. NIST SP 800-53 Rev 4 malicious logic   Definition: Hardware, firmware, or software that is intentionally included or inserted in a system to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system. Related Term(s): malicious code Adapted from: CNSSI 4009 malware Definition: Software that compromises the operation of a system by performing an unauthorized function or process. Synonym(s): malicious code, malicious applet, malicious logic Adapted from: CNSSI 4009, NIST SP 800-83 mitigation   Definition: The application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences. Extended Definition: Implementing appropriate risk-reduction controls based on risk management priorities and analysis of alternatives. Adapted from: DHS Risk Lexicon, CNSSI 4009, NIST SP 800-53 Rev 4 moving target defense Definition: The presentation of a dynamic attack surface, increasing an adversary's work factor necessary to probe, attack, or maintain presence in a cyber target. From: DHS personnel N Letter: N. network resilience   Definition: The ability of a network to: (1) provide continuous operation (i.e., highly resistant to disruption and able to operate in a degraded mode if damaged); (2) recover effectively if failure does occur; and (3) scale to meet rapid or unpredictable demands. Adapted from: CNSSI 4009 Network Services Definition: In the NICE Framework, cybersecurity work where a person: Installs, configures, tests, operates, maintains, and manages networks and their firewalls, including hardware (e.g., hubs, bridges, switches, multiplexers, routers, cables, proxy servers, and protective distributor systems) and software that permit the sharing and transmission of all spectrum transmissions of information to support the security of information and information systems. From: NICE Framework non-repudiation Definition: A property achieved through cryptographic methods to protect against an individual or entity falsely denying having performed a particular action related to data. Extended Definition: Provides the capability to determine whether a given individual took a particular action such as creating information, sending a message, approving information, and receiving a message. Related Term(s): integrity, authenticity Adapted from: CNSSI 4009; From: NIST SP 800-53 Rev 4 O Letter: O. object  Definition: A passive information system-related entity containing or receiving information. Related Term(s): subject, access, access control Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4 Operate & Maintain Definition: A NICE Framework category consisting of specialty areas responsible for providing the support, administration, and maintenance necessary to ensure effective and efficient IT system performance and security. From: NICE Framework operational exercise Definition: An action-based exercise where personnel rehearse reactions to an incident scenario, drawing on their understanding of plans and procedures, roles, and responsibilities. Extended Definition: Also referred to as operations-based exercise. Adapted from: DHS Homeland Security Exercise and Evaluation Program Operations Technology   Definition: The hardware and software systems used to operate industrial control devices. Related Term(s): Industrial Control System Adapted from: DHS personnel outside( r) threat   Definition: A person or group of persons external to an organization who are not authorized to access its assets and pose a potential risk to the organization and its assets. Related Term(s): inside( r) threat Adapted from: CNSSI 4009 Oversight & Development Definition: A NICE Framework category consisting of specialty areas providing leadership, management, direction, and/or development and advocacy so that all individuals and the organization may effectively conduct cybersecurity work. From: NICE Framework P Letter: P. passive attack   Definition: An actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations. Related Term(s): active attack Adapted from: IETF RFC 4949, NIST SP 800-63 Rev 1 password Definition: A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization. From: FIPS 140-2 pen test   Definition: A colloquial term for penetration test or penetration testing. Synonym(s): penetration testing penetration   Synonym(s): intrusion penetration testing Definition: An evaluation methodology whereby assessors search for vulnerabilities and attempt to circumvent the security features of a network and/or information system. Adapted from: NCSD Glossary, CNSSI 4009, NIST SP 800-53 Rev 4 Personal Identifying Information / Personally Identifiable Information   Definition: The information that permits the identity of an individual to be directly or indirectly inferred. Adapted from: NCSD Glossary, CNSSI 4009, GAO Report 08-356, as cited in NIST SP 800-63 Rev 1 phishing   Definition: A digital form of social engineering to deceive individuals into providing sensitive information. Adapted from: NCSD Glossary, CNSSI 4009, NIST SP 800-63 Rev 1 plaintext   Definition: Unencrypted information. Related Term(s): ciphertext From: CNSSI 4009 precursor Definition: An observable occurrence or sign that an attacker may be preparing to cause an incident. Related Term(s): indicator Adapted from: CNSSI 4009, NIST SP 800-61 Rev 2 (DRAFT) Preparedness   Definition: The activities to build, sustain, and improve readiness capabilities to prevent, protect against, respond to, and recover from natural or manmade incidents. Adapted from: NIPP privacy   Definition: The assurance that the confidentiality of, and access to, certain information about an entity is protected. Extended Definition: The ability of individuals to understand and exercise control over how information about themselves may be used by others. From: NIST SP 800-130; Adapted from: DHS personnel private key   Definition: A cryptographic key that must be kept confidential and is used to enable the operation of an asymmetric (public key) cryptographic algorithm. Extended Definition: The secret part of an asymmetric key pair that is uniquely associated with an entity. Related Term(s): public key, asymmetric cryptography Adapted from: CNSSI 4009, NIST SP 800-63 Rev 1, FIPS 201-2, FIPS 140-2, Federal Bridge Certificate Authority Certification Policy 2.25 Protect & Defend   Definition: A NICE Framework category consisting of specialty areas responsible for the identification, analysis, and mitigation of threats to internal IT systems or networks. From: NICE Framework public key   Definition: A cryptographic key that may be widely published and is used to enable the operation of an asymmetric (public key) cryptographic algorithm. Extended Definition: The public part of an asymmetric key pair that is uniquely associated with an entity and that may be made public. Related Term(s): private key, asymmetric cryptography Adapted from: CNSSI 4009, NIST SP 800-63 Rev 1, FIPS 201-2, FIPS 140-2, Federal Bridge Certificate Authority Certification Policy 2.25 public key cryptography   Definition: A branch of cryptography in which a cryptographic system or algorithms use two uniquely linked keys: a public key and a private key (a key pair). Synonym(s): asymmetric cryptography, public key encryption Adapted from: CNSSI 4009, FIPS 140-2, InCommon Glossary public key encryption   Synonym(s): public key cryptography Public Key Infrastructure   Definition: A framework consisting of standards and services to enable secure, encrypted communication and authentication over potentially insecure networks such as the Internet. Extended Definition: A framework and services for generating, producing, distributing, controlling, accounting for, and revoking (destroying) public key certificates. Adapted from: CNSSI 4009, IETF RFC 2828, Federal Bridge Certificate Authority Cross-certification Methodology 3.0, InCommon Glossary, Kantara Identity Assurance Framework 1100, NIST SP 800-63 Rev 1 Q Letter: Q. R Letter: R. Recovery Definition: The activities after an incident or event to restore essential services and operations in the short and medium term and fully restore all capabilities in the longer term. Adapted from: NIPP Red Team   Definition: A group authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s cybersecurity posture. Related Term(s): Blue Team, White Team Adapted from: CNSSI 4009 Red Team exercise   Definition: An exercise, reflecting real-world conditions, that is conducted as a simulated attempt by an adversary to attack or exploit vulnerabilities in an enterprise's information systems. Related Term(s): cyber exercise Adapted from: NIST SP 800-53 Rev 4 redundancy   Definition: Additional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process. From: DHS Risk Lexicon resilience   Definition: The ability to adapt to changing conditions and prepare for, withstand, and rapidly recover from disruption. From: DHS Risk Lexicon response   Definition: The activities that address the short-term, direct effects of an incident and may also support short-term recovery. Extended Definition: In cybersecurity, response encompasses both automated and manual activities. Related Term(s): recovery Adapted from: National Infrastructure Protection Plan, NCPS Target Architecture Glossary response plan Synonym(s): incident response plan risk Definition: The potential for an unwanted or adverse outcome resulting from an incident, event, or occurrence, as determined by the likelihood that a particular threat will exploit a particular vulnerability, with the associated consequences. Adapted from: DHS Risk Lexicon, NIPP and adapted from: CNSSI 4009, FIPS 200, NIST SP 800-53 Rev 4, SAFE-BioPharma Certificate Policy 2.5 risk analysis   Definition: The systematic examination of the components and characteristics of risk. Related Term(s): risk assessment, risk From: DHS Risk Lexicon risk assessment   Definition: The product or process which collects information and assigns values to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making. Extended Definition: The appraisal of the risks facing an entity, asset, system, or network, organizational operations, individuals, geographic area, other organizations, or society, and includes determining the extent to which adverse circumstances or events could result in harmful consequences. Related Term(s): risk analysis, risk Adapted from: DHS Risk Lexicon, CNSSI 4009, NIST SP 800-53 Rev 4 risk management   Definition: The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken. Extended Definition: Includes: 1) conducting a risk assessment; 2) implementing strategies to mitigate risks; 3) continuous monitoring of risk over time; and 4) documenting the overall risk management program. Related Term(s): enterprise risk management, integrated risk management, risk From: DHS Risk Lexicon and Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4 risk mitigation Synonym(s): mitigation risk-based data management Definition: A structured approach to managing risks to data and information by which an organization selects and applies appropriate security controls in compliance with policy and commensurate with the sensitivity and value of the data. Adapted from: DHS personnel rootkit   Definition: A set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges, and conceal the activities conducted by the tools. Adapted from: CNSSI 4009 S Letter: S. secret key   Definition: A cryptographic key that is used for both encryption and decryption, enabling the operation of a symmetric key cryptography scheme. Extended Definition: Also, a cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption of plaintext and decryption of ciphertext. Related Term(s): symmetric key Adapted from: CNSSI 4009 Securely Provision Definition: A NICE Framework category consisting of specialty areas concerned with conceptualizing, designing, and building secure IT systems, with responsibility for some aspect of the systems' development. From: NICE Framework security automation   Definition: The use of information technology in place of manual processes for cyber incident response and management. Adapted from: DHS personnel security incident   Synonym(s): incident security policy Definition: A rule or set of rules that govern the acceptable use of an organization's information and services to a level of acceptable risk and the means for protecting the organization's information assets. Extended Definition: A rule or set of rules applied to an information system to provide security services. Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4, NIST SP 800-130, OASIS SAML Glossary 2.0 Security Program Management   Definition: In the NICE Framework, cybersecurity work where a person: Manages information security (e.g., information security) implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and other resources (e.g., the role of a Chief Information Security Officer). From: NICE Framework signature Definition: A recognizable, distinguishing pattern. Extended Definition: Types of signatures: attack signature, digital signature, electronic signature. From: CNSSI 4009; Adapted from: NIST SP 800-94 situational awareness   Definition: Comprehending information about the current and developing security posture and risks, based on information gathered, observation and analysis, and knowledge or experience. Extended Definition: In cybersecurity, comprehending the current status and security posture with respect to availability, confidentiality, and integrity of networks, systems, users, and data, as well as projecting future states of these. Adapted from: CNSSI 4009, DHS personnel, National Response Framework software assurance   Definition: The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner. From: CNSSI 4009 Software Assurance and Security Engineering   Definition: In the NICE Framework, cybersecurity work where a person: Develops and writes/codes new (or modifies existing) computer applications, software, or specialized utility programs following software assurance best practices. From: NICE Framework spam   Definition: The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages. Adapted from: CNSSI 4009 spillage   Synonym(s): data spill, data breach Spoofing   Definition: Faking the sending address of a transmission to gain illegal [unauthorized] entry into a secure system. Extended Definition: The deliberate inducement of a user or resource to take incorrect action. Note: Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing. From: CNSSI 4009 spyware   Definition: Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner. Related Term(s): keylogger Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4 Strategic Planning and Policy Development   Definition: In the NICE Framework, cybersecurity work where a person: Applies knowledge of priorities to define an entity. From: NICE Framework subject   Definition: An individual, process, or device causing information to flow among objects or a change to the system state. Extended Definition: An active entity. Related Term(s): object, access, access control Adapted from: NIST SP 800-53 Rev 4., CNSSI 4009 Supervisory Control and Data Acquisition Definition: A generic name for a computerized system that is capable of gathering and processing data and applying operational controls to geographically dispersed assets over long distances. Related Term(s): Industrial Control System Adapted from: NCSD Glossary, CNSSI 4009 supply chain   Definition: A system of organizations, people, activities, information and resources, for creating and moving products including product components and/or services from suppliers through to their customers. Related Term(s): supply chain risk management Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4 Supply Chain Risk Management   Definition: The process of identifying, analyzing, and assessing supply chain risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken. Related Term(s): supply chain Adapted from: DHS Risk Lexicon, CNSSD 505 symmetric cryptography   Definition: A branch of cryptography in which a cryptographic system or algorithms use the same secret key (a shared secret key). Adapted from: CNSSI 4009, SANS symmetric encryption algorithm   Synonym(s): symmetric cryptography symmetric key Definition: A cryptographic key that is used to perform both the cryptographic operation and its inverse, for example to encrypt plaintext and decrypt ciphertext, or create a message authentication code and to verify the code. Extended Definition: Also, a cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption of plaintext and decryption of ciphertext. Related Term(s): secret key From: CNSSI 4009 System Administration   Definition: In the NICE Framework, cybersecurity work where a person: Installs, configures, troubleshoots, and maintains server configurations (hardware and software) to ensure their confidentiality, integrity, and availability; also manages accounts, firewalls, and patches; responsible for access control, passwords, and account creation and administration. From: NICE Framework system integrity Definition: The attribute of an information system when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. Related Term(s): integrity, data integrity From: CNSSI 4009 Systems Development Definition: In the NICE Framework, cybersecurity work where a person: Works on the development phases of the systems development lifecycle. From: NICE Framework Systems Requirements Planning   Definition: In the NICE Framework, cybersecurity work where a person: Consults with customers to gather and evaluate functional requirements and translates these requirements into technical solutions; provides guidance to customers about applicability of information systems to meet business needs. From: NICE Framework Systems Security Analysis Definition: In the NICE Framework, cybersecurity work where a person: Conducts the integration/testing, operations, and maintenance of systems security. From: NICE Framework Systems Security Architecture   Definition: In the NICE Framework, cybersecurity work where a person: Develops system concepts and works on the capabilities phases of the systems development lifecycle; translates technology and environmental conditions (e.g., law and regulation) into system and security designs and processes. From: NICE Framework T Letter: T. tabletop exercise Definition: A discussion-based exercise where personnel meet in a classroom setting or breakout groups and are presented with a scenario to validate the content of plans, procedures, policies, cooperative agreements or other information for managing an incident. Adapted from: NCSD Glossary, DHS Homeland Security Exercise and Evaluation Program tailored trustworthy space Definition: A cyberspace environment that provides a user with confidence in its security, using automated mechanisms to ascertain security conditions and adjust the level of security based on the user's context and in the face of an evolving range of threats. Adapted from: National Science and Technology Council's Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program Targets   Definition: In the NICE Framework, cybersecurity work where a person: Applies current knowledge of one or more regions, countries, non-state entities, and/or technologies. From: NICE Framework Technology Research and Development  Definition: In the NICE Framework, cybersecurity work where a person: Conducts technology assessment and integration processes; provides and supports a prototype capability and/or evaluates its utility. From: NICE Framework Test and Evaluation Definition: In the NICE Framework, cybersecurity work where a person: Develops and conducts tests of systems to evaluate compliance with specifications and requirements by applying principles and methods for cost-effective planning, evaluating, verifying, and validating of technical, functional, and performance characteristics (including interoperability) of systems or elements of systems incorporating information technology. From: NICE Framework threat   Definition: A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society. Extended Definition: Includes an individual or group of individuals, entity such as an organization or a nation), action, or occurrence. Adapted from: DHS Risk Lexicon, NIPP, CNSSI 4009, NIST SP 800-53 Rev 4 threat actor Synonym(s): threat agent threat agent   Definition: An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities. Related Term(s): adversary, attacker Adapted from: DHS Risk Lexicon threat analysis   Definition: The detailed evaluation of the characteristics of individual threats. Extended Definition: In the NICE Framework, cybersecurity work where a person: Identifies and assesses the capabilities and activities of cyber criminals or foreign intelligence entities; produces findings to help initialize or support law enforcement and counterintelligence investigations or activities. Adapted from: DHS personnel; From NICE Framework threat assessment   Definition: The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations, and/or property. Related Term(s): threat analysis From: DHS Risk Lexicon and adapted from: CNSSI 4009, NIST SP 800-53, Rev 4 ticket   Definition: In access control, data that authenticates the identity of a client or a service and, together with a temporary encryption key (a session key), forms a credential. Adapted from: IETF RFC 4120 Kerberos V5, July 2005; Conrad, E., Misenauer, S., & Feldman, J. (2010). CISSP® Study Guide. Burlington, MA: Syngress traffic light protocol   Definition: A set of designations employing four colors (RED, AMBER, GREEN, and WHITE) used to ensure that sensitive information is shared with the correct audience. Adapted from: US-CERT Trojan horse   Definition: A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program. From: CNSSI 4009 U Letter: U. unauthorized access   Definition: Any access that violates the stated security policy. From: CNSSI 4009 V Letter: V. virus   Definition: A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer. Related Term(s): macro virus Adapted from: CNSSI 4009 vulnerability   Definition: A characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard. Extended Definition: Characteristic of location or security posture or of design, security procedures, internal controls, or the implementation of any of these that permit a threat or hazard to occur. Vulnerability (expressing degree of vulnerability): qualitative or quantitative expression of the level of susceptibility to harm when a threat or hazard is realized. Related Term(s): weakness Adapted from: DHS Risk Lexicon, CNSSI 4009, NIST SP 800-53 Rev 4 Vulnerability Assessment and Management   Definition: In the NICE Framework, cybersecurity work where a person: Conducts assessments of threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations. From: NICE Framework W Letter: W. weakness   Definition: A shortcoming or imperfection in software code, design, architecture, or deployment that, under proper conditions, could become a vulnerability or contribute to the introduction of vulnerabilities. Related Term(s): vulnerability Adapted from: ITU-T X.1520 CWE, FY 2013 CIO FISMA Reporting Metrics White Team Definition: A group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of information systems. Related Term(s): Blue Team, Red Team Adapted from: CNSSI 4009 work factor Definition: An estimate of the effort or time needed by a potential adversary, with specified expertise and resources, to overcome a protective measure. Adapted from: CNSSI 4009 worm   Definition: A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself. From: CNSSI 4009 X Letter: X. Y Letter: Y. Z Letter: Z. Last Published Date: January 11, 2022
Topics
  • Topic
  • Tf
  • Position
  • definition
  • 273
  • 1
  • information
  • 165
  • 1
  • system
  • 138
  • 1
  • adapted
  • 135
  • 1
  • cnssi 4009
  • 107
  • 1
  • 4009
  • 107
  • 1
  • term
  • 106
  • 1
  • cnssi
  • 103
  • 1
  • related
  • 98
  • 1
  • related term
  • 93
  • 1
  • framework
  • 86
  • 1
  • letter
  • 84
  • 1
  • rev
  • 84
  • 1
  • nice framework
  • 79
  • 1
  • nice
  • 74
  • 1
  • risk
  • 73
  • 1
  • data
  • 68
  • 1
  • adapted cnssi 4009
  • 64
  • 1
  • adapted cnssi
  • 64
  • 1
  • security
  • 63
  • 1
  • 53 rev
  • 60
  • 1
  • key
  • 60
  • 1
  • information system
  • 57
  • 1
  • nist sp
  • 53
  • 1
  • extended definition
  • 53
  • 1
  • nist
  • 53
  • 1
  • extended
  • 53
  • 1
  • nist sp 800
  • 51
  • 1
  • sp 800
  • 51
  • 1
  • sp
  • 51
  • 1
  • 800
  • 51
  • 1
  • cybersecurity
  • 50
  • 1
  • threat
  • 49
  • 1
  • process
  • 47
  • 1
  • dh
  • 44
  • 1
  • access
  • 43
  • 1
  • synonym
  • 42
  • 1
  • network
  • 41
  • 1
  • person
  • 41
  • 1
  • definition nice framework
  • 37
  • 1
  • definition nice
  • 37
  • 1
  • work
  • 37
  • 1
  • attack
  • 35
  • 1
  • framework cybersecurity
  • 32
  • 1
  • cybersecurity work
  • 32
  • 1
  • incident
  • 32
  • 1
  • nice framework cybersecurity
  • 31
  • 1
  • framework cybersecurity work
  • 31
  • 1
  • cybersecurity work person
  • 31
  • 1
  • cnssi 4009 nist
  • 31
  • 1
  • 4009 nist sp
  • 31
  • 1
  • work person
  • 31
  • 1
  • 4009 nist
  • 31
  • 1
  • sp 800 53
  • 30
  • 1
  • 800 53 rev
  • 30
  • 1
  • 800 53
  • 30
  • 1
  • adapted dh
  • 28
  • 1
  • dh risk lexicon
  • 22
  • 1
  • dh risk
  • 22
  • 1
  • risk lexicon
  • 22
  • 1
  • dh personnel
  • 20
  • 1
  • ncsd glossary
  • 20
  • 1
  • 63 rev
  • 18
  • 1
  • risk management
  • 16
  • 1
  • adapted dh risk
  • 15
  • 1
  • definition process
  • 15
  • 1
  • public key
  • 15
  • 1
  • adapted ncsd glossary
  • 14
  • 1
  • adapted ncsd
  • 14
  • 1
  • system related
  • 13
  • 1
  • adapted dh personnel
  • 12
  • 1
  • information information
  • 12
  • 1
  • system related term
  • 11
  • 1
  • information information system
  • 11
  • 1
  • management definition
  • 11
  • 1
  • information system related
  • 10
  • 1
  • fip 140
  • 10
  • 1
  • supply chain
  • 10
  • 1
  • information related
  • 10
  • 1
  • sp 800 63
  • 9
  • 1
  • 800 63 rev
  • 9
  • 1
  • information related term
  • 9
  • 1
  • access control
  • 9
  • 1
  • 800 63
  • 9
  • 1
  • system network
  • 9
  • 1
  • secret key
  • 8
  • 1
  • system adapted
  • 8
  • 1
  • computer network
  • 8
  • 1
  • maliciou code
  • 8
  • 1
  • information communication
  • 8
  • 1
  • nice framework category
  • 7
  • 1
  • framework category consisting
  • 7
  • 1
  • category consisting specialty
  • 7
  • 1
  • consisting specialty area
  • 7
  • 1
  • related term data
  • 7
  • 1
  • threat definition
  • 7
  • 1
  • information security
  • 7
  • 1
  • framework category
  • 7
  • 1
  • category consisting
  • 7
  • 1
  • consisting specialty
  • 7
  • 1
  • specialty area
  • 7
  • 1
  • information technology
  • 7
  • 1
  • definition information
  • 7
  • 1
  • system security
  • 7
  • 1
  • incident response
  • 7
  • 1
  • term data
  • 7
  • 1
  • private key
  • 7
  • 1
  • security policy
  • 7
  • 1
  • information system adapted
  • 6
  • 1
  • misenauer
  • 6
  • 1
  • feldman
  • 6
  • 1
  • federal bridge
  • 6
  • 1
  • key definition
  • 6
  • 1
  • definition ability
  • 6
  • 1
  • definition set
  • 6
  • 1
  • definition property
  • 6
  • 1
  • confidentiality integrity
  • 6
  • 1
  • red team
  • 6
  • 1
  • cryptographic algorithm
  • 6
  • 1
  • data information
  • 6
  • 1
  • key encryption
  • 6
  • 1
  • data loss
  • 6
  • 1
  • definition cryptographic
  • 6
  • 1
  • specialty area responsible
  • 5
  • 1
  • computer network defense
  • 5
  • 1
  • ncsd glossary cnssi
  • 5
  • 1
  • glossary cnssi 4009
  • 5
  • 1
  • fip 201
  • 5
  • 1
  • adapted nist sp
  • 5
  • 1
  • framework letter
  • 5
  • 1
  • system resource
  • 5
  • 1
  • access information
  • 5
  • 1
  • ietf rfc
  • 5
  • 1
  • definition software
  • 5
  • 1
  • definition individual
  • 5
  • 1
  • access privilege
  • 5
  • 1
  • area responsible
  • 5
  • 1
  • network defense
  • 5
  • 1
  • glossary cnssi
  • 5
  • 1
  • analysi definition
  • 5
  • 1
  • synonym incident
  • 5
  • 1
  • critical infrastructure
  • 5
  • 1
  • cryptographic key
  • 5
  • 1
  • symmetric key
  • 5
  • 1
  • plaintext ciphertext
  • 5
  • 1
  • response plan
  • 5
  • 1
  • definition activity
  • 5
  • 1
  • information assurance
  • 5
  • 1
  • data breach
  • 5
  • 1
  • incident adapted
  • 5
  • 1
  • adapted nist
  • 5
  • 1
  • related term integrity
  • 4
  • 1
  • extended definition cybersecurity
  • 4
  • 1
  • integrity adapted cnssi
  • 4
  • 1
  • confidentiality integrity availability
  • 4
  • 1
  • sp 800 130
  • 4
  • 1
  • information communication technology
  • 4
  • 1
  • incident response plan
  • 4
  • 1
  • work person develop
  • 4
  • 1
  • work person conduct
  • 4
  • 1
  • risk management definition
  • 4
  • 1
  • related term risk
  • 4
  • 1
  • risk lexicon cnssi
  • 4
  • 1
  • lexicon cnssi 4009
  • 4
  • 1
  • cnssi 4009 fip
  • 4
  • 1
  • federal bridge certificate
  • 4
  • 1
  • bridge certificate authority
  • 4
  • 1
  • development definition nice
  • 4
  • 1
  • key definition cryptographic
  • 4
  • 1
  • definition cryptographic key
  • 4
  • 1
  • 4009 letter
  • 4
  • 1
  • nice framework system
  • 4
  • 1
  • term recovery
  • 4
  • 1
  • industrial control
  • 4
  • 1
  • exploit vulnerability
  • 4
  • 1
  • key pair
  • 4
  • 1
  • bridge certificate
  • 4
  • 1
  • certificate authority
  • 4
  • 1
  • unauthorized function
  • 4
  • 1
  • development definition
  • 4
  • 1
  • 140
  • 4
  • 1
  • fip
  • 4
  • 1
  • system development
  • 4
  • 1
  • framework system
  • 4
  • 1
  • information system network
  • 3
  • 1
  • incident synonym incident
  • 3
  • 1
  • incident related term
  • 3
  • 1
  • related term event
  • 3
  • 1
  • integrity availability information
  • 3
  • 1
  • national infrastructure protection
  • 3
  • 1
  • infrastructure protection plan
  • 3
  • 1
  • andor information system
  • 3
  • 1
  • information system security
  • 3
  • 1
  • key cnssi 4009
  • 3
  • 1
  • dh homeland security
  • 3
  • 1
  • homeland security exercise
  • 3
  • 1
  • security exercise evaluation
  • 3
  • 1
  • exercise evaluation program
  • 3
  • 1
  • information communication system
  • 3
  • 1
  • icam saml 20
  • 3
  • 1
  • saml 20 wb
  • 3
  • 1
  • 20 wb sso
  • 3
  • 1
  • wb sso profile
  • 3
  • 1
  • sso profile 102
  • 3
  • 1
  • extended definition nice
  • 3
  • 1
  • enterprise risk management
  • 3
  • 1
  • integrated risk management
  • 3
  • 1
  • network information system
  • 3
  • 1
  • system extended definition
  • 3
  • 1
  • related term supply
  • 3
  • 1
  • term supply chain
  • 3
  • 1
  • system adapted ncsd
  • 3
  • 1
  • industrial control system
  • 3
  • 1
  • related term information
  • 3
  • 1
  • resilience definition ability
  • 3
  • 1
  • work person apply
  • 3
  • 1
  • related term private
  • 3
  • 1
  • term private key
  • 3
  • 1
  • key public key
  • 3
  • 1
  • key secret key
  • 3
  • 1
  • key adapted cnssi
  • 3
  • 1
  • certificate authority certification
  • 3
  • 1
  • authority certification policy
  • 3
  • 1
  • certification policy 225
  • 3
  • 1
  • management definition nice
  • 3
  • 1
  • perform unauthorized function
  • 3
  • 1
  • related term maliciou
  • 3
  • 1
  • unauthorized function process
  • 3
  • 1
  • extended definition include
  • 3
  • 1
  • supply chain risk
  • 3
  • 1
Result 2
TitleCybersecurity Glossary of Terms | Global Knowledge
Urlhttps://www.globalknowledge.com/us-en/topics/cybersecurity/glossary-of-terms/
DescriptionThe Cybersecurity Glossary of Terms contains definitions to help you uncover knowledge areas in which you excel and where you want to expand. Read here
Date
Organic Position2
H1Cybersecurity Glossary of Terms
H2
H3Cart () Loading...
Cart () Loading...
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
H2WithAnchors
BodyCybersecurity Glossary of Terms Regardless of your role in an organization, this glossary of cybersecurity terms was compiled for everyone from the security professional to the general end-user. Here, you’ll find definitions of terms commonly used in the security industry. Uncover knowledge areas in which you excel and where you want to expand.   A B C D E F G H I J K L M N O P Q R S T U V W X Y Z.   A. Top access control — The means and mechanisms of managing access to and use of resources by users. There are three primary forms of access control: DAC, MAC, and RBAC. DAC (Discretionary Access Control) manages access through the use of on-object ACLs (Access Control Lists), which indicate which users have been granted (or denied) specific privileges or permissions on that object. MAC (Mandatory Access Control) restricts access by assigning each subject and object a classification or clearance level label; resource use is then controlled by limiting access to those subjects with equal or superior labels to that of the object. RBAC (Role Base Access Control) controls access through the use of job labels, which have been assigned the permissions and privilege needed to accomplish the related job tasks. (Also known as authorization.) anti-virus (anti-malware) — A security program designed to monitor a system for malicious software. Once malware is detected, the AV program will attempt to remove the offending item from the system or may simply quarantine the file for further analysis by an administrator. It is important to keep AV software detection databases current in order to have the best chance of detecting known forms of malware. antivirus software — A software program that monitors a computer system or network communications for known examples of malicious code and then attempts to remove or quarantine the offending items. (Also known as Malware Scanner.) Most anti-virus (AV) products use a pattern recognition or signature matching system to detect the presence of known malicious code. Some AV products have adopted technologies to potentially detect new and unknown malware. These technologies include anomaly detection (i.e. watch for programs which violate specific rules), behavioral detection (i.e. watch for programs that have behaviors that are different from the normal baseline of behavior of the system), and heuristic detection (i.e. watch for programs that exhibit actions which are known to be those of confirmed malware; it is a type of technological profiling). APT (Advanced Persistent Threat) — A security breach that enables an attacker to gain access or control over a system for an extended period of time usually without the owner of the system being aware of the violation. Often an APT takes advantage of numerous unknown vulnerabilities or zero day attacks, which allow the attacker to maintain access to the target even as some attack vectors are blocked. asset — Anything that is used in and is necessary to the completion of a business task. Assets include both tangible and intangible items such as equipment, software code, data, facilities, personnel, market value and public opinion. authentication — The process of proving an individual is a claimed identity. Authentication is the first element of the AAA services concept, which includes Authentication, Authorization, and Accounting. Authentication occurs after the initial step of identification (i.e. claiming an identity). Authentication is accomplished by providing one or more authentication factors—Type 1: something you know (e.g. password, PIN, or combination), Type 2: something you have (e.g. smart card, RSA SecureID FOB, or USB drive), and Type 3: something you are (e.g. biometrics—fingerprint, iris scan, retina scan, hand geometry, signature verification, voice recognition, and keystroke dynamics). authorization — The security mechanism determining and enforcing what authenticated users are authorized to do within a computer system. The dominant forms of authorization are DAC, MAC and RBAC. DAC (Discretionary Access Control) manages access using ACL (Access Control Lists) on each resource object where users are listed along with the permissions or privileges granted or denied them. MAC (Mandatory Access Control) manages access using labels of classification or clearance on both subjects and objects, and only those subjects with equal or superior clearance are allowed to access resources. RBAC (Role Based Access Control) manages access using labels of a job role that has been granted the permissions and privileges needed to accomplish a specific job or role.   B. Top backing up — Creating a duplicate copy of data onto a separate physical storage device or online/cloud storage solution. A backup is the only insurance against data loss. With a backup, damaged or lost data files can be restored. Backups should be created on a regular, periodic basis such as daily. A common strategy is based on the 3-2-1 rule: you should have three copies of your data - the original and 2 backups; you should use 2 different types of media (such as a physical media (such as a hard drive or tape) and a cloud storage solution); and do not store the three copies of data in 1 plane (i.e. backups should be stored offsite). It is important to store backups for disaster recovery at an offsite location in order to insure they are not damaged by the same event that would damage the primary production location. However, additional onsite backups can be retained for resolving minor issues such as accidental file deletion or hard drive failure. BCP (Business Continuity Planning) — A business management plan used to resolve issues that threaten core business tasks. (Also known as Business Continuity Management.) The goal of BCP is to prevent the failure of mission critical processes when they have be harmed by a breach or accident. Once core business tasks have been stabilized, BCP dictates the procedure to return the environment back to normal conditions. BCP is used when the normal security policy has failed to prevent harm from occurring, but before the harm has reached the level of fully interrupting mission critical processes, which would trigger the Disaster Recovery Process (DRP). behavior monitoring — Recording the events and activities of a system and its users. The recorded events are compared against security policy and behavioral baselines to evaluate compliance and/or discover violations. Behavioral monitoring can include the tracking of trends, setting of thresholds and defining responses. Trend tracking can reveal when errors are increasing requiring technical support services, when abnormal load levels occur indicating the presence of malicious code, or when production work levels increase indicating a need to expand capacity. Thresholds are used to define the levels of activity or events above which are of concern and require a response. The levels below the threshold are recorded but do not trigger a response. Responses can be to resolve conflicts, handle violations, prevent downtime or improve capabilities. blacklist — A security mechanism prohibiting the execution of those programs on a known malicious or undesired list of software. The blacklist is a list of specific files known to be malicious or otherwise are unwanted. Any program on the list is prohibited from executing while any other program, whether benign or malicious, is allowed to execute by default. (See whitelist.) block cipher — A type of symmetric encryption algorithm that divides data into fixed length sections and then performs the encryption or decryption operation on each block. The action of dividing a data set into blocks enables the algorithm to encrypt data of any size. botnet — A collection of innocent computers which have been compromised by malicious code in order to run a remote control agent granting an attacker the ability to remotely take advantage of the system's resources in order to perform illicit or criminal actions. These actions include DoS flooding attacks, hosting false Web services, spoofing DNS, transmitting SPAM, eavesdropping on network communications, recording VOIP communications and attempting to crack encryption or password hashes. Botnets can be comprised of dozens to over a million individual computers. The term botnet is a shortened form of robotic network. bug — An error or mistake in software coding or hardware design or construction. A bug represents a flaw or vulnerability in a system discoverable by attackers and used as point of compromise. Attacks often use fuzzing technique (i.e. randomize testing tools) to locate previously unknown bugs in order to craft new exploits. BYOD (Bring Your Own Device) — A company’s security policy dictating whether or not workers can bring in their own devices into the work environment, whether or not such devices can be connected to the company network and to what extent that connection allows interaction with company resources. A BYOD policy can range from complete prohibition of personal devices being brought into the facility to allowing any device to be connected to the company network with full access to all company resources. Generally, a BYOD policy puts reasonable security limitations on which devices can be used on company property and severely limits access to sensitive company network resources. BYOD should address concerns such as data ownership, asset tracking, geo location, patching and upgrades, security applications (such as malware scanners, firewalls and IDS), storage segmentation, appropriate vs inappropriate applications, on-boarding, off-boarding, repair/replacement due to damage, legal concerns, internal investigations and law enforcement investigations and forensics.   C. Top ciphertext — The unintelligible and seeming random form of data that is produced by the cryptographic function of encryption. Ciphertext is produced by a symmetric algorithm when a data set is transformed by the encryption process using a selected key. Ciphertext can converted back into its original form (i.e. plain text) by performing the decryption process using the same symmetric encryption algorithm and the key used during the encryption process. (Also known as cryptogram.) clickjacking — A malicious technique by which a victim is tricked into clicking on a URL, button or other screen object other than that intended by or perceived by the user. Clickjacking can be performed in many ways; one of which is to load a web page transparently behind another visible page in such a way that the obvious links and objects to click are facades, so clicking on an obvious link actually causes the hidden page's link to be selected. cloud computing — A means to offer computing services to the public or for internal use through remote services. Most cloud computing systems are based on remote virtualization where the application or operating environment offered to customers is hosted on the cloud provider's computer hardware. There are a wide range of cloud solutions including software applications (examples include e-mail and document editing), custom code hosting (namely execution platforms and web services) as well as full system replacements (such as remote virtual services to host databases or file storage). (See SaaS, PaaS, and IaaS.) Most forms of cloud computing are considered public cloud as they are provided by a third party. However, private cloud (internally hosted), community cloud (a group of companies' privately hosted cloud), a hosted private cloud (the cloud servers are owned and managed by a third party but hosted in the facility of the customer) and hybrid cloud (a mixture of public and private) are also options. CND (Computer Network Defense) — The establishment of a security perimeter and of internal security requirements with the goal of defending a network against cyberattacks, intrusions and other violations. A CND is defined by a security policy and can be stress tested using vulnerability assessment and penetration testing measures. cracker — The proper term to refer to an unauthorized attacker of computers, networks and technology instead of the misused term “hacker.” However, this term is not as widely used in the media; thus, the term hacker has become more prominent in-spite of the terms misuse. (See hacker.) critical infrastructure — The physical or virtual systems and assets that are vital to an organization or country. If these systems are compromised, the result would be catastrophic. If an organization's mission critical processes are interrupted, this could result in the organization ceasing to exist. If a country's critical infrastructure is destroyed, it will have severe negative impact on national security, economic stability, citizen safety and health, transportation and communications. CVE (Common Vulnerabilities and Exposures) — An online database of attacks, exploits and compromises operated by the MITRE organization for the benefit of the public. It includes any and all attacks and abuses known for any type of computer system or software product. Often new attacks and exploits are documented in a CVE long before a vendor admits to the issue or releases an update or patch to resolve the concern. cryptography — The application of mathematical processes on data-at-rest and data-in-transit to provide the security benefits of confidentiality, authentication, integrity and non-repudiation. Cryptography includes three primary components: symmetric encryption, asymmetric encryption and hashing. Symmetric encryption is used to provide confidentiality. Asymmetric encryption is used to provide secure symmetric key generation, secure symmetric key exchange (via digital envelopes created through the use of the recipient's public key) verification of source, verification/control of recipient, digital signature (a combination of hashing and use of the sender's private key) and digital certificates (which provides third-party authentication services). Hashing is the cryptographic operation that produces a representational value from an input data set. A before and after hash can be compared in order to detect protection of or violation of integrity. cyberattack — Any attempt to violate the security perimeter of a logical environment. An attack can focus on gathering information, damaging business processes, exploiting flaws, monitoring targets, interrupting business tasks, extracting value, causing damage to logical or physical assets or using system resources to support attacks against other targets. Cyberattacks can be initiated through exploitation of a vulnerability in a publicly exposed service, through tricking a user into opening an infectious attachment, or even causing automated installation of exploitation tools through innocent website visits. (Also known as drive-by download.) cyber ecosystem — The collection of computers, networks, communication pathways, software, data and users that comprise either a local private network or the world-wide Internet. It is the digital environment within which software operates and data is manipulated and exchanged. cyberespionage — The unethical act of violating the privacy and security of an organization in order to leak data or disclose internal/private/confidential information. Cyberespionage can be performed by individuals, organization or governments for the direct purpose of causing harm to the violated entity to benefit individuals, organizations or governments. cybersecurity — The efforts to design, implement, and maintain security for an organization's network, which is connected to the Internet. It is a combination of logical/technical-, physical- and personnel-focused countermeasures, safeguards and security controls. An organization's cybersecurity should be defined in a security policy, verified through evaluation techniques (such as vulnerability assessment and penetration testing) and revised, updated and improved over time as the organization evolves and as new threats are discovered. cyber teams — Groups of professional or amateur penetration testing specialists who are tasked with evaluating and potentially improving the security stance of an organization. Common cyber teams include the red, blue and purple/white teams. A red team is often used as part of a multi-team penetration test (i.e. security evaluation), which is responsible for attacking the target which is being defended by the blue team. A purple team or white team is either used as a reference between the attack/red and defense/blue teams; or this team can be used as an interpreter of the results and activities of the red and blue teams in order to maximize their effectiveness in the final results.   D. Top data breach — The occurrence of disclosure of confidential information, access to confidential information, destruction of data assets or abusive use of a private IT environment. Generally, a data breach results in internal data being made accessible to external entities without authorization. data integrity — A security benefit that verifies data is unmodified and therefore original, complete and intact. Integrity is verified through the use of cryptographic hashing. A hashing algorithm generates a fixed length output known as a hash value, fingerprint or MAC (Message Authenticating Code), which is derived from the input data but which does not contain the input data. This makes hashing a one-way operation. A hash is calculated before an event, and another hash is calculated after the event (an event can be a time frame of storage (i.e. data-at-rest) or an occurrence of transmission (i.e. data-in-transit); the two hashes are then compared using an XOR Boolean operation. If the two hashes exactly match (i.e. the XOR result is zero), then the data has retained its integrity. However, if the two hashes do not match exactly (i.e. the XOR result is a non-zero value), then something about the data changed during the event. data mining — The activity of analyzing and/or searching through data in order to find items of relevance, significance or value. The results of data mining are known as meta-data. Data mining can be a discovery of individual important data items, a summary or overview of numerous data items or a consolidation or clarification of a collection of data items. data theft — The act of intentionally stealing data. Data theft can occur via data loss (physical theft) or data leakage (logical theft) event. Data loss occurs when a storage device is lost or stolen. Data leakage occurs when copies of data is possessed by unauthorized entities. DDoS (Distributed Denial of Service) Attack — An attack which attempts to block access to and use of a resource. It is a violation of availability. DDOS (or DDoS) is a variation of the DoS attack (see DOS) and can include flooding attacks, connection exhaustion, and resource demand. The distinction of DDOS from DOS is that the attack traffic may originate from numerous sources or is reflected or bounced off of numerous intermediary systems. The purpose of a DDoS attack is to significantly amplify the level of the attack beyond that which can be generated by a single attack system in order to overload larger and more protected victims. DDoS attacks are often waged using botnets. (See botnet.) decrypt — The act which transforms ciphertext (i.e. the unintelligible and seeming random form of data that is produced by the cryptographic function of encryption) back into its original plaintext or cleartext form. Ciphertext is produced by a symmetric encryption algorithm when a data set is transformed by the encryption process using a selected key. Ciphertext can converted back into its original form (i.e. plaintext) by performing the decryption process using the same symmetric encryption algorithm and the same key used during the encryption process. digital certificate — A means by which to prove identity or provide authentication commonly by means of a trusted third-party entity known as a certificate authority. A digital certificate is based on the x.509 v3 standard. It is the public key of a subject signed by the private key of a certificate authority with clarifying text information such as issuer, subject identity, date of creation, date of expiration, algorithms, serial number and thumbprint (i.e. hash value). digital forensics — The means of gathering digital information to be used as evidence in a legal procedure. Digital forensics focuses on gathering, preserving and analyzing the fragile and volatile data from a computer system and/or network. Computer data that is relevant to a security breach and/or criminal action is often intermixed with standard benign data from business functions and personal activities. Thus, digital forensics can be challenging to properly collect relevant evidence while complying with the rules of evidence in order to ensure that such collected evidence is admissible in court. DLP (Data Loss Prevention) — A collection of security mechanisms which aim at preventing the occurrence of data loss and/or data leakage. Data loss occurs when a storage device is lost or stolen while data leakage occurs when copies of data is possessed by unauthorized entities. In both cases, data is accessible to those who should not have access. DLP aims at preventing such occurrences through various techniques such as strict access controls on resources, blocking the use of email attachments, preventing network file exchange to external systems, blocking cut-and-paste, disabling use of social networks and encrypting stored data. DMZ (Demilitarized Zone) — A segment or subnet of a private network where resources are hosted and accessed by the general public from the Internet. The DMZ is isolated from the private network using a firewall and is protected from obvious abuses and attacks from the Internet using a firewall. A DMZ can be deployed in two main configurations. One method is the screened subnet configuration, which has the structure of I-F-DMZ-F-LAN (i.e. internet, then firewall, then the DMZ, then another firewall, then the private LAN). A second method is the multi-homed firewall configuration, which has the structure of a single firewall with three interfaces, one connecting to the Internet, a second to the DMZ, and a third to the private LAN. DOS (Denial of Service) — An attack that attempts to block access to and use of a resource. It is a violation of availability. DOS (or DoS) attacks include flooding attacks, connection exhaustion and resource demand. A flooding attack sends massive amounts of network traffic to the target overloading the ability of network devices and servers to handle the raw load. Connection exhaustion repeatedly makes connection requests to a target to consume all system resources related to connections, which prevents any other connections from being established or maintained. A resource demand DoS repeatedly requests a resource from a server in order to keep it too busy to respond to other requests. drive-by download — A type of web-based attack that automatically occurs based on the simple act of visiting a malicious or compromised/poisoned Web site. A drive-by download is accomplished by taking advantage of the default nature of a Web browser to execute mobile code, most often JavaScript, with little to no security restrictions. A drive-by download can install tracking tools, remote access backdoors, botnet agents, keystroke loggers or other forms of malicious utilities. In most cases, the occurrence of the infection based on the drive-by download is unnoticed by the user/victim.   E. Top eavesdropping — The act of listening in on a transaction, communication, data transfer or conversation. Eavesdropping can be used to refer to both data packet capture on a network link (also known as sniffing or packet capture) and to audio recording using a microphone (or listening with ears). encode — The act which transforms plaintext or cleartext (i.e. the original form of normal standard data) into ciphertext (i.e. the unintelligible and seeming random form of data that is produced by the cryptographic function of encryption). Ciphertext is produced by a symmetric encryption algorithm when a data set is transformed by the encryption process using a selected key (i.e. to encrypt or encode). Ciphertext can converted back into its original form (i.e. plaintext) by performing the decryption process using the same symmetric encryption algorithm and the same key used during the encryption process (i.e. decrypt or decode). encryption key — The secret number value used by a symmetric encryption algorithm to control the encryption and decryption process. A key is a number defined by its length in binary digits. Generally, the longer the key length, the more security (i.e. defense against confidentiality breaches) it provides. The length of the key also determines the key space, which is the range of values between the binary digits being all zeros and all ones from which the key can be selected.   F. Top firewall — A security tool, which may be a hardware or software solution that is used to filter network traffic. A firewall is based on an implicit deny stance where all traffic is blocked by default. Rules, filters or ACLs can be defined to indicate which traffic is allowed to cross the firewall. Advanced firewalls can make allow/deny decisions based on user authentication, protocol, header values and even payload contents.   H. Top hacker — A person who has knowledge and skill in analyzing program code or a computer system, modifying its functions or operations and altering its abilities and capabilities. A hacker may be ethical and authorized (the original definition) or may be malicious and unauthorized (the altered but current use of the term). Hackers can range from professionals who are skilled programmers to those who have little to no knowledge of the specifics of a system or exploit but who can follow directions; in this instance, they are called script kiddies. hacktivism — Attackers who hack for a cause or belief rather than some form of personal gain. Hacktivism is often viewed by attackers as a form of protest or fighting for their perceived “right” or “justice.” However, it is still an illegal action in most cases when the victim’s technology or data is abused, harmed or destroyed. honeypot — A trap or decoy for attackers. A honeypot is used to distract attackers in order to prevent them from attacking actual production systems. It is a false system that is configured to look and function as a production system and is positioned where it would be encountered by an unauthorized entity who is seeking out a connection or attack point. A honeypot may contain false data in order to trick attackers into spending considerable time and effort attacking and exploiting the false system. A honeypot may also be able to discover new attacks or the identity of the attackers.   I. Top IaaS (Infrastructure-as-a-Service) — A type of cloud computing service where the provider offers the customer the ability to craft virtual networks within their computing environment. An IaaS solution enables a customer to select which operating systems to install into virtual machines/nodes as well as the structure of the network including use of virtual switches, routers and firewalls. It also provides complete freedom as to the software or custom code run on the virtual machines. An IaaS solution is the most flexible of all the cloud computing services; it allows for significant reduction in hardware by the customer in their own local facility. It is the most expensive form of cloud computing service. identity cloning — A form of identity theft in which the attacker takes on the identity of a victim and then attempts to live and act as the stolen identity. Identity cloning is often performed in order to hide the birth country or a criminal record of the attacker in order to obtain a job, credit or other secured financial instrument. identity fraud — A form of identity theft in which a transaction, typically financial, is performed using the stolen identity of another individual. The fraud is due to the attacker impersonating someone else. IDS (Intrusion Detection System) — A security tool that attempts to detect the presence of intruders or the occurrence of security violations in order to notify administrators, enable more detailed or focused logging or even trigger a response such as disconnecting a session or blocking an IP address. An IDS is considered a more passive security tool as it detects compromises after they are already occurring rather than preventing them from becoming successful. information security policy — A written account of the security strategy and goals of an organization. A security policy is usually comprised of standards, policies (or SOPs – Standard Operating Procedures) and guidelines. All hardware, software, facilities and personnel must abide by the terms of the security policy of an organization. (Also known as security policy.) insider threat — The likelihood or potential that an employee or another form of internal personnel may pose a risk to the stability or security of an organization. An insider has both physical access and logical access (through their network logon credentials). These are the two types of access that an outside attacker must first gain before launching malicious attacks whereas an insider already has both of these forms of access. Thus, an insider is potentially a bigger risk than an outsider if that insider goes rogue or is tricked into causing harm. IPS (Intrusion Prevention System) — A security tool that attempts to detect the attempt to compromise the security of a target and then prevent that attack from becoming successful. An IPS is considered a more active security tool as it attempts to proactively respond to potential threats. An IPS can block IP addresses, turn off services, block ports and disconnect sessions as well as notify administrators. ISP (Internet Service Provider) — The organization that provides connectivity to the Internet for individuals or companies. Some ISPs offer additional services above that of just connectivity such as e-mail, web hosting and domain registration.   J. Top JBOH (JavaScript-Binding-Over-HTTP) — A form of Android-focused mobile device attack that enables an attacker to be able to initiate the execution of arbitrary code on a compromised device. A JBOH attack often takes place or is facilitated through compromised or malicious apps.   K. Top keylogger — Any means by which the keystrokes of a victim are recorded as they are typed into the physical keyboard. A keylogger can be a software solution or a hardware device used to capture anything that a user might type in including passwords, answers to secret questions or details and information form e-mails, chats and documents.   L. Top LAN (Local Area Network) — An interconnection of devices (i.e. a network) that is contained within a limited geographic area (typically a single building). For a typical LAN, all of the network cables or interconnection media is owned and controlled by the organization unlike a WAN (Wide Area Network) where the interconnection media is owned by a third party. link jacking — A potentially unethical practice of redirecting a link to a middle-man or aggregator site or location rather than the original site the link seemed to indicate it was directed towards. For example, a news aggregation service may publish links that seem as if they point to the original source of their posted articles, but when a user discovers those links via search or through social networks, the links redirect back to the aggregation site and not the original source of the article.   M. Top malware (malicious software) — Any code written for the specific purpose of causing harm, disclosing information or otherwise violating the security or stability of a system. Malware includes a wide range of types of malicious programs including: virus, worm, Trojan horse, logic bomb, backdoor, Remote Access Trojan (RAT), rootkit, ransomware and spyware/adware.   O. Top outsider threat — The likelihood or potential that an outside entity, such as an ex-employee, competitor or even an unhappy customer, may pose a risk to the stability or security of an organization. An outsider must often gain logical or physical access to the target before launching malicious attacks. outsourcing — The action of obtaining services from an external entity. Rather than performing certain tasks and internal functions, outsourcing enables an organization to take advantages of external entities that can provide services for a fee. Outsourcing is often used to obtain best-of-breed level service rather than settling for good-enough internal operations. It can be expensive and increases an organization's security risk due to the exposure of internal information and data to outsiders. OWASP (Open Web Application Security Project) — An Internet community focused on understanding web technologies and exploitations. Their goal is to help anyone with a website improve the security of their site through defensive programming, design and configuration. Their approach includes understanding attacks in order to know how to defend against them. OWASP offers numerous tools and utilities related to website vulnerability evaluation and discovery as well as a significant amount of training and reference material related to all things web security.   P. Top PaaS (Platform-as-a-Service) — A type of cloud computing service where the provider offers the customer the ability to operate custom code or applications. A PaaS operator determines which operating systems or execution environments are offered. A PaaS system does not allow the customer to change operating systems, patch the OS or alter the virtual network space. A PaaS system allows the customer to reduce hardware deployment in their own local facility and to take advantage of on-demand computing (also known as pay as you go). packet sniffing — The act of collecting frames or packets off of a data network communication. This activity allows the evaluation of the header contents as well as the payload of network communications. Packet sniffing requires that the network interface card be placed into promiscuous mode in order to disable the MAC (Media Access Control) address filter which would otherwise discard any network communications not intended for the specific local network interface. (Also known as sniffing or eavesdropping.) patch — An update or change or an operating system or application. A patch is often used to repair flaws or bugs in deployed code as well as introduce new features and capabilities. It is good security practice to test all updates and patches before implementation and attempt to stay current on patches in order to have the latest version of code that has the fewest known flaws and vulnerabilities. patch management — The management activity related to researching, testing, approving and installing updates and patches to computer systems, which includes firmware, operating systems and applications. A patch is an update, correction, improvement or expansion of an existing software product through the application of new code issued by the vendor. Patch management is an essential part of security management in order to prevent downtime, minimize vulnerabilities and prevent new untested updates from interfering with productivity. payment card skimmers — A malicious device used to read the contents of an ATM, debit or credit card when inserted into a POS (Point of Sale) payment system. A skimmer may be an internal component or an external addition. An attacker will attempt to use whatever means to imbed their skimmer into a payment system that will have the highest likelihood of not being detected and thus gather the most amount of financial information from victims. (See POS intrusions.) pen testing — A means of security evaluation where automated tools and manual exploitations are performed by security and attack experts. This is an advanced form of security assessment that should only be used by environments with a mature security infrastructure. A penetration test will use the same tools, techniques and methodologies as criminal hackers, and thus, it can cause downtime and system damage. However, such evaluations can assist with securing a network by discovering flaws that are not visible to automated tools based on human (i.e. social engineering) or physical attack concepts. (Also known as penetration testing or ethical hacking.) phishing — A social engineering attack that attempts to collect information from victims. Phishing attacks can take place over e-mail, text messages, through social networks or via smart phone apps. The goal of a phishing attack may be to learn logon credentials, credit card information, system configuration details or other company, network, computer or personal identity information. Phishing attacks are often successful because they mimic legitimate communications from trusted entities or groups such as false emails from a bank or a retail website. PKI (Public Key Infrastructure) — A security framework (i.e. a recipe) for using cryptographic concepts in support of secure communications, storage and job tasks. A PKI solution is a combination of symmetric encryption, asymmetric encryption, hashing and digital certificate-based authentication. POS (Point of Sale) intrusions — An attack that gains access to the POS (Point of Sale) devices at a retail outlet enabling an attacker to learn payment card information as well as other customer details. POS intrusions can occur against a traditional brick-and-mortar retail location as well as any online retail websites. (See payment card skimmers.)   R. Top ransomware — A form of malware that holds a victim's data hostage on their computer typically through robust encryption. This is followed by a demand for payment in the form of Bitcoin (an untraceable digital currency) in order to release control of the captured data back to the user. restore — The process of returning a system back to a state of normalcy. A restore or restoration process may involve formatting the main storage device before re-installing the operating system and applications as well as copying data from backups onto the reconstituted system. risk assessment — The process of evaluating the state of risk of an organization. Risk assessment is often initiated through taking an inventory of all assets, assigning each asset a value, and then considering any potential threats against each asset. Threats are evaluated for their exposure factor (EF) (i.e. the amount of loss that would be caused by the threat causing harm) and frequency of occurrence (i.e. ARO—Annualized Rate of Occurrence) in order to calculate a relative risk value known as the ALE (Annualized Loss Expectancy). The largest ALE indicates the biggest concern or risk for the organization. risk management — The process of performing a risk assessment and evaluating the responses to risk in order to mitigate or otherwise handle the identified risks. Countermeasures, safeguards or security controls are to be selected that may eliminate or reduce risk, assign or transfer risk to others (i.e. outsourcing or buying insurance) or avoid and deter risk. The goal is to reduce risk down to an acceptable or tolerable level.   S. Top SaaS (Software-as-a-Service) — A type of cloud computing service where the provider offers the customer the ability to use a provided application. Examples of a SaaS include online e-mail services or online document editing systems. A user of a SaaS solution is only able to use the offered application and make minor configuration tweaks. The SaaS provider is responsible for maintaining the application. sandboxing — A means of isolating applications, code or entire operating systems in order to perform testing or evaluation. The sandbox limits the actions and resources available to the constrained item. This allows for the isolated item to be used for evaluation while preventing any harm or damage to be caused to the host system or related data or storage devices. SCADA (Supervisory Control and Data Acquisition) — A complex mechanism used to gather data and physical world metrics as well as perform measurement or management actions of the monitored systems for the purposes of automatic large complex real-world processes such as oil refining, nuclear power generation or water filtration. SCADA can provide automated control over very large complex systems whether concentrated in a single physical location or spread across long distances. security control — Anything used as part of a security response strategy which addresses a threat in order to reduce risk. (Also known as countermeasure or safeguard.) security perimeter — The boundary of a network or private environment where specific security policies and rules are enforced. The systems and users within the security boundary are forced into compliance with local security rules while anything outside is not under such restrictions. The security perimeter prevents any interactions between outside entities and internal entities that might violate or threaten the security of the internal systems. SIEM (Security Information and Event Management) — A formal process by which the security of an organization is monitored and evaluated on a constant basis. SIEM helps to automatically identify systems that are out of compliance with the security policy as well as to notify the IRT (Incident Response Team) of any security violating events. sniffing — See packet sniffing and eavesdropping. social engineering — An attack focusing on people rather than technology. This type of attack is psychological and aims to either gain access to information or to a logical or physical environment. A social engineering attack may be used to gain access to a facility by tricking a worker into assisting by holding the door when making a delivery, gaining access into a network by tricking a user into revealing their account credentials to the false technical support staff or gaining copies of data files by encouraging a worker to cut-and-paste confidential materials into an e-mail or social networking post. SPAM — A form of unwanted or unsolicited messages or communications typically received via e-mail but also occurring through text messaging, social networks or VoIP. Most SPAM is advertising, but some may include malicious code, malicious hyperlinks or malicious attachments. spear phishing — A form of social engineering attack that is targeted to victims who have an existing digital relationship with an online entity such as a bank or retail website. A spear phishing message is often an e-mail although there are also text message and VoIP spear phishing attacks as well, which looks exactly like a legitimate communication from a trusted entity. The attack tricks the victim into clicking on a hyperlink to visit a company website only to be re-directed to a false version of the website operated by attackers. The false website will often look and operate similarly to the legitimate site and focus on having the victim provide their logon credentials and potentially other personal identity information such as answers to their security questions, an account number, their social security number, mailing address, email address and/or phone number. The goal of a spear phishing attack is to steal identity information for the purpose of account takeover or identity theft. spoof (spoofing) — The act of falsifying the identity of the source of a communication or interaction. It is possible to spoof IP address, MAC address and email address. spyware — A form of malware that monitors user activities and reports them to an external their party. Spyware can be legitimate in that it is operated by an advertising and marketing agency for the purpose of gathering customer demographics. However, spyware can also be operated by attackers using the data gathering tool to steal an identity or learn enough about a victim to harm them in other ways. supply chain — The path of linked organizations involved in the process of transforming original or raw materials into a finished product that is delivered to a customer. An interruption of the supply chain can cause a termination of the production of the final product immediately or this effect might not be noticed until the materials already in transit across the supply chain are exhausted.   T. Top threat assessment — The process of evaluating the actions, events and behaviors that can cause harm to an asset or organization. Threat assessment is an element of risk assessment and management. (Also known as threat modeling and threat inventory.) Trojan Horse (Trojan) — A form of malware where a malicious payload is imbedded inside of a benign host file. The victim is tricked into believing that the only file being retrieved is the viewable benign host. However, when the victim uses the host file, the malicious payload is automatically deposited onto their computer system. two-factor authentication — The means of proving identity using two authentication factors usually considered stronger than any single factor authentication. A form of multi-factor authentication. Valid factors for authentication include Type 1: Something you know such as passwords and PINs; Type 2: Something you have such as smart cards or OTP (One Time Password) devices; and Type 3: Someone you are such as fingerprints or retina scans (aka biometrics). two-step authentication — A means of authentication commonly employed on websites as an improvement over single factor authentication but not as robust as two-factor authentication. This form of authentication requires the visitor provide their username (i.e. claim an identity) and password (i.e. the single factor authentication) before performing an additional step. The additional step could be receiving a text message with a code, then typing that code back into the website for confirmation. Alternatives include receiving an e-mail and needing to click on a link in the message for confirmation, or viewing a pre-selected image and statement before typing in another password or PIN. Two-step is not as secure as two-factor because the system provides one of the factors to the user at the time of logon rather than requiring that the user provide both.   U. Top unauthorized access — Any access or use of a computer system, network or resource which is in violation of the company security policy or when the person or user was not explicitly granted authorization to access or use the resource or system   V. Top VPN (Virtual Private Network) — A communication link between systems or networks that is typically encrypted in order to provide a secured, private, isolate pathway of communications. virus — A form of malware that often attaches itself to a host file or the MBR (Master Boot Record) as a parasite. When the host file or MBR is accessed, it activates the virus enabling it to infect other objects. Most viruses spread through human activity within and between computers. A virus is typically designed to damage or destroy data, but different viruses implement their attack at different rates, speeds or targets. For example, some viruses attempt to destroy files on a computer as quickly as possible while others may do so slowly over hours or days. Others might only target images or Word documents (.doc/.docx). vishing — A form of phishing attack which takes place over VoIP. In this attack, the attacker uses VoIP systems to be able to call any phone number with no toll-charge expense. The attacker often falsifies their caller-ID in order to trick the victim into believing they are receiving a phone call from a legitimate or trustworthy source such as a bank, retail outlet, law enforcement or charity. The victims do not need to be using VoIP themselves in order to be attacked over their phone system by a vishing attack. (See phishing.) vulnerability — Any weakness in an asset or security protection which would allow for a threat to cause harm. It may be a flaw in coding, a mistake in configuration, a limitation of scope or capability, an error in architecture, design, or logic or a clever abuse of valid systems and their functions.   W. Top whitelist — A security mechanism prohibiting the execution of any program that is not on a pre-approved list of software. The whitelist is often a list of the file name, path, file size and hash value of the approved software. Any code that is not on the list, whether benign or malicious, will not be able to execute on the protected system. (See blacklist.) Wi-Fi — A means to support network communication using radio waves rather than cables. The current Wi-Fi or wireless networking technologies are based on the IEE 802.11 standard and its numerous amendments, which address speed, frequency, authentication and encryption. worm — A form of malware that focuses on replication and distribution. A worm is a self-contained malicious program that attempts to duplicate itself and spread to other systems. Generally, the damage caused by a worm is indirect and due to the worm's replication and distribution activities consuming all system resources. A worm can be used to deposit other forms of malware on each system it encounters.   Z. Top zombie — A term related to the malicious concept of a botnet. The term zombie can be used to refer to the system that is host to the malware agent of the botnet or to the malware agent itself. If the former, the zombie is the system that is blinding performing tasks based on instructions from an external and remote hacker. If the latter, the zombie is the tool that is performing malicious actions such as DoS flooding, SPAM transmission, eavesdropping on VoIP calls or falsifying DNS resolutions as one member of a botnet. Whether you’re embarking on a cybersecurity journey by understanding essential defensive methods or expanding to product-specific training, we have courses to help you excel.   View a complete list of our cybersecurity curriculum.
Topics
  • Topic
  • Tf
  • Position
  • data
  • 84
  • 2
  • security
  • 74
  • 2
  • system
  • 70
  • 2
  • attack
  • 50
  • 2
  • network
  • 45
  • 2
  • access
  • 44
  • 2
  • top
  • 42
  • 2
  • form
  • 37
  • 2
  • service
  • 33
  • 2
  • order
  • 29
  • 2
  • encryption
  • 28
  • 2
  • maliciou
  • 27
  • 2
  • type
  • 25
  • 2
  • organization
  • 25
  • 2
  • process
  • 25
  • 2
  • authentication
  • 23
  • 2
  • software
  • 22
  • 2
  • control
  • 22
  • 2
  • resource
  • 22
  • 2
  • attacker
  • 22
  • 2
  • code
  • 21
  • 2
  • identity
  • 21
  • 2
  • device
  • 20
  • 2
  • user
  • 20
  • 2
  • include
  • 19
  • 2
  • computer
  • 19
  • 2
  • key
  • 19
  • 2
  • information
  • 19
  • 2
  • risk
  • 19
  • 2
  • cloud
  • 18
  • 2
  • security policy
  • 13
  • 2
  • access control
  • 13
  • 2
  • symmetric encryption
  • 10
  • 2
  • factor authentication
  • 9
  • 2
  • computer system
  • 9
  • 2
  • mail
  • 9
  • 2
  • network communication
  • 8
  • 2
  • cloud computing
  • 8
  • 2
  • symmetric encryption algorithm
  • 7
  • 2
  • copy data
  • 7
  • 2
  • form malware
  • 7
  • 2
  • encryption algorithm
  • 7
  • 2
  • operating system
  • 7
  • 2
  • service type
  • 6
  • 2
  • storage device
  • 6
  • 2
  • data loss
  • 6
  • 2
  • encryption process
  • 6
  • 2
  • computing service
  • 6
  • 2
  • phishing attack
  • 6
  • 2
  • drive download
  • 5
  • 2
  • cloud computing service
  • 5
  • 2
  • manage access
  • 5
  • 2
  • digital certificate
  • 5
  • 2
  • access resource
  • 5
  • 2
  • maliciou code
  • 5
  • 2
  • data set
  • 5
  • 2
  • drive
  • 5
  • 2
  • download
  • 5
  • 2
  • security organization
  • 5
  • 2
  • security tool
  • 5
  • 2
  • social engineering
  • 5
  • 2
  • access control manage
  • 4
  • 2
  • control manage access
  • 4
  • 2
  • social engineering attack
  • 4
  • 2
  • control manage
  • 4
  • 2
  • gain access
  • 4
  • 2
  • business task
  • 4
  • 2
  • security mechanism
  • 4
  • 2
  • system resource
  • 4
  • 2
  • flooding attack
  • 4
  • 2
  • company network
  • 4
  • 2
  • back original
  • 4
  • 2
  • original form
  • 4
  • 2
  • decryption process
  • 4
  • 2
  • security perimeter
  • 4
  • 2
  • penetration testing
  • 4
  • 2
  • private network
  • 4
  • 2
  • causing harm
  • 4
  • 2
  • data leakage
  • 4
  • 2
  • social network
  • 4
  • 2
  • service provider
  • 4
  • 2
  • engineering attack
  • 4
  • 2
  • risk assessment
  • 4
  • 2
  • spear phishing
  • 4
  • 2
  • host file
  • 4
  • 2
  • detection watch program
  • 3
  • 2
  • mission critical process
  • 3
  • 2
  • ciphertext unintelligible random
  • 3
  • 2
  • unintelligible random form
  • 3
  • 2
  • random form data
  • 3
  • 2
  • form data produced
  • 3
  • 2
  • data produced cryptographic
  • 3
  • 2
  • produced cryptographic function
  • 3
  • 2
  • cryptographic function encryption
  • 3
  • 2
  • ciphertext produced symmetric
  • 3
  • 2
  • algorithm data set
  • 3
  • 2
  • data set transformed
  • 3
  • 2
  • set transformed encryption
  • 3
  • 2
  • transformed encryption process
  • 3
  • 2
  • encryption process selected
  • 3
  • 2
  • process selected key
  • 3
  • 2
  • ciphertext converted back
  • 3
  • 2
  • converted back original
  • 3
  • 2
  • back original form
  • 3
  • 2
  • performing decryption process
  • 3
  • 2
  • decryption process symmetric
  • 3
  • 2
  • process symmetric encryption
  • 3
  • 2
  • encryption algorithm key
  • 3
  • 2
  • algorithm key encryption
  • 3
  • 2
  • key encryption process
  • 3
  • 2
  • countermeasure safeguard security
  • 3
  • 2
  • service type cloud
  • 3
  • 2
  • type cloud computing
  • 3
  • 2
  • computing service provider
  • 3
  • 2
  • service provider offer
  • 3
  • 2
  • provider offer customer
  • 3
  • 2
  • offer customer ability
  • 3
  • 2
  • security tool attempt
  • 3
  • 2
  • operating system application
  • 3
  • 2
  • po point sale
  • 3
  • 2
  • single factor authentication
  • 3
  • 2
  • process selected
  • 3
  • 2
  • selected key
  • 3
  • 2
  • ciphertext converted
  • 3
  • 2
  • converted back
  • 3
  • 2
  • performing decryption
  • 3
  • 2
  • process symmetric
  • 3
  • 2
  • algorithm key
  • 3
  • 2
  • key encryption
  • 3
  • 2
  • custom code
  • 3
  • 2
  • computer network
  • 3
  • 2
  • term hacker
  • 3
  • 2
  • update patch
  • 3
  • 2
  • asymmetric encryption
  • 3
  • 2
  • public key
  • 3
  • 2
  • input data
  • 3
  • 2
  • logical physical
  • 3
  • 2
  • countermeasure safeguard
  • 3
  • 2
  • safeguard security
  • 3
  • 2
  • security control
  • 3
  • 2
  • external entity
  • 3
  • 2
  • data mining
  • 3
  • 2
  • data item
  • 3
  • 2
  • unauthorized entity
  • 3
  • 2
  • attack attempt
  • 3
  • 2
  • resource violation
  • 3
  • 2
  • do attack
  • 3
  • 2
  • connection exhaustion
  • 3
  • 2
  • resource demand
  • 3
  • 2
  • digital forensic
  • 3
  • 2
  • type cloud
  • 3
  • 2
  • provider offer
  • 3
  • 2
  • offer customer
  • 3
  • 2
  • customer ability
  • 3
  • 2
  • identity theft
  • 3
  • 2
  • tool attempt
  • 3
  • 2
  • ip address
  • 3
  • 2
  • organization security
  • 3
  • 2
  • logon credential
  • 3
  • 2
  • packet sniffing
  • 3
  • 2
  • system application
  • 3
  • 2
  • payment card
  • 3
  • 2
  • po point
  • 3
  • 2
  • point sale
  • 3
  • 2
  • text message
  • 3
  • 2
  • identity information
  • 3
  • 2
  • bank retail
  • 3
  • 2
  • retail website
  • 3
  • 2
  • reduce risk
  • 3
  • 2
  • supply chain
  • 3
  • 2
  • factor
  • 3
  • 2
  • single factor
  • 3
  • 2
Result 3
Title
Url
Description
Date
Organic Position3
H1
H2
H3
H2WithAnchors
Body
Topics
  • Topic
  • Tf
  • Position
Result 4
Title57 Cybersecurity Terms You Should Know in 2021 | SecurityScorecard
Urlhttps://securityscorecard.com/blog/57-cybersecurity-terms-you-should-know-in-2021
DescriptionCybersecurity does not need to be so confusing. To help you and your non-technical team members better understand security, check out this list of 57 cybersecurity terms you should know in 2021
DateJun 9, 2021
Organic Position4
H157 Cybersecurity Terms You Should Know in 2021
H2
H3
H2WithAnchors
Body57 Cybersecurity Terms You Should Know in 2021 Posted on June 9th, 2021 Cybersecurity can seem intimidating, especially when you’re not already familiar with security and IT. There are so many threats and a lot of terms you need to know in order to understand the countermeasures that can help keep your data safe from attackers. What is an attack surface, after all? And what’s a rootkit? Non-technical employees and decision-makers might find their eyes glazing over when cybersecurity terms start getting thrown around. That said, it’s critical that even employees who don’t work directly with security understand cybersecurity and cybersecurity terms. Security is everyone’s job. According to Ponemon, the average cost of a data breach is $3.86 million. Your organization can also suffer reputational loss and damage to your brand as a result of a breach. Security does not need to be so confusing. To help you and your non-technical team members better understand security, below is a list of 57 cybersecurity terms you should know in 2021. Account hijacking – A form of identity theft. When a user’s account is stolen by a bad actor and used to perform malicious actions, that account has been hijacked. Adware – Software that downloads on a device and automatically displays or downloads advertising when a user is offline.Advanced Persistent Threats (APTs) – A network intrusion during which a cybercriminal remains quietly in a system, undetected, as they steal data.Antivirus – Antivirus software refers to any computer program used to prevent, detect, and remove malware. You might think it’s meant to prevent viruses, but malware is more prevalent than viruses these days. Back when antivirus software was developed, however, viruses were a major threat, which is why it’s called “antivirus” and not always “anti-malware.”Attack surface - Your attack surface is the sum of every possible point where an attacker can enter your work or systems. You can also think of it as the total number of all your cyber vulnerabilities. In cybersecurity, the goal is to make the attack surface as small as possible. Attack vector – A specific method used by a cybercriminal to infiltrate a system. Authenticator – Any method of proving who you are to a computer system or software. The most commonly used authenticator is a password, but it can also be a face scan, a fingerprint, or another method of proof. Backdoor- A vulnerability that allows an unauthorized individual to access a protected part of your network, bypassing your cybersecurity measures. You may not realize you have backdoors. Backup – A copy of data that allows a user to easily recover lost or locked files.Blacklist – A list of email addresses known to send spam or other risky messages. A blacklist can help your organization filter out bad messages and phishing emails before employees even see them. Bot – A program that automatically performs a simple repetitive task. Not all bots are bad, but some are used maliciously. Brute force attack – An attack method that occurs when a bad actor uses software that runs through all possible combinations to crack a password.Catfishing – A social engineering attack that occurs when a bad actor uses a social network to create an account with a fake identity to deceive a target.Cracker – A person who attacks a specific computer system with the intent to do harm.Cryptojacking – When a criminal uses a user’s computing power without authorization to mine cryptocurrency. Closed source – Proprietary technology; its source code is hidden. You cannot distribute or modify its code without violating copyright law. Most commercial software is closed source. Cloud – The cloud, or cloud computing, refers to the on-demand availability of computer system resources, like data storage or computing power, which happens off-site. The cloud allows users to access files from any place and on any device and is usually hosted by a vendor, such as Amazon or Google. Credential harvesting - The act of virtually attacking an organization to illegally obtain employees' login information.Critical infrastructure - Your critical cyberinfrastructure is the computing assets that are essential for your organization to function. Data Loss Prevention (DLP) – Any security measures related to detecting and preventing data loss. Data encryption – The act of encoding data so no that no one can read or access it without a decryption key. Data protection – A set of practices and processes intended to protect private information from getting into the wrong hands. DDoS (denial-of-service attack) – An attack method that overwhelms a site or server with malicious traffic, rendering it unusable. DevSecOps — A combination of the words “development,” “security,” and “operations,” DevSecOps is an approach to software development that takes security into account from the beginning of the development process and to the end of a product’s life cycle. Exploit – The act of taking advantage of a vulnerability in a network. Extended enterprise - If your enterprise is your organization, the extended enterprise is the organization and all your third parties, such as vendors and suppliers, as well as customers. Anyone outside your organization who has access to your data and networks is a member of your extended enterprise. Firewall – A network security control that keeps unauthorized traffic out of restricted areas of your network. Group authenticator – An authentication method used to allow access to specific data or functions that may be shared by all members of a particular group.Hacker - Anyone who breaks into a computer system using attacks or by exploiting vulnerabilities. Not all hackers are bad; some work for companies to test defenses and discover vulnerabilities. Others breach systems for malicious purposes.Honeypot – A technique used to distract hackers by offering up a false target, such as a computer or data.IP Address – An address identifying the connection between a computer and its network provider. Identity check – A set of actions using one or more authenticators designed to verify a user’s identity. Incident response plan – a set of steps to be taken to reduce damage from a breach or cyberattack.Insider threat – A threat to the company’s data that originates inside the organization, such as an employee.Keylogger – Software that monitors and captures a user’s keystrokes on a keyboard. This sort of software can be used maliciously to steal credentials and sensitive data.Malware – Short for “malicious software,” that’s exactly what malware is: code designed to harm computers and systems. Malware comes in several destructive flavors: some steal information, some delete it, some spy, and some can destroy a system. Open Source – Free technology with public source code, which can be shared and modified. Mozilla Firefox and WordPress, for example, are examples of open-source software. Patch – A regular system update released by developers to fix bugs and other software vulnerabilities. Password sniffing – A method of stealing usernames and passwords by using software to observe and record network traffic.Phishing – A social engineering attack in which a bad actor impersonates a trustworthy entity in order to obtain information. Phishing often happens via email, but can also happen through other messaging services. Personally identifiable information (PII) — PII or personal information is any data that can identify a specific individual, such as name, date of birth, social security number, or financial information. Criminals often seek to steal this sort of sensitive information. Ransomware – Malware that encrypts data so the victim can’t access it. To obtain a decryption key, the victim must pay a ransom.Ransomcloud – Ransomware designed to encrypt cloud emails and attachments. ReCAPTCHA – A system used by Google, which uses a form of Turing test to establish if a user is a human or a robot. Rootkit – A group of malware designed to gain access to a computer or network, and which usually masks its existence. Security score — A security or rating rates an organization on their security controls and cybersecurity posture, taking into account risks and vulnerabilities. SecurityScorecard’s ratings, for example, use publicly available data to rate a company’s cybersecurity posture. Segmentation - The process of separating a network into different protected segments, so that if a criminal gains access to one area of the network, they cannot access the entire network. Shadow IT— Any IT systems, software, or devices being used in an organization without the authorization of the IT department.Social engineering – An attack on the people of an organization rather than on the technology. Social engineering attacks are scams intended to trick people into giving out sensitive information.Spyware – Malware inserted into a system to collect information about a product, an organization, or a person. Third-party - An individual or organization that is not part of your enterprise but who provides vital services. Third parties include contractors, vendors, partners, and suppliers. Third parties often have access to some part of your cyberinfrastructure.Threat - A malicious attack intended to cause harm to a computer, software, or network. Trojan – Malicious code that looks like a legitimate file, program, or application.Virtual Private Network (VPN) – Any technology that can encapsulate and transmit network data, typically Internet Protocol data, over another network. VPNs let users access network resources that might not be available on the public internet.Virus – A program that can infect and harm a file, a system, or a network, often attached to a harmlessly looking file or app. Some viruses can replicate themselves.Vulnerability: A vulnerability is a weakness in an information technology infrastructure that makes it susceptible to cyber attacks. Worm – Self-replicating malware that spreads from an infected device through a network. Share this on LinkedIn Share this on Facebook Share this on Twitter Return to Blog Join us in making the world a safer place. Free Account Sign Up
Topics
  • Topic
  • Tf
  • Position
  • network
  • 20
  • 4
  • data
  • 18
  • 4
  • attack
  • 17
  • 4
  • security
  • 15
  • 4
  • software
  • 15
  • 4
  • system
  • 15
  • 4
  • user
  • 13
  • 4
  • organization
  • 13
  • 4
  • cybersecurity
  • 11
  • 4
  • access
  • 11
  • 4
  • computer
  • 10
  • 4
  • malware
  • 9
  • 4
  • information
  • 9
  • 4
  • account
  • 8
  • 4
  • vulnerability
  • 8
  • 4
  • bad
  • 7
  • 4
  • method
  • 7
  • 4
  • maliciou
  • 6
  • 4
  • source
  • 6
  • 4
  • computer system
  • 5
  • 4
  • computing
  • 5
  • 4
  • term
  • 5
  • 4
  • threat
  • 5
  • 4
  • social
  • 5
  • 4
  • technology
  • 5
  • 4
  • code
  • 5
  • 4
  • cloud
  • 5
  • 4
  • enterprise
  • 5
  • 4
  • cybersecurity term
  • 4
  • 4
  • attack surface
  • 4
  • 4
  • bad actor
  • 4
  • 4
  • engineering attack
  • 4
  • 4
  • file
  • 4
  • 4
  • party
  • 4
  • 4
  • designed
  • 4
  • 4
  • social engineering attack
  • 3
  • 4
  • social engineering
  • 3
  • 4
  • extended enterprise
  • 3
  • 4
Result 5
Title100+ Cybersecurity Terms & Definitions You Should Know | Allot
Urlhttps://www.allot.com/100-plus-cybersecurity-terms-definitions/
DescriptionOur cybersecurity glossary was compiled as a service to our customers to provide quick reference to over 100 important terms in the cybersecurity realm
Date
Organic Position5
H1Top Cybersecurity Terms
H2Connect with us
You’re all set!
H3Advanced Persistent Threat (APT)
Advanced Threat Protection (ATP)
Adware
Anti-Botnet
Anti-Malware
Anti-Phishing
Anti-Virus
Attack Vector
Authentication
Backdoor
Banker Trojan
Blacklist, Blocklist, Denylist
Botnet
Brute Force Attack
Business Continuity Plan
Business Disruption
BYOC
BYOD
BYOL
CAPTCHA
Clickjacking
Clientless
COTS (Commercial off-the Shelf)
Critical Infrastructure
Cryptojacking
Cyberbullying
Cybersecurity
Dark Web
Data Breach
Data Integrity
Data LossPrevention (DLP)
Data Theft
DDoS
Decryption
Detection and Response
Digital Forensics
Digital Transformation
Domain Name Systems (DNS) Exfiltration
Drive By Download Attack
Encryption
Endpoint Protection
Endpoint Detection and Response (EDR)
Exploit
Fast Identity Online (FIDO)
Fileless Malware
Firewall
Greylist
Hacker
Honeypot
Identity and Access Management (IAM)
Identity
Indicators of Compromise (IOC)
In-line Network Device
Insider Threat
Intrusion Prevention System (IPS)
IoT
Keylogger
Malvertising
Malware
Man-in-theMiddle Attack
MITRE ATT&CK™ Framework
Network-based (cyber) Security
Parental Controls
Patch
Pen Testing
Phishing
PII
Process Hollowing
Ransomware
Remote Desktop Protocol (RDP)
Risktool
Rootkit
Sandbox(ing)
Scareware
SECaaS
Secure Socket Layer (SSL)
Security Incident Response
Security Operations Center (SOC)
Security Perimeter
SIEM (Security Information and Event Management)
SIM Swapping
Sniffing
SOAR (Security Orchestration, Automation and Response)
Social Engineering
Spam
Spear Phishing
Spoofing
Spyware
Threat Assessment
Threat Hunting
Threat Intelligence
Two-factor Authentification (2FA)
Two-step Authentification
Virus
VPN
Vulnerability
WAF
White Hat - Black Hat
Whitelist, Allowlist
Zero-day Exploit
Zero-touch Provisioning or Deployment
Discover the best solutions for your organization
H2WithAnchorsConnect with us
You’re all set!
BodyTop Cybersecurity Terms Allot's Top Cybersecurity Terms provides a comprehensive list of the industry’s significant cybersecurity terms and definitions. The glossary was compiled as a service to our customers to provide quick reference to important terminology in the cybersecurity realm. In a world where cyberattacks have become a clear threat to our everyday lives, providing security to customers who want to protect their families and businesses from cyber threats and exposure to intrusive sites with inappropriate content, is an important role for service providers to fill. Learn more about Allot Secure Network Security Solutions for CSPs. Browse Alphabetically: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Advanced Persistent Threat (APT). In an APT attack a threat actor uses the most sophisticated tactics and technologies to penetrate a high profile network. APTs aim to stay ‘under the radar’ and explore the network while remaining undetected for weeks, months and even years. APTs are most often used by nation-state threat actors wishing to cause severe disruption and damage to the economic and political stability of a country. They can be considered the cyber equivalent of espionage ‘sleeper cells’. Advanced Threat Protection (ATP). Advanced Threat Protection (ATP) are security solutions that defend against sophisticated malware or hacking attacks targeting sensitive data. Advanced Threat Protection includes both software and managed security services. Adware. Adware bombards users with endless ads and pop-up windows and cause a nuisance to user experience. Adware can also pose a real danger to devices and the unwanted ads can included malware or redirect user searches to malicious websites that collect personal data about users. Adware programs are often built into freeware or shareware programs, where the adware operator collects an indirect fee for using the program. Adware programs usually do not show themselves in the system in any way. Adware programs seldom include a de-installation procedure, and attempts to remove them manually may cause the original carrier program to malfunction. Read more Anti-Botnet. Anti-Botnet tools automatically generate botnet checks when a user browses to a website. If a risk is detected, it sends back a warning message to the device. The most common anti-botnet solution is, CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart). Read more on Allot’s solutions for Home Security. Anti-Malware. Anti-Malware is a program designed to protect computers and networks against any threats or attacks from viruses such as adware, spyware, and any such other malicious programs Anti-Phishing. Anti-Phishing protects users from fraudulent websites, often perfect replicas of legitimate websites, undetectable to the human eye. Protection is enforced by detecting fraudulent emails, and by blocking phishing websites. Read more Anti-Virus. Anti-Virus solutions integrate the latest generation of virus detection technology to protect users from viruses, spyware, trojans, and worms that can infect equipment through email or internet browsing. Attack Vector. An Attack Vector is the collection of all vulnerable points by which an attacker can gain entry into the target system. Attack vectors include vulnerable points in technology as well as human behavior, skillfully exploited by attackers to gain access to networks. The growth of IoT devices and (Work from Home) have greatly increased the attack vector, making networks increasingly difficult to defend. Authentication . Authentication is the process of verifying the identity of a user or piece of information and the veracity of information provided. In computing, it is the process of identifying a person or system with the username, password, etc. Authentication helps individuals and systems gain authorization based on their identity and prevent unauthorized access. Backdoor. A Backdoor is used by attackers to gain access to a computer or a network. A programmer may bypass security steps and gain access to a computer by trapdoor programs, in the event of an attack on the computer system or networks. Attackers may also use such mechanisms to enter computers or networks without proper permission. Banker Trojan. A Banker Trojan is a malicious computer program that intercepts sensitive personal information and credentials for accessing online bank or payment accounts. Read more Blacklist, Blocklist, Denylist. Blacklist, Blocklist or Denylist is a basic access control mechanism that allows elements such as email addresses, users, passwords, URLs, IP addresses, domain names, file hashes, etc. through the system, except those explicitly mentioned which are denied access. Bot A Bot is a program that automates actions on behalf of an agent for some other program or person, and is used to carry out routine tasks. Their use for malicious purposes includes spam distribution, credentials harvesting, and the launching of DDoS attacks. Botnet. A Botnet is a collection of compromised computers running malicious programs that are controlled remotely by a C&C (command & control) server operated by a cyber-criminal. Cybercriminals exercise remote control through automated processes (bots) in public IRC channels or web sites. (Such web sites may either be run directly by the ‘bot herder,’ or they may be legitimate web sites that have been subverted for this purpose.) Read more on Allot’s solutions for Home Security. Brute Force Attack. This is a method for guessing a password (or the key used to encrypt a message) that involves systematically trying a high volume of possible combinations of characters until the correct one is found. One way to reduce the susceptibility to a Brute Force Attack is to limit the number of permitted attempts to enter a password – for example, by allowing only three failed attempts and then permitting further attempts only after 15 minutes. Business Continuity Plan. A Business Continuity Plan is an organization’s playbook for how to operate in am emergency situation, like a massive cyberattack. The business continuity plan provides safeguards against a disaster, and outlines the strategies and action plan on how to continue business as usual in the event of any large-scale cyber event. Read more on Allot’s solutions for Business Security. Business Disruption. The term Business Disruption refers to any interruption in the usual way that a system, process, or event works. Cyberattacks cause disruption to business operations and the associated risk of losses to the organization. Read more on Allot’s solutions for Business Security. BYOC. Bring Your Own Computer (BYOC) is a fairly recent enterprise computing trend by which employees are encouraged or allowed to bring and use their own personal computing devices to perform some or part of their job roles, specifically personal laptop computers. BYOD. Bring Your Own Device (BYOD) is a policy of the organization allowing, encouraging or requiring its employees to use their personal devices such as smartphones, Tablet PCs, and laptops for official business purposes and accessing enterprise systems and data. BYOL. Bring Your Own Laptop (BYOL) is a specific type of BYOC by which employees are encouraged or allowed to bring and use their own laptops to perform some or part of their job roles, including possible access to enterprise systems and data. CAPTCHA. A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a challengeresponse test commonly used by websites to verify the user is a real human and not a bot. They can include simple arithmetic and questions about images, that bots have difficulty answering. Clickjacking . Clickjacking involves tricking someone into clicking on one object on a web page while they think they are clicking on another. The attacker loads a transparent page over the legitimate content on the web page, so that the victim thinks they are clicking on a legitimate item when they are really clicking on something on the attacker’s invisible page. This way, the attacker can hijack the victim’s click for their own purposes. Clickjacking could be used to install malware, to gain access to one of the victim’s online accounts, or to enable the victim’s webcam. Clientless. Clientless refers to a program that is run entirely from the network, without requiring any installation of software on the endpoint device running the program. Code Injection Code Injection is commonly used by malware to evade detection by antivirus and anti-malware programs by injecting a malicious code into a legitimate process. This way the legitimate process serves as camouflage so all anti-malware tools can see running is the legitimate process and thus obfuscates the malicious code execution. COTS (Commercial off-the Shelf). Commercial off-the Shelf or Commercially Available offthe Shelf (COTS) products are packaged solutions which are then adapted to satisfy the needs of the purchasing organization, rather than the commissioning of custommade, or bespoke, solutions. Critical Infrastructure. Critical Infrastructure represents the fundamental systems of an organization that are important for its survival and where any threat to such basic systems would endanger the entire organization. Cryptojacking . Cryptojacking consists of hackers using the computing power of a compromised device to generate or “mine” cryptocurrency without the owner’s knowledge. Mining can be performed either by installing a malicious program on the target computer or through various kinds of fileless malware. Sometimes attackers take over part of the computer’s processing power when a page containing a special mining script is opened. Cryptojacking has been known to occur when viewing online ads or solving a CAPTCHA. Cyberbullying . Cyberbullying is the use of electronic means, primarily messaging and social media platforms, to bully and harass a victim. Cyberbullying has become a major problem, especially affecting young people, as it allows bullies to magnify their aggressive behavior, publicly ridicule victims on a large scale, and carry out damaging activities in a way that is difficult for parents and teachers to detect. Cybersecurity . Cybersecurity relates to processes employed to safeguard and secure assets used to carry information of an organization from being stolen or attacked. It requires extensive knowledge of the possible threats such as virus or such other malicious objects. Identity management, risk management and incident management form the crux of cybersecurity strategies of an organization. Read more Dark Web. The Dark Web is encrypted parts of the internet that are not indexed by search engines, most notoriously used by all types of criminals including; pedophiles, illicit human and contraband traffickers, and cybercriminals, to communicate and share information without being detected or identified by law enforcement. Malware of all types can be purchased on the dark web. A subset of the deep web, which can be accessed by anyone with the correct URL, dark web pages need special software (ex. Tor) with the correct decryption key and access rights and knowledge to find content. Users of the dark web remain almost completely anonymous due to its P2P network connections which makes network activity very difficult to trace. Data Breach. A Data Breach is the event of a hacker successfully exploiting a network or device vulnerability and gains access to its files and data. Data Integrity. Data Integrity is a broad term that refers to the maintenance and assurance of data quality. This includes the accuracy and consistency of data over its entire lifecycle. Data Integrity is an important part of the design, implementation and use of any data system which stores, processes, or retrieves information. The term is broad in scope and may have widely different meanings depending on the specific context Data LossPrevention (DLP). Data Loss Prevention (DLP) is an umbrella term for a collection of security tools, processes and procedures that aim to prevent sensitive data from falling into unauthorized or malicious hands. DLP aims at preventing such occurrences through various techniques such as strict access controls on resources, blocking or monitoring email attachments, preventing network file exchange to external systems, blocking cut-and-paste, disabling use of social networks and encrypting stored data. Data Theft. Data Theft is the deliberate theft of sensitive data by nefarious actors. DDoS. A Denial of Service (DoS) or Distributed Denial of Service (DDoS) attack is when one or more compromised systems launch a flooding attack on a remote target(s), in an attempt to overload network resources and disrupt service. Some DDoS attacks have caused prolonged, complete service shutdowns of major online operators. Learn more about DDoS attack types. Decryption. Decryption is the process of decoding cipher text to plain text, so it is readable by humans. It is the reverse of encryption, the process of converting plain text to cipher text. Cybercriminals use decryption software and techniques to ‘break’ security encryption and gain access to protected information. Detection and Response. Network Detection and Response is a security solution category used by organizations to detect malicious network activity, perform forensic investigation to determine root cause, and then respond and mitigate the threat. Digital Forensics. Digital Forensics is the process of procuring, analyzing, and interpreting electronic data for the purpose of presenting it in as legal evidence in a court of law. Digital Transformation. Digital Transformation is the process of using digital technologies to create or modify business processes and customer experiences to keep up-to-date with current business and market requirements. Domain Name Systems (DNS) Exfiltration. Domain Name System (DNS) Exfiltration is a lower level attack on DNS servers to gain unauthorized access. Such attacks are difficult to detect and can lead to loss of data. Read more on Allot’s DNS solutions. Drive By Download Attack. Drive-by Downloads or attacks are a common method of spreading malware. Cybercriminals look for insecure web sites and plant a malicious script into HTTP or PHP code on one of the pages. This script may install malware directly onto the computer of someone who visits the site, or it may take the form of an IFRAME that re-directs the victim to a site controlled by the cybercriminals. Such attacks are called ‘drive-by downloads’ because they require no action on the part of the victim — beyond simply visiting the compromised web site: they are infected automatically (and silently) if their computer is vulnerable in some way (e.g., if they have failed to apply a security update to one of their applications). Encryption. Encryption is a process of maintaining data confidentiality by converting plain data into a secret code with the help of an encryption algorithm. Only users with the appropriate decryption key can unscramble and access encrypted data or cipher text. Endpoint Protection. Endpoint Protection refers to a system for network security management that monitors network endpoints, hardware devices such as workstations and mobile devices from which a network is accessed. Read more on Allot’s Endpoint Protection solutions. Endpoint Detection and Response (EDR). Endpoint Detection and Response (EDR) are tools for protecting computer endpoints from potential threats. EDR platforms comprise software and networking tools for detecting suspicious endpoint activities, usually via continuous monitoring. Exploit. An exploit is taking advantage of a vulnerability or flaw in a network system to penetrate or attack it. Fast Identity Online (FIDO). Fast Identity Online (FIDO) is a set of open authentication standards that enable a service provider to leverage existing technologies for passwordless authentication. Fileless Malware. Fileless Malware (FM), aka “non-malware,” or “fileless infection,” is a form of malicious computer attack that exists exclusively within the realm of volatile data storage components such as RAM, inmemory processes, and service areas. This differentiates this form of malware from the classic memory-resident virus which requires some contact with non-volatile storage media, such as a hard disk drive or a thumb drive. Normally picked up following visits to malicious websites, fileless malware does not exist as a file that can be detected by standard antivirus programs. It lurks within a computer’s working memory and is exceptionally difficult to identify. However, this type of malware rarely survives a computer reboot, after which the computer should work as it did prior to infection. Firewall. A Firewall is a security system that forms a virtual perimeter around a network of workstations preventing viruses, worms, and hackers from penetrating. Greylist. A Greylist contains items that are temporarily blocked (or temporarily allowed) until an additional step is performed. Hacker. A Hacker is a term commonly used to describe a person who tries to gain unauthorized access into a network or computer system. Honeypot. Honeypots are computer security programs that simulate network resources that hackers are likely to look for to lure them in and trap them. An attacker may assume that you’re running weak services that can be used to break into the machine. A honeypot provides you advanced warning of a more concerted attack. Two or more honeypots on a network form a honeynet. Identity and Access Management (IAM). Identity and Access Management (IAM) is the process used by an organization to grant or deny access to a secure system. IAM is an integration of work flow systems that involves organizational think tanks who analyze and make security systems work effectively. Identity. Theft Identity Theft occurs when a malicious actor gathers enough personal information from the victim (name, address, date of birth, etc.) to enable him to commit identity fraud – i.e., the use of stolen credentials to obtain goods or services by deception. Stolen data can be used to create a new account in the victim’s name (e.g., a bank account), to take over an existing account held by the victim (e.g., a social network account), or to masquerade as the victim while carrying out criminal activities. Indicators of Compromise (IOC). Indicators of Compromise (IoC) are bits of forensic data from system log entries or files that identify potentially malicious activity on a system or network. Indicators of Compromise aid information security and IT professionals in detecting data breaches, malware infections, or other threat activity. In-line Network Device. An In-line Network Device is one that receives packets and forwards them to their intended destination. In-line network devices include routers, switches, firewalls, and intrusion detection and intrusion prevention systems, web application firewalls, anti-malware and network taps. Allot NetworkSecure delivers comprehensive in-line cybersecurity protection to CSP subscribers. Insider Threat. An Insider Threat is when an authorized system user, usually an employee or contractor, poses a threat to an organization because they have authorized access to inside information and therefore bypass most perimeterbased security solutions. Intrusion Prevention System (IPS). An Intrusion Prevention System (IPS) is a network security system designed to prevent network penetration by malicious actors. IoT. The term Internet of Things (IoT) is used to describe everyday objects that are connected to the internet and are able to collect and transfer data automatically, without the need for human interaction. The Internet of Things encompasses any physical object (not just traditional computers) that can be assigned an IP address and can transfer data: this includes household appliances, utility meters, cars, CCTV cameras, and even people (e.g., heart implants). Read more on Allot’s solutions for IoT Security. Keylogger. A Keylogger is a kind of spyware software that records every keystroke made on a computer’s keyboard. It can record everything a user types including instant messages, email, usernames and passwords. Malvertising. Malvertising is the use of online ads to distribute malicious programs. Cybercriminals embed a special script in a banner, or redirect users who click on an ad to a special page containing code for downloading malware. Special methods are used to bypass large ad network filters and place malicious content on trusted sites. In some cases, visitors do not even need to click on a fake ad — the code executes when the ad is displayed. Malware. Malware is a general term for any type of intrusive computer software with malicious intent against the user. Man-in-theMiddle Attack. A man-in-the-middle attack (MITM) is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other. For example, a victim believes he’s connected to his bank’s web site and the flow of traffic to and from the real bank site remains unchanged, so the victim sees nothing suspicious. However, the traffic is re-directed through the attacker’s site, allowing the attacker to gather any personal data entered by the victim (login, password, PIN, etc.). MITRE ATT&CK™ Framework. The MITRE ATT&CK™ framework is a comprehensive matrix of tactics and techniques used by threat hunters, red teamers, and defenders to better classify attacks and assess an organization’s risk. The aim of the framework is to improve post-compromise detection of adversaries in enterprises by illustrating the actions an attacker may have taken. Network-based (cyber) Security. Mass-market cybersecurity services (e.g., anti-malware, anti-phishing) that operate from within a CSP’s network and not at the endpoint, such as a PC or a mobile device. Network-based services can protect any connected device regardless of model or operating system. This type of service, however, cannot be bypassed like other cybersecurity solutions and they can be implemented with no software installation, upgrades or configuration required on the part of the end user, leading to high rates of service adoption. Read more on Allot’s solutions for Network Security. Parental Controls. Parental Controls are features which may be included in digital television services, computer and video games, mobile devices and software that allow parents to restrict the access of content to their children. These controls were created to help parents control which types of content can be viewed by their children. Read more on Allot’s solutions for Network Security. Patch. A Patch provides additional, revised or updated code for an operating system or application. Except for open source software, most software vendors do not publish their source code. So, patches are typically pieces of binary code that are patched into an existing program (using an install program). Pen Testing. Pen (Penetration) Testing is the practice of intentionally challenging the security of a computer system, network or web application to discover vulnerabilities that an attacker or hacker could exploit. Phishing. Phishing is a type of internet fraud that seeks to acquire a user’s credentials by deception. It includes theft of passwords, credit card numbers, bank account details, and other confidential information. Phishing messages usually take the form of fake notifications from banks, providers, e-pay systems, and other organizations. The phishing attempt will try to encourage a recipient, for one reason or another, to enter/update personal data. Common reasons given can include “suspicious login to the account,” or “expiration of the password.” Read more on Allot’s solutions for Network Security. PII. Personal Identifiable Information (PII or pii) is a type of data that identifies the unique identity of an individual. Process Hollowing. Process Hollowing is a security exploit in which an attacker removes code in an executable file and replaces it with malicious code. The process hollowing attack is used by hackers to cause an otherwise legitimate process to execute malicious code. This attack can be done while evading potential defenses, such as detection analysis software. Ransomware. Ransomware is the name given to malicious programs designed to extort money from victims by blocking access to the computer or encrypting stored data. The malware displays a message offering to restore the system/data in return for payment. Sometimes, cybercriminals behind the scam try to lend credibility to their operation by masquerading as law enforcement officials. Their ransom message asserts that the system has been blocked, or the data encrypted, because the victim is running unlicensed software or has accessed illegal content, and that the victim must pay a fine. Read more on Allot’s solutions for Business Security. Remote Desktop Protocol (RDP). RDP is a protocol for remotely connecting to computers running Windows. It enables interaction with desktop elements as well as access to other device resources. RDP was conceived as a remote administration tool. However, it is often used by intruders to penetrate targeted computers. By exploiting incorrectly configured RDP settings or system software vulnerabilities, cybercriminals can intercept an RDP session and log into the system with the victim’s permissions. Risktool. Risktool programs have various functions, such as concealing files in the system, hiding the windows of running applications, or terminating active processes. They are not malicious in themselves, but include cryptocurrency miners that generate coins using the target device’s resources. Cybercriminals usually use them in stealth mode. Unlike NetTool, such programs are designed to operate locally. Rootkit. A Rootkit is a collection of software tools or a program that gives a hacker remote access to, and control over, a computer or network. Rootkits themselves do not cause direct harm - and there have been legitimate uses for this type of software, such as to provide remote enduser support. However, most rootkits open a backdoor on targeted computers for the introduction of malware, viruses, and ransomware, or use the system for further network security attacks. A rootkit is typically installed through a stolen password, or by exploiting system vulnerabilities without the victim’s knowledge. In most cases, rootkits are used in conjunction with other malware to prevent detection by endpoint antivirus software. Sandbox(ing). In cybersecurity, a sandbox is an isolated environment on a network that mimics end-user operating environments. Sandboxes are used to safely execute suspicious code without risking harm to the host device or network. Scareware. Scareware is malware that uses scare tactics, often in the form of pop-ups that falsely warn users they have been infected with a virus, to trick users into visiting malware containing websites. SECaaS. Security as a Service (SECaaS) is a type of cloud computing service where the provider offers the customer the ability to use a provided application. Examples of a SECaaS include online e-mail services or online document editing systems. A user of a SECaaS solution is only able to use the offered application and make minor configuration tweaks. The SECaaS provider is responsible for maintaining the application. Allot Secure is the first solution to offer SECaaS en mass to network service subscribers. Read more on Allot’s solutions for Network Security. Secure Socket Layer (SSL). A Secure Sockets Layer (SSL) is the standard security technology for establishing an encrypted link between a web server and a browser. SSL was originally developed by Netscape to allow the private transmission of documents via the Internet. Security Incident Response. Incident response is a planned approach to addressing and managing the reaction after a cyber attack or network security breach. The goal is to have clear procedures defined before an attack occurs to minimize damage, reduce disaster recovery time, and mitigate breach-related expenses. Security Operations Center (SOC). An Information Security Operations Center ( ISOC or SOC) is a facility where enterprise information systems (web sites, applications, databases, data centers and servers, networks, desktops and other endpoints) are monitored, assessed, and defended by SOC analysts. Security Perimeter. A Security Perimeter is a digital boundary that is defined for a system or domain within which a specified security policy or security architecture is applied. SIEM (Security Information and Event Management). Security Information and Event Management (SIEM) is a formal process by which the security of an organization is monitored and evaluated on a constant basis. SIEM helps to automatically identify systems that are out of compliance with the security policy as well as to notify the IRT (Incident Response Team) of any security violating events. SIM Swapping. SIM Swapping is a scam used to intercept online banking SMS verification codes. To get hold of one-time passwords for financial transactions, cybercriminals create or fraudulently obtain a copy of the victim’s SIM card — for example, pretending to be the victim, the attacker might claim to have lost the SIM card and request a new one from the mobile operator. To protect clients from such schemes, most banks require that a replacement SIM card be re-linked to the account. Sniffing. Packet sniffing allows the capture of data as it is being transmitted over a network. Packet sniffer programs are used by network professionals to diagnose network issues. Malicious actors can use sniffers to capture unencrypted data like passwords and usernames in network traffic. Once this information is captured, the bad actor can then gain access to the system or network. SOAR (Security Orchestration, Automation and Response). SOAR (Security Orchestration, Automation and Response) is a solution stack of compatible software programs that organizations use to collect data about security threats from across the network and respond to low-level security events without human assistance. Social Engineering. Social Engineering is an increasingly popular method of gaining access to unauthorized resources by exploiting human psychology and manipulating users - rather than by breaking in or using technical hacking techniques. Instead of trying to find a software vulnerability in a corporate system, a social engineer might send an email to an employee pretending to be from the IT department, trying to trick him into revealing sensitive information. Social engineering is the foundation of spear phishing attacks. Spam. Spam is the name commonly given to unsolicited email. Essentially unwanted advertising, it’s the email equivalent of physical junk mail delivered through the post. Spear Phishing. Spear Phishing is a phishing scam that targets a specific individual or organization, usually via a personalized email, SMS or other electronic communication to defraud them under the guise of a legitimate transaction. Spoofing. A Spoof is an attack attempt by an unauthorized entity or attacker to gain illegitimate access to a system by posing as an authorized user. Spoofing includes any act of disguising a communication from an unknown source as being from a known, trusted source. Spoofing can apply to emails, phone calls, and websites, or can be more technical, such as a computer spoofing an IP address. Spyware. Spyware is software that is secretly installed on a user’s device to gather sensitive data. Spyware quietly collects information such as credentials and sends it outside the network to bad actors. Spyware often comes in the form of a free download and is installed automatically, with or without user consent. Threat Assessment. Threat Assessment is a structured process used to identify and evaluate various risks or threats that an organization might be exposed to. Cyber threat assessment is a crucial part of any organization’s risk management strategy and data protection efforts. Threat Hunting. Cyber Threat Hunting is an active cyber defense activity where cybersecurity professionals actively search networks to detect and mitigate advanced threats that evade existing security solutions. Threat Intelligence. Threat Intelligence, or cyber threat intelligence, is intelligence proactively obtained and used to understand the threats that are targeting the organization. Trojan Trojans are malicious programs that perform actions that are not authorized by the user: they delete, block, modify or copy data, and they disrupt the performance of computers or computer networks. Unlike viruses and worms, Trojans are unable to make copies of themselves or self-replicate. Two-factor Authentification (2FA). Two-factor Authentification combines a static password with an external authentication device such as a hardware token that generates a randomly-generated one-time password, a smart card, an SMS message (where a mobile phone is the token), or a unique physical attribute like a fingerprint. Two-step Authentification. Two-step Authentification is commonly used on websites and is an improvement over single factor authentication. This form of authentication requires the visitor to provide their username (i.e. claim an identity) and password (i.e. the single factor authentication) before performing an additional step. The additional step could be receiving a text message with a code, then typing that code back into the website for confirmation. Alternatives include receiving an email and needing to click on a link in the message for confirmation, or viewing a pre-selected image and statement before typing in another password or PIN. Virus. A Virus is a malicious computer program that is often sent as an email attachment or a download with the intent of infecting that device. Once the device is infected, a virus can hijack the web browser, display unwanted ads, send spam, provide criminals with access to the device and contact list, disable security settings, scan, and find personal information like passwords. VPN. A Virtual Private Network (VPN) extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. It essentially a virtual, secure corridor. Vulnerability. Vulnerabilities are weaknesses in software programs that can be exploited by hackers to compromise computers. WAF. A Web Application Firewall (WAF) is a specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service. By inspecting HTTP traffic, it can prevent attacks exploiting a web application’s known vulnerabilities, such as SQL injection, cross-site scripting (XSS), file inclusion, and improper system configuration. White Hat - Black Hat. White hat - Black Hat are terms to describe the ‘good guys’ and ‘bad guys’ in the world of cybercrime. Blackhats are hackers with criminal intentions. White-hats are hackers who use their skills and talents for good and work to keep data safe from other hackers by finding system vulnerabilities that can be fixed. Whitelist, Allowlist. A Whitelist, allowlist, passlist is a list of permitted items that are automatically let through whatever gate is being used. Worm A Worm is a computer program that installs itself on a victim’s device and then looks for a way to spread to other computers, causing damage by shutting down parts of the network. Read more on Allot’s solutions for Whitelist/Allowlist. Zero-day Exploit. This term is used to describe exploit code that has been written to take advantage of a vulnerability before the software vendor knows about it and can publish a patch for it. The result is that would-be attackers are free to exploit the vulnerability, unless proactive exploit prevention technologies have been implemented to defend the computer being targeted by the attacker. Zero-touch Provisioning or Deployment. Zero-Touch Provisioning (ZTP) is an automatic device configuration process that frees IT administrators for more important tasks. The automated process reduces the possibility of errors when manually configuring devices and slashes the time it takes to set up devices for employee use, often without requiring IT intervention. Users can set up their devices with a few clicks, eliminating the need for administrators to create and track system images or manage the infrastructure required to push those images to new or repurposed devices. Read more on Allot’s solutions for Zero-touch provisioning. Glossary Allot’s Top Cybersecurity Terms Download PDF Connect with us. contact us Company About Allot CyberHub Locations Careers Contact Us Terms of Use Privacy Policy Get support Terms of Use Copyright 2022 Allot. All Rights Reserved. Contact Sales CONTACT SALES. Discover the best solutions for your organization. You’re all set! We look forward to meeting with you on Monday, June 28 @ 14:00 EST. The meeting details will be sent to your mail box in a few seconds. For a deep dive into Allot’s SMB solutions, we’d like to offer you a free copy of our position paperSecurity for SMBs: Threats and Opportunities on the Rise. Get your e-book » We use cookies to ensure that we give you the best experience on this website. If you continue without changing your settings, we’ll assume that you are happy to receive all on the Allot website. However, if you would like, you can change your cookie settings at any time. To find out more about how we use this information, see our Privacy Policy. Accept
Topics
  • Topic
  • Tf
  • Position
  • network
  • 66
  • 5
  • security
  • 51
  • 5
  • system
  • 50
  • 5
  • data
  • 45
  • 5
  • computer
  • 43
  • 5
  • solution
  • 41
  • 5
  • allot
  • 39
  • 5
  • device
  • 35
  • 5
  • attack
  • 35
  • 5
  • program
  • 32
  • 5
  • victim
  • 31
  • 5
  • user
  • 31
  • 5
  • threat
  • 31
  • 5
  • malware
  • 30
  • 5
  • read allot
  • 28
  • 5
  • maliciou
  • 27
  • 5
  • access
  • 27
  • 5
  • process
  • 27
  • 5
  • attacker
  • 23
  • 5
  • organization
  • 23
  • 5
  • web
  • 23
  • 5
  • software
  • 22
  • 5
  • service
  • 21
  • 5
  • information
  • 21
  • 5
  • code
  • 19
  • 5
  • read
  • 18
  • 5
  • password
  • 16
  • 5
  • site
  • 15
  • 5
  • term
  • 15
  • 5
  • include
  • 14
  • 5
  • anti
  • 14
  • 5
  • allot solution
  • 12
  • 5
  • network security
  • 9
  • 5
  • solution network
  • 8
  • 5
  • web site
  • 8
  • 5
  • gain access
  • 7
  • 5
  • solution business
  • 6
  • 5
  • anti malware
  • 6
  • 5
  • maliciou program
  • 6
  • 5
  • system network
  • 6
  • 5
  • sim card
  • 5
  • 5
  • web application
  • 5
  • 5
  • security solution
  • 5
  • 5
  • computer network
  • 5
  • 5
  • dark web
  • 5
  • 5
  • solution network security
  • 4
  • 5
  • top cybersecurity
  • 4
  • 5
  • endpoint protection
  • 4
  • 5
  • cybersecurity term
  • 4
  • 5
  • cyber threat
  • 4
  • 5
  • advanced threat
  • 4
  • 5
  • sensitive data
  • 4
  • 5
  • attack vector
  • 4
  • 5
  • attacker gain
  • 4
  • 5
  • ddo attack
  • 4
  • 5
  • maliciou code
  • 4
  • 5
  • legitimate process
  • 4
  • 5
  • fileless malware
  • 4
  • 5
  • network device
  • 4
  • 5
  • detection response
  • 4
  • 5
  • top cybersecurity term
  • 3
  • 5
  • advanced threat protection
  • 3
  • 5
  • business continuity plan
  • 3
  • 5
  • solution business security
  • 3
  • 5
  • in line network
  • 3
  • 5
  • line network device
  • 3
  • 5
  • intrusion prevention system
  • 3
  • 5
  • zero touch provisioning
  • 3
  • 5
  • service provider
  • 3
  • 5
  • threat protection
  • 3
  • 5
  • personal data
  • 3
  • 5
  • adware program
  • 3
  • 5
  • anti botnet
  • 3
  • 5
  • program designed
  • 3
  • 5
  • anti phishing
  • 3
  • 5
  • unauthorized access
  • 3
  • 5
  • access computer
  • 3
  • 5
  • computer system
  • 3
  • 5
  • maliciou computer
  • 3
  • 5
  • computer program
  • 3
  • 5
  • personal information
  • 3
  • 5
  • access control
  • 3
  • 5
  • ip address
  • 3
  • 5
  • business continuity
  • 3
  • 5
  • continuity plan
  • 3
  • 5
  • business security
  • 3
  • 5
  • web page
  • 3
  • 5
  • data breach
  • 3
  • 5
  • data integrity
  • 3
  • 5
  • cipher text
  • 3
  • 5
  • mobile device
  • 3
  • 5
  • device network
  • 3
  • 5
  • security system
  • 3
  • 5
  • additional step
  • 3
  • 5
  • maliciou actor
  • 3
  • 5
  • indicator compromise
  • 3
  • 5
  • in line
  • 3
  • 5
  • line network
  • 3
  • 5
  • intrusion prevention
  • 3
  • 5
  • prevention system
  • 3
  • 5
  • application firewall
  • 3
  • 5
  • process hollowing
  • 3
  • 5
  • incident response
  • 3
  • 5
  • social engineering
  • 3
  • 5
  • spear phishing
  • 3
  • 5
  • threat assessment
  • 3
  • 5
  • threat intelligence
  • 3
  • 5
  • private network
  • 3
  • 5
  • white hat
  • 3
  • 5
  • zero touch
  • 3
  • 5
  • touch provisioning
  • 3
  • 5
Result 6
TitleCybersecurity Terms - Cybersecurity Glossary | CyberWire
Urlhttps://thecyberwire.com/glossary
DescriptionLearn cybersecurity terms and definitions at TheCyberWire.com and get proper pronunciations and links to cyber terms in today's top cybersecurity news and podcasts
Date
Organic Position6
H1Cybersecurity Terms
H2
H3
H2WithAnchors
BodyCybersecurity TermsTerms often used in discussions of cyber security, briefly defined. Your corrections, suggestions, and recommendations for additional entries are welcome: email the editor at [email protected] side hustleListen on Word NotesATM skimmingListen on Word NotesAccumuloActive Cyber DefenseAdvanced Encryption Standard (AES)Advanced Technology Attachment (ATA)AndroidAsymmetric Encryptionaccount hijackingacoustic cryptanalysisactive defenseadvanced evasion technique (AET)advanced persistent threat (APT)Listen on Word Notesadwarealert fatiguealgorithmanagramListen on Word Notesangler phishinganomoly detectionanonymizeranti-malwareanti-malwearapplicationastroturfattack trafficBBIOSBlack HatBombeListen on Word NotesBring-Your-Own-Device (BYOD)Bring-Your-Own-Encryption (BYOE)backdoorListen on Word Notesbaitingbaseliningbashmobbehavior analysisbenignbig databiometricbitblack box testingblack hatblack swan eventblack-box testingblacklistbotbotnetbrowserbrute-force attackListen on Word Notesbufferbuffer overflowbusiness email compromise (BEC)Listen on Word NotesbyteCCEO fraudCertified Information Systems Security Professional (CISSP)Certified Signing RequestChief Information Security Officer (CISO)CloudTrust ProtocolCommercial-off-the-shelf (COTS)Copy-paste compromisecatfishcertificate authority (CA)clandestineclickbaitclickjackingclone phishingcloud computingListen on Word Notescloud encryptioncloud intelligencecloud nativeclustercold boot attackListen on Word Notescomputer forensicscomputer network attack (CNA)computer network defense (CND) (CND)computer network exploitation (CNE) (CNE)computer network operations (CNO) (CNO)covertcovert responsecredential stealingListen on Word Notescredential stuffingcreepwarecrimewarecross-site request forgerycross-site scripting (XSS)Listen on Word Notescrowd sourcingcryptographic keycryptographycyber privateeringcyber riotcyber vandalismcyber vigilantismDDNS amplificationDNS cache poisoningDNS hijackingDNS redirectionDark PatternsDomain Name System (DNS) (DNS)Domain-based Message Authentication, Reporting and Conformance (DMARC)daemonListen on Word Notesdark webdarknetListen on Word Notesdata breachdata compromisedata exfiltrationdata leakdata loss preventiondata remanencedata segregationdata-at-restdata-in-motiondata-in-usedecryptionListen on Word Notesdeep packet inspection (DPI)Listen on Word Notesdeep webdeepfakedenial-of-service attackListen on Word Notesdictionary attackdifferential fault analysis attackdigital certificatedirectory traversal attackdistributed denial-of-service attack (DDoS)distributed reflection denial-of-service attack (DrDoS)domain fluxingdomain spoofingdomain-generation algorithm (DGA)dox doxingdrivedrive-by downloaddriverdumpster divingdwell timedynamic analysisEelectromagnetic attackelectronic intelligence (ELINT)email hijackingencodingencryptionListen on Word Notesencryption-as-a-service (EaaS)endpointListen on Word Notesendpoint detection and response (EDR)endpoint security managementerasure codingevil maid attackevil twinexpert systemexploitexploit kitFFOSSfalse flagfilefileless malwarefirewallfirmwareforensicsfullzfuzzingListen on Word NotesGGeneral Data Protection Regulation (GDPR)Google dorkingGovernment-off-the-shelf (GOTS)gigabyte (GB)government surveillancegray box testinggrey hatgreywareListen on Word Notesgummi-bear hackHHASPHadoophackerhackinghacktivisthard drivehardware against software piracy ((HASP))hashingheuristichomographic attackhuman intelligence (HUMINT)IIntegrated Drive Electronics (IDE)Internationalized Domain Name homograph attackInternet-of-things (IoT)IoT botnetiOSidentity managementidentity theftListen on Word Notesimagery intelligence (IMINT)incident responseindustrial control system (ICS)inference attackinline network deviceintegrated development environment (IDE)intelligenceListen on Word Notesintrusion detection system (IDS)Jjailbreakjunk hackKkeyloggerListen on Word Noteskeyloggingkilobyte (KB)kineticLLinuxlateral movementleast privilege accesslulzMMICEMac OSMetasploit frameworkMonte Carlo simulationListen on Word Notesmachine learningmadwaremaliciousmaltweetmalvertisingmalwareman trapListen on Word Notesman-in-the-middle attackmeasurement and signature intelligence (MASINT)megabyte (MB)micro virtual machine (micro VM)mitigationmulti-factor authenticationListen on Word NotesNNMAPListen on Word NotesNetwork Time Protocol (NTP)Listen on Word NotesNetwork Time Protocol attacknetwork detection and response (NDR)Listen on Word Notesnetwork telescopeListen on Word Notesnext-generation firewallOOctaveobfuscationopen sourceopen source intelligence (OSINT)operating system (OS)operational technology (OT)PPayment Card Industry Data Security Standard (PCI DSS)Pythonpacketpass-the-hashpayloadpenetration testListen on Word Notesperipheralpersonal security product (PSP)personally identifiable information (PII)pharmingphish-prone percentagephishbaitphishingListen on Word Notesphreakingport mirroringListen on Word Notespost-compromisepower-analysis attackpretextingprivilege creepprivilege escalation attackprivilege managementprotected health informationpseudorandomised datapublic key cryptographypublic key infrastructure (PKI)pwnQQR code phishingRRAM-scrapingRivest, Shamir, Adleman algorithm (RSA)rainbow tablerandom access memory (RAM)ransomwareremote access trojan (RAT)Listen on Word Notesresponsereverse engineeringriskrogue access pointListen on Word NotesrootkitListen on Word NotesSSIM swapSOC visbility triadListen on Word NotesSQL injectionSQL poisoning attackSSL checkerSYN floodingSYN scanningSecurity Orchestration, Automation, and Response. (SOAR)Serial Advanced Technology Attachment (SATA)Structured Query Language (SQL)saltsandboxscarewarescrapingscript kiddiesearch engine optimization poisoningsecure sockets layer (SSL)security awareness trainingsecurity information and event management (SIEM)security operations center (SOC)sextortionshadow ITListen on Word Notessharkingshellcodeshoulder surfingside-channel attacksignals intelligence (SIGINT)signaturesignature-based detectionsimulated phishingsinkholesituational intelligencesmishingListen on Word Notessneakernetsniffersocial engineeringListen on Word Notessockpuppetspamspearphishingspoofingspywaresteganographysupervisory control and data acquisition (SCADA)supply chain attackListen on Word NotesTTransport Layer Security (TLS)TrojanTrojanizeTwenty Controlstabnabbingtactics, techniques, and procedures (TTP)Listen on Word Notestailgatingtaint analysisListen on Word Notestelephony denial-of-service (TDos)threatthreat intelligenceListen on Word Notesthumb drivetiming attacktweettwo-factor authenticationtyposquattingUURL obfuscationUnified Extensible Firmware Interface (UEFI)Listen on Word NotesUniversal Serial Bus (USB)UnixListen on Word Notesuser experience (UX)user interface (UI)Vvirtual appliancevirtual machine (VM)virtual private network (VPN)Listen on Word Notesvirtualizationvirusvirus scanvishingvulnerabilityWWikiLeaksWindowswatering hole attackListen on Word Notesweaponizewhite box testingwhite hatwhitelistwild, thewizardwormZzero dayListen on Word Noteszero-day attackzero-day malware
Topics
  • Topic
  • Tf
  • Position
  • word
  • 50
  • 6
  • service
  • 11
  • 6
  • security
  • 7
  • 6
  • denial
  • 6
  • 6
  • network
  • 6
  • 6
  • intelligence
  • 6
  • 6
  • attacklisten word
  • 5
  • 6
  • attacklisten
  • 5
  • 6
  • system
  • 5
  • 6
  • box
  • 4
  • 6
  • information
  • 4
  • 6
  • denial service
  • 3
  • 6
  • word notesnetwork
  • 3
  • 6
  • technology
  • 3
  • 6
  • attack
  • 3
  • 6
  • detection
  • 3
  • 6
  • response
  • 3
  • 6
  • data
  • 3
  • 6
  • notesnetwork
  • 3
  • 6
  • access
  • 3
  • 6
Result 7
TitleGlossary of Security Terms | SANS Institute
Urlhttps://www.sans.org/security-resources/glossary-of-terms
DescriptionGlossary of Security Terms
Date
Organic Position7
H1Glossary of Security Terms
H2A-B
C-D
E-F
G-H
I-K
L-M
N-O
P-Q
R-S
T-U
V-Z
H3
H2WithAnchorsA-B
C-D
E-F
G-H
I-K
L-M
N-O
P-Q
R-S
T-U
V-Z
BodyGlossary of Security Terms Become your company’s cyber security thesaurus. Find the definition of the most commonly used cyber security terms in our glossary below. A-BC-DE-FG-HI-KL-MN-OP-QR-ST-UV-Z# A-B. Access ControlAccess Control ensures that resources are only granted to those users who are entitled to them. Access Control List (ACL)A mechanism that implements access control for a system resource by listing the identities of the system entities that are permitted to access the resource. Access Control ServiceA security service that provides protection of system resources against unauthorized access. The two basic mechanisms for implementing this service are ACLs and tickets. Access Management AccessManagement is the maintenance of access information which consists of four tasks: account administration, maintenance, monitoring, and revocation. Access MatrixAn Access Matrix uses rows to represent subjects and columns to represent objects with privileges listed in each cell. Account HarvestingAccount Harvesting is the process of collecting all the legitimate account names on a system. ACK PiggybackingACK piggybacking is the practice of sending an ACK inside another packet going to the same destination. Active ContentProgram code embedded in the contents of a web page. When the page is accessed by a web browser, the embedded code is automatically downloaded and executed on the user's workstation. Ex. Java, ActiveX (MS) Activity MonitorsActivity monitors aim to prevent virus infection by monitoring for malicious activity on a system, and blocking that activity when possible. Address Resolution Protocol (ARP)Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol address to a physical machine address that is recognized in the local network. A table, usually called the ARP cache, is used to maintain a correlation between each MAC address and its corresponding IP address. ARP provides the protocol rules for making this correlation and providing address conversion in both directions. Advanced Encryption Standard (AES)An encryption standard being developed by NIST. Intended to specify an unclassified, publicly-disclosed, symmetric encryption algorithm. AlgorithmA finite set of step-by-step instructions for a problem-solving or computation procedure, especially one that can be implemented by a computer. AppletJava programs; an application program that uses the client's web browser to provide a user interface. ARPANETAdvanced Research Projects Agency Network, a pioneer packet-switched network that was built in the early 1970s under contract to the US Government, led to the development of today's Internet, and was decommissioned in June 1990. Asymmetric CryptographyPublic-key cryptography; A modern branch of cryptography in which the algorithms employ a pair of keys (a public key and a private key) and use a different component of the pair for different steps of the algorithm. Asymmetric WarfareAsymmetric warfare is the fact that a small investment, properly leveraged, can yield incredible results. AuditingAuditing is the information gathering and analysis of assets to ensure such things as policy compliance and security from vulnerabilities. AuthenticationAuthentication is the process of confirming the correctness of the claimed identity. AuthenticityAuthenticity is the validity and conformance of the original information. AuthorizationAuthorization is the approval, permission, or empowerment for someone or something to do something. Autonomous SystemOne network or series of networks that are all under one administrative control. An autonomous system is also sometimes referred to as a routing domain. An autonomous system is assigned a globally unique number, sometimes called an Autonomous System Number (ASN). AvailabilityAvailability is the need to ensure that the business purpose of the system can be met and that it is accessible to those who need to use it. BackdoorA backdoor is a tool installed after a compromise to give an attacker easier access to the compromised system around any security mechanisms that are in place. BandwidthCommonly used to mean the capacity of a communication channel to pass data through the channel in a given amount of time. Usually expressed in bits per second. BannerA banner is the information that is displayed to a remote user trying to connect to a service. This may include version information, system information, or a warning about authorized use. Basic AuthenticationBasic Authentication is the simplest web-based authentication scheme that works by sending the username and password with each request. Bastion HostA bastion host has been hardened in anticipation of vulnerabilities that have not been discovered yet. BINDBIND stands for Berkeley Internet Name Domain and is an implementation of DNS. DNS is used for domain name to IP address resolution. BiometricsBiometrics use physical characteristics of the users to determine access. BitThe smallest unit of information storage; a contraction of the term "binary digit;" one of two symbolsN"0" (zero) and "1" (one) - that are used to represent binary numbers. Block CipherA block cipher encrypts one block of data at a time. Blue TeamThe people who perform defensive cybersecurity tasks, including placing and configuring firewalls, implementing patching programs, enforcing strong authentication, ensuring physical security measures are adequate and a long list of similar undertakings. Boot Record InfectorA boot record infector is a piece of malware that inserts malicious code into the boot sector of a disk. Border Gateway Protocol (BGP)An inter-autonomous system routing protocol. BGP is used to exchange routing information for the Internet and is the protocol used between Internet service providers (ISP). BotnetA botnet is a large number of compromised computers that are used to create and send spam or viruses or flood a network with messages as a denial of service attack. BridgeA product that connects a local area network (LAN) to another local area network that uses the same protocol (for example, Ethernet or token ring). British Standard 7799A standard code of practice and provides guidance on how to secure an information system. It includes the management framework, objectives, and control requirements for information security management systems. BroadcastTo simultaneously send the same message to multiple recipients. One host to all hosts on network. Broadcast AddressAn address used to broadcast a datagram to all hosts on a given network using UDP or ICMP protocol. BrowserA client computer program that can retrieve and display information from servers on the World Wide Web. Brute ForceA cryptanalysis technique or other kind of attack method involving an exhaustive procedure that tries all possibilities, one-by-one. Buffer OverflowA buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Business Continuity Plan (BCP)A Business Continuity Plan is the plan for emergency response, backup operations, and post-disaster recovery steps that will ensure the availability of critical resources and facilitate the continuity of operations in an emergency situation. Business Impact Analysis (BIA)A Business Impact Analysis determines what levels of impact to a system are tolerable. ByteA fundamental unit of computer storage; the smallest addressable unit in a computer's architecture. Usually holds one character of information and usually means eight bits. C-D. CachePronounced cash, a special high-speed storage mechanism. It can be either a reserved section of main memory or an independent high-speed storage device. Two types of caching are commonly used in personal computers: memory caching and disk caching. Cache CrammingCache Cramming is the technique of tricking a browser to run cached Java code from the local disk, instead of the internet zone, so it runs with less restrictive permissions. Cache PoisoningMalicious or misleading data from a remote name server is saved [cached] by another name server. Typically used with DNS cache poisoning attacks. Call Admission Control (CAC)The inspection and control all inbound and outbound voice network activity by a voice firewall based on user-defined policies. CellA cell is a unit of data transmitted over an ATM network. Certificate-Based AuthenticationCertificate-Based Authentication is the use of SSL and certificates to authenticate and encrypt HTTP traffic. CGICommon Gateway Interface. This mechanism is used by HTTP servers (web servers) to pass parameters to executable scripts in order to generate responses dynamically. Chain of CustodyChain of Custody is the important application of the Federal rules of evidence and its handling. Challenge-Handshake Authentication Protocol (CHAP)The Challenge-Handshake Authentication Protocol uses a challenge/response authentication mechanism where the response varies every challenge to prevent replay attacks. ChecksumA value that is computed by a function that is dependent on the contents of a data object and is stored or transmitted together with the object, for the purpose of detecting changes in the data. CipherA cryptographic algorithm for encryption and decryption. CiphertextCiphertext is the encrypted form of the message being sent. Circuit Switched NetworkA circuit switched network is where a single continuous physical circuit connected two endpoints where the route was immutable once set up. ClientA system entity that requests and uses a service provided by another system entity, called a "server." In some cases, the server may itself be a client of some other server. Cloud ComputingUtilization of remote servers in the data-center of a cloud provider to store, manage, and process your data instead of using local computer systems. Cold/Warm/Hot Disaster Recovery Site* Hot site. It contains fully redundant hardware and software, with telecommunications, telephone and utility connectivity to continue all primary site operations. Failover occurs within minutes or hours, following a disaster. Daily data synchronization usually occurs between the primary and hot site, resulting in minimum or no data loss. Offsite data backup tapes might be obtained and delivered to the hot site to help restore operations. Backup tapes should be regularly tested to detect data corruption, malicious code and environmental damage. A hot site is the most expensive option. * Warm site. It contains partially redundant hardware and software, with telecommunications, telephone and utility connectivity to continue some, but not all primary site operations. Failover occurs within hours or days, following a disaster. Daily or weekly data synchronization usually occurs between the primary and warm site, resulting in minimum data loss. Offsite data backup tapes must be obtained and delivered to the warm site to restore operations. A warm site is the second most expensive option. * Cold site. Hardware is ordered, shipped and installed, and software is loaded. Basic telecommunications, telephone and utility connectivity might need turning on to continue some, but not all primary site operations. Relocation occurs within weeks or longer, depending on hardware arrival time, following a disaster. No data synchronization occurs between the primary and cold site, and could result in significant data loss. Offsite data backup tapes must be obtained and delivered to the cold site to restore operations. A cold site is the least expensive option. CollisionA collision occurs when multiple systems transmit simultaneously on the same wire. Competitive IntelligenceCompetitive Intelligence is espionage using legal, or at least not obviously illegal, means. Computer Emergency Response Team (CERT)An organization that studies computer and network INFOSEC in order to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer other information to help improve computer and network security. Computer NetworkA collection of host computers together with the sub-network or inter-network through which they can exchange data. ConfidentialityConfidentiality is the need to ensure that information is disclosed only to those who are authorized to view it. Configuration ManagementEstablish a known baseline condition and manage it. CookieData exchanged between an HTTP server and a browser (a client of the server) to store state information on the client side and retrieve it later for server use. An HTTP server, when sending data to a client, may send along a cookie, which the client retains after the HTTP connection closes. A server can use this mechanism to maintain persistent client-side state information for HTTP-based applications, retrieving the state information in later connections. CorruptionA threat action that undesirably alters system operation by adversely modifying system functions or data. Cost Benefit AnalysisA cost benefit analysis compares the cost of implementing countermeasures with the value of the reduced risk. CountermeasureReactive methods used to prevent an exploit from successfully occurring once a threat has been detected. Intrusion Prevention Systems (IPS) commonly employ countermeasures to prevent intruders form gaining further access to a computer network. Other counter measures are patches, access control lists and malware filters. Covert ChannelsCovert Channels are the means by which information can be communicated between two parties in a covert fashion using normal system operations. For example by changing the amount of hard drive space that is available on a file server can be used to communicate information. CrimewareA type of malware used by cyber criminals. The malware is designed to enable the cyber criminal to make money off of the infected system (such as harvesting key strokes, using the infected systems to launch Denial of Service Attacks, etc.). CronCron is a Unix application that runs jobs for users and administrators at scheduled times of the day. Crossover CableA crossover cable reverses the pairs of cables at the other end and can be used to connect devices directly together. CryptanalysisThe mathematical science that deals with analysis of a cryptographic system in order to gain knowledge needed to break or circumvent the protection that the system is designed to provide. In other words, convert the cipher text to plaintext without knowing the key. Cryptographic Algorithm or HashAn algorithm that employs the science of cryptography, including encryption algorithms, cryptographic hash algorithms, digital signature algorithms, and key agreement algorithms. Cut-ThroughCut-Through is a method of switching where only the header of a packet is read before it is forwarded to its destination. Cyclic Redundancy Check (CRC)Sometimes called "cyclic redundancy code." A type of checksum algorithm that is not a cryptographic hash but is used to implement data integrity service where accidental changes to data are expected. DaemonA program which is often started at the time the system boots and runs continuously without intervention from any of the users on the system. The daemon program forwards the requests to other programs (or processes) as appropriate. The term daemon is a Unix term, though many other operating systems provide support for daemons, though they're sometimes called other names. Windows, for example, refers to daemons and System Agents and services. Data AggregationData Aggregation is the ability to get a more complete picture of the information by analyzing several different types of records at once. Data CustodianA Data Custodian is the entity currently using or manipulating the data, and therefore, temporarily taking responsibility for the data. Data Encryption Standard (DES)A widely-used method of data encryption using a private (secret) key. There are 72,000,000,000,000,000 (72 quadrillion) or more possible encryption keys that can be used. For each given message, the key is chosen at random from among this enormous number of keys. Like other private key cryptographic methods, both the sender and the receiver must know and use the same private key. Data MiningData Mining is a technique used to analyze existing information, usually with the intention of pursuing new avenues to pursue business. Data OwnerA Data Owner is the entity having responsibility and authority for the data. Data WarehousingData Warehousing is the consolidation of several previously independent databases into one location. DatagramRequest for Comment 1594 says, "a self-contained, independent entity of data carrying sufficient information to be routed from the source to the destination computer without reliance on earlier exchanges between this source and destination computer and the transporting network." The term has been generally replaced by the term packet. Datagrams or packets are the message units that the Internet Protocol deals with and that the Internet transports. A datagram or packet needs to be self-contained without reliance on earlier exchanges because there is no connection of fixed duration between the two communicating points as there is, for example, in most voice telephone conversations. (This kind of protocol is referred to as connectionless.) Day ZeroThe "Day Zero" or "Zero Day" is the day a new vulnerability is made known. In some cases, a "zero day" exploit is referred to an exploit for which no patch is available yet. ("day one"-> day at which the patch is made available). DecapsulationDecapsulation is the process of stripping off one layer's headers and passing the rest of the packet up to the next higher layer on the protocol stack. DecryptionDecryption is the process of transforming an encrypted message into its original plaintext. DefacementDefacement is the method of modifying the content of a website in such a way that it becomes "vandalized" or embarrassing to the website owner. Defense In-DepthDefense In-Depth is the approach of using multiple layers of security to guard against failure of a single security component. Demilitarized Zone (DMZ)In computer security, in general a demilitarized zone (DMZ) or perimeter network is a network area (a subnetwork) that sits between an organization's internal network and an external network, usually the Internet. DMZ's help to enable the layered security model in that they provide subnetwork segmentation based on security requirements or policy. DMZ's provide either a transit mechanism from a secure source to an insecure destination or from an insecure source to a more secure destination. In some cases, a screened subnet which is used for servers accessible from the outside is referred to as a DMZ. Denial of ServiceThe prevention of authorized access to a system resource or the delaying of system operations and functions. Dictionary AttackAn attack that tries all of the phrases or words in a dictionary, trying to crack a password or key. A dictionary attack uses a predefined list of words compared to a brute force attack that tries all possible combinations. Diffie-HellmanA key agreement algorithm published in 1976 by Whitfield Diffie and Martin Hellman. Diffie-Hellman does key establishment, not encryption. However, the key that it produces may be used for encryption, for further key management operations, or for any other cryptography. Digest AuthenticationDigest Authentication allows a web client to compute MD5 hashes of the password to prove it has the password. Digital CertificateA digital certificate is an electronic "credit card" that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority. It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Digital EnvelopeA digital envelope is an encrypted message with the encrypted session key. Digital SignatureA digital signature is a hash of a message that uniquely identifies the sender of the message and proves the message hasn't changed since transmission. Digital Signature Algorithm (DSA)An asymmetric cryptographic algorithm that produces a digital signature in the form of a pair of large numbers. The signature is computed using rules and parameters such that the identity of the signer and the integrity of the signed data can be verified. Digital Signature Standard (DSS)The US Government standard that specifies the Digital Signature Algorithm (DSA), which involves asymmetric cryptography. DisassemblyThe process of taking a binary program and deriving the source code from it. Disaster Recovery Plan (DRP)A Disaster Recovery Plan is the process of recovery of IT systems in the event of a disruption or disaster. Discretionary Access Control (DAC)Discretionary Access Control consists of something the user can manage, such as a document password. DisruptionA circumstance or event that interrupts or prevents the correct operation of system services and functions. Distance VectorDistance vectors measure the cost of routes to determine the best route to all known networks. Distributed ScansDistributed Scans are scans that use multiple source addresses to gather information. DomainA sphere of knowledge, or a collection of facts about some program entities or a number of network points or addresses, identified by a name. On the Internet, a domain consists of a set of network addresses. In the Internet's domain name system, a domain is a name with which name server records are associated that describe sub-domains or host. In Windows NT and Windows 2000, a domain is a set of network resources (applications, printers, and so forth) for a group of users. The user need only to log in to the domain to gain access to the resources, which may be located on a number of different servers in the network. Domain HijackingDomain hijacking is an attack by which an attacker takes over a domain by first blocking access to the domain's DNS server and then putting his own server up in its place. Domain NameA domain name locates an organization or other entity on the Internet. For example, the domain name "www.sans.org" locates an Internet address for "sans.org" at Internet point 199.0.0.2 and a particular host server named "www". The "org" part of the domain name reflects the purpose of the organization or entity (in this example, "organization") and is called the top-level domain name. The "sans" part of the domain name defines the organization or entity and together with the top-level is called the second-level domain name. Domain Name System (DNS)The domain name system (DNS) is the way that Internet domain names are located and translated into Internet Protocol addresses. A domain name is a meaningful and easy-to-remember "handle" for an Internet address. Due CareDue care ensures that a minimal level of protection is in place in accordance with the best practice in the industry. Due DiligenceDue diligence is the requirement that organizations must develop and deploy a protection plan to prevent fraud, abuse, and additional deploy a means to detect them if they occur. DumpSecDumpSec is a security tool that dumps a variety of information about a system's users, file system, registry, permissions, password policy, and services. Dumpster DivingDumpster Diving is obtaining passwords and corporate directories by searching through discarded media. Dynamic Link LibraryA collection of small programs, any of which can be called when needed by a larger program that is running in the computer. The small program that lets the larger program communicate with a specific device such as a printer or scanner is often packaged as a DLL program (usually referred to as a DLL file). Dynamic Routing ProtocolAllows network devices to learn routes. Ex. RIP, EIGRP Dynamic routing occurs when routers talk to adjacent routers, informing each other of what networks each router is currently connected to. The routers must communicate using a routing protocol, of which there are many to choose from. The process on the router that is running the routing protocol, communicating with its neighbor routers, is usually called a routing daemon. The routing daemon updates the kernel's routing table with information it receives from neighbor routers. E-F. EavesdroppingEavesdropping is simply listening to a private conversation which may reveal information which can provide access to a facility or network. Echo ReplyAn echo reply is the response a machine that has received an echo request sends over ICMP. Echo RequestAn echo request is an ICMP message sent to a machine to determine if it is online and how long traffic takes to get to it. Egress FilteringFiltering outbound traffic. Emanations AnalysisGaining direct knowledge of communicated data by monitoring and resolving a signal that is emitted by a system and that contains the data but is not intended to communicate the data. EncapsulationThe inclusion of one data structure within another structure so that the first data structure is hidden for the time being. EncryptionCryptographic transformation of data (called "plaintext") into a form (called "cipher text") that conceals the data's original meaning to prevent it from being known or used. Ephemeral PortAlso called a transient port or a temporary port. Usually is on the client side. It is set up when a client application wants to connect to a server and is destroyed when the client application terminates. It has a number chosen at random that is greater than 1023. Escrow PasswordsEscrow Passwords are passwords that are written down and stored in a secure location (like a safe) that are used by emergency personnel when privileged personnel are unavailable. EthernetThe most widely-installed LAN technology. Specified in a standard, IEEE 802.3, an Ethernet LAN typically uses coaxial cable or special grades of twisted pair wires. Devices are connected to the cable and compete for access using a CSMA/CD protocol. EventAn event is an observable occurrence in a system or network. Exponential Backoff AlgorithmAn exponential backoff algorithm is used to adjust TCP timeout values on the fly so that network devices don't continue to timeout sending data over saturated links. ExposureA threat action whereby sensitive data is directly released to an unauthorized entity. Extended ACLs (Cisco)Extended ACLs are a more powerful form of Standard ACLs on Cisco routers. They can make filtering decisions based on IP addresses (source or destination), Ports (source or destination), protocols, and whether a session is established. Extensible Authentication Protocol (EAP)A framework that supports multiple, optional authentication mechanisms for PPP, including clear-text passwords, challenge-response, and arbitrary dialog sequences. Exterior Gateway Protocol (EGP)A protocol which distributes routing information to the routers which connect autonomous systems. False RejectsFalse Rejects are when an authentication system fails to recognize a valid user. Fast File SystemThe first major revision to the Unix file system, providing faster read access and faster (delayed, asynchronous) write access through a disk cache and better file system layout on disk. It uses inodes (pointers) and data blocks. Fast FluxProtection method used by botnets consisting of a continuous and fast change of the DNS records for a domain name through different IP addresses. Fault Line AttacksFault Line Attacks use weaknesses between interfaces of systems to exploit gaps in coverage. File Transfer Protocol (FTP)A TCP/IP protocol specifying the transfer of text or binary files across the network. FilterA filter is used to specify which packets will or will not be used. It can be used in sniffers to determine which packets get displayed, or by firewalls to determine which packets get blocked. Filtering RouterAn inter-network router that selectively prevents the passage of data packets according to a security policy. A filtering router may be used as a firewall or part of a firewall. A router usually receives a packet from a network and decides where to forward it on a second network. A filtering router does the same, but first decides whether the packet should be forwarded at all, according to some security policy. The policy is implemented by rules (packet filters) loaded into the router. FingerA protocol to lookup user information on a given host. A Unix program that takes an e-mail address as input and returns information about the user who owns that e-mail address. On some systems, finger only reports whether the user is currently logged on. Other systems return additional information, such as the user's full name, address, and telephone number. Of course, the user must first enter this information into the system. Many e-mail programs now have a finger utility built into them. FingerprintingSending strange packets to a system in order to gauge how it responds to determine the operating system. FirewallA logical or physical discontinuity in a network to prevent unauthorized access to data or resources. FloodingAn attack that attempts to cause a failure in (especially, in the security of) a computer system or other data processing entity by providing more input than the entity can process properly. ForestA forest is a set of Active Directory domains that replicate their databases with each other. Fork BombA Fork Bomb works by using the fork() call to create a new process which is a copy of the original. By doing this repeatedly, all available processes on the machine can be taken up. Form-Based AuthenticationForm-Based Authentication uses forms on a webpage to ask a user to input username and password information. Forward LookupForward lookup uses an Internet domain name to find an IP address Forward ProxyForward Proxies are designed to be the server through which all requests are made. Fragment OffsetThe fragment offset field tells the sender where a particular fragment falls in relation to other fragments in the original larger packet. Fragment Overlap AttackA TCP/IP Fragmentation Attack that is possible because IP allows packets to be broken down into fragments for more efficient transport across various media. The TCP packet (and its header) are carried in the IP packet. In this attack the second fragment contains incorrect offset. When packet is reconstructed, the port number will be overwritten. FragmentationThe process of storing a data file in several "chunks" or fragments rather than in a single contiguous sequence of bits in one place on the storage medium. FramesData that is transmitted between network points as a unit complete with addressing and necessary protocol control information. A frame is usually transmitted serial bit by bit and contains a header field and a trailer field that "frame" the data. (Some control frames contain no data.) Full DuplexA type of duplex communications channel which carries data in both directions at once. Refers to the transmission of data in two directions simultaneously. Communications in which both sender and receiver can send at the same time. Fully-Qualified Domain NameA Fully-Qualified Domain Name is a server name with a hostname followed by the full domain name. FuzzingThe use of special regression testing tools to generate out-of-spec input for an application in order to find security vulnerabilities. Also see "regression testing".G-H. GatewayA network point that acts as an entrance to another network. gethostbyaddrThe gethostbyaddr DNS query is when the address of a machine is known and the name is needed. gethostbynameThe gethostbyname DNS quest is when the name of a machine is known and the address is needed. GNUGNU is a Unix-like operating system that comes with source code that can be copied, modified, and redistributed. The GNU project was started in 1983 by Richard Stallman and others, who formed the Free Software Foundation. GnutellaAn Internet file sharing utility. Gnutella acts as a server for sharing files while simultaneously acting as a client that searches for and downloads files from other users. HardeningHardening is the process of identifying and fixing vulnerabilities on a system. Hash FunctionAn algorithm that computes a value based on a data object thereby mapping the data object to a smaller data object. Hash Functions(cryptographic) hash functions are used to generate a one way "check sum" for a larger text, which is not trivially reversed. The result of this hash function can be used to validate if a larger file has been altered, without having to compare the larger files to each other. Frequently used hash functions are MD5 and SHA1. HeaderA header is the extra information in a packet that is needed for the protocol stack to process the packet. Hijack AttackA form of active wiretapping in which the attacker seizes control of a previously established communication association. Honey Clientsee Honeymonkey. Honey potPrograms that simulate one or more network services that you designate on your computer's ports. An attacker assumes you're running vulnerable services that can be used to break into the machine. A honey pot can be used to log access attempts to those ports including the attacker's keystrokes. This could give you advanced warning of a more concerted attack. HoneymonkeyAutomated system simulating a user browsing websites. The system is typically configured to detect web sites which exploit vulnerabilities in the browser. Also known as Honey Client. HopsA hop is each exchange with a gateway a packet takes on its way to the destination. HostAny computer that has full two-way access to other computers on the Internet. Or a computer with a web server that serves the pages for one or more Web sites. Host-Based IDHost-based intrusion detection systems use information from the operating system audit records to watch all operations occurring on the host that the intrusion detection software has been installed upon. These operations are then compared with a pre-defined security policy. This analysis of the audit trail imposes potentially significant overhead requirements on the system because of the increased amount of processing power which must be utilized by the intrusion detection system. Depending on the size of the audit trail and the processing ability of the system, the review of audit data could result in the loss of a real-time analysis capability. HTTP ProxyAn HTTP Proxy is a server that acts as a middleman in the communication between HTTP clients and servers. HTTPSWhen used in the first part of a URL (the part that precedes the colon and specifies an access scheme or protocol), this term specifies the use of HTTP enhanced by a security mechanism, which is usually SSL. HubA hub is a network device that operates by repeating data that it receives on one port to all the other ports. As a result, data transmitted by one host is retransmitted to all other hosts on the hub. Hybrid AttackA Hybrid Attack builds on the dictionary attack method by adding numerals and symbols to dictionary words. Hybrid EncryptionAn application of cryptography that combines two or more encryption algorithms, particularly a combination of symmetric and asymmetric encryption. HyperlinkIn hypertext or hypermedia, an information object (such as a word, a phrase, or an image; usually highlighted by color or underscoring) that points (indicates how to connect) to related information that is located elsewhere and can be retrieved by activating the link. Hypertext Markup Language (HTML)The set of markup symbols or codes inserted in a file intended for display on a World Wide Web browser page. Hypertext Transfer Protocol (HTTP)The protocol in the Internet Protocol (IP) family used to transport hypertext documents across an internet.I-K. IdentityIdentity is whom someone or what something is, for example, the name by which something is known. IncidentAn incident as an adverse network event in an information system or network or the threat of the occurrence of such an event. Incident HandlingIncident Handling is an action plan for dealing with intrusions, cyber-theft, denial of service, fire, floods, and other security-related events. It is comprised of a six step process: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned. Incremental BackupsIncremental backups only backup the files that have been modified since the last backup. If dump levels are used, incremental backups only backup files changed since last backup of a lower dump level. Inetd (xinetd)Inetd (or Internet Daemon) is an application that controls smaller internet services like telnet, ftp, and POP. Inference AttackInference Attacks rely on the user to make logical connections between seemingly unrelated pieces of information. Information WarfareInformation Warfare is the competition between offensive and defensive players over information resources. Ingress FilteringIngress Filtering is filtering inbound traffic. Input Validation AttacksInput Validations Attacks are where an attacker intentionally sends unusual input in the hopes of confusing an application. IntegrityIntegrity is the need to ensure that information has not been changed accidentally or deliberately, and that it is accurate and complete. Integrity Star PropertyIn Integrity Star Property a user cannot read data of a lower integrity level then their own. InternetA term to describe connecting multiple separate networks together. Internet Control Message Protocol (ICMP)An Internet Standard protocol that is used to report error conditions during IP datagram processing and to exchange other information concerning the state of the IP network. Internet Engineering Task Force (IETF)The body that defines standard Internet operating protocols such as TCP/IP. The IETF is supervised by the Internet Society Internet Architecture Board (IAB). IETF members are drawn from the Internet Society's individual and organization membership. Internet Message Access Protocol (IMAP)A protocol that defines how a client should fetch mail from and return mail to a mail server. IMAP is intended as a replacement for or extension to the Post Office Protocol (POP). It is defined in RFC 1203 (v3) and RFC 2060 (v4). Internet Protocol (IP)The method or protocol by which data is sent from one computer to another on the Internet. Internet Protocol Security (IPsec)A developing standard for security at the network or packet processing layer of network communication. Internet StandardA specification, approved by the IESG and published as an RFC, that is stable and well-understood, is technically competent, has multiple, independent, and interoperable implementations with substantial operational experience, enjoys significant public support, and is recognizably useful in some or all parts of the Internet. InterruptAn Interrupt is a signal that informs the OS that something has occurred. IntranetA computer network, especially one based on Internet technology, that an organization uses for its own internal, and usually private, purposes and that is closed to outsiders. Intrusion DetectionA security management system for computers and networks. An IDS gathers and analyzes information from various areas within a computer or a network to identify possible security breaches, which include both intrusions (attacks from outside the organization) and misuse (attacks from within the organization). IP AddressA computer's inter-network address that is assigned for use by the Internet Protocol and other protocols. An IP version 4 address is written as a series of four 8-bit numbers separated by periods. IP FloodA denial of service attack that sends a host more echo request ("ping") packets than the protocol implementation can handle. IP ForwardingIP forwarding is an Operating System option that allows a host to act as a router. A system that has more than 1 network interface card must have IP forwarding turned on in order for the system to be able to act as a router. IP SpoofingThe technique of supplying a false IP address. ISOInternational Organization for Standardization, a voluntary, non-treaty, non-government organization, established in 1947, with voting members that are designated standards bodies of participating nations and non-voting observer organizations. Issue-Specific PolicyAn Issue-Specific Policy is intended to address specific needs within an organization, such as a password policy. ITU-TInternational Telecommunications Union, Telecommunication Standardization Sector (formerly "CCITT"), a United Nations treaty organization that is composed mainly of postal, telephone, and telegraph authorities of the member countries and that publishes standards called "Recommendations." JitterJitter or Noise is the modification of fields in a database while preserving the aggregate characteristics of that make the database useful in the first place. Jump BagA Jump Bag is a container that has all the items necessary to respond to an incident inside to help mitigate the effects of delayed reactions. KerberosA system developed at the Massachusetts Institute of Technology that depends on passwords and symmetric cryptography (DES) to implement ticket-based, peer entity authentication service and access control service distributed in a client-server network environment. KernelThe essential center of a computer operating system, the core that provides basic services for all other parts of the operating system. A synonym is nucleus. A kernel can be contrasted with a shell, the outermost part of an operating system that interacts with user commands. Kernel and shell are terms used more frequently in Unix and some other operating systems than in IBM mainframe systems.L-M. Lattice TechniquesLattice Techniques use security designations to determine access to information. Layer 2 Forwarding Protocol (L2F)An Internet protocol (originally developed by Cisco Corporation) that uses tunneling of PPP over IP to create a virtual extension of a dial-up link across a network, initiated by the dial-up server and transparent to the dial-up user. Layer 2 Tunneling Protocol (L2TP)An extension of the Point-to-Point Tunneling Protocol used by an Internet service provider to enable the operation of a virtual private network over the Internet. Least PrivilegeLeast Privilege is the principle of allowing users or applications the least amount of permissions necessary to perform their intended function. LegionSoftware to detect unprotected shares. Lightweight Directory Access Protocol (LDAP)A software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate Intranet. Link StateWith link state, routes maintain information about all routers and router-to-router links within a geographic area, and creates a table of best routes with that information. List Based Access ControlList Based Access Control associates a list of users and their privileges with each object. Loadable Kernel Modules (LKM)Loadable Kernel Modules allow for the adding of additional functionality directly into the kernel while the system is running. Log ClippingLog clipping is the selective removal of log entries from a system log to hide a compromise. Logic bombsLogic bombs are programs or snippets of code that execute when a certain predefined event occurs. Logic bombs may also be set to go off on a certain date or when a specified set of circumstances occurs. Logic GateA logic gate is an elementary building block of a digital circuit. Most logic gates have two inputs and one output. As digital circuits can only understand binary, inputs and outputs can assume only one of two states, 0 or 1. Loopback AddressThe loopback address (127.0.0.1) is a pseudo IP address that always refer back to the local host and are never sent out onto a network. MAC AddressA physical address; a numeric value that uniquely identifies that network device from every other device on the planet. Malicious CodeSoftware (e.g., Trojan horse) that appears to perform a useful or desirable function, but actually gains unauthorized access to system resources or tricks a user into executing other malicious logic. MalwareA generic term for a number of different types of malicious code. Mandatory Access Control (MAC)Mandatory Access Control controls is where the system controls access to resources based on classification levels assigned to both the objects and the users. These controls cannot be changed by anyone. Masquerade AttackA type of attack in which one system entity illegitimately poses as (assumes the identity of) another entity. md5A one way cryptographic hash function. Also see "hash functions" and "sha1" Measures of Effectiveness (MOE)Measures of Effectiveness is a probability model based on engineering concepts that allows one to approximate the impact a give action will have on an environment. In Information warfare it is the ability to attack or defend within an Internet environment. MonocultureMonoculture is the case where a large number of users run the same software, and are vulnerable to the same attacks. Morris WormA worm program written by Robert T. Morris, Jr. that flooded the ARPANET in November, 1988, causing problems for thousands of hosts. Multi-CastBroadcasting from one host to a given set of hosts. Multi-HomedYou are "multi-homed" if your network is directly connected to two or more ISP's. MultiplexingTo combine multiple signals from possibly disparate sources, in order to transmit them over a single path.N-O. NATNetwork Address Translation. It is used to share one or a small number of publicly routable IP addresses among a larger number of hosts. The hosts are assigned private IP addresses, which are then "translated" into one of the publicly routed IP addresses. Typically home or small business networks use NAT to share a single DLS or Cable modem IP address. However, in some cases NAT is used for servers as an additional layer of protection. National Institute of Standards and Technology (NIST)National Institute of Standards and Technology, a unit of the US Commerce Department. Formerly known as the National Bureau of Standards, NIST promotes and maintains measurement standards. It also has active programs for encouraging and assisting industry and science to develop and use these standards. Natural DisasterAny "act of God" (e.g., fire, flood, earthquake, lightning, or wind) that disables a system component. Netmask32-bit number indicating the range of IP addresses residing on a single IP network/subnet/supernet. This specification displays network masks as hexadecimal numbers. For example, the network mask for a class C IP network is displayed as 0xffffff00. Such a mask is often displayed elsewhere in the literature as 255.255.255.0. Network Address TranslationThe translation of an Internet Protocol address used within one network to a different IP address known within another network. One network is designated the inside network and the other is the outside. Network MappingTo compile an electronic inventory of the systems and the services on your network. Network TapsNetwork taps are hardware devices that hook directly onto the network cable and send a copy of the traffic that passes through it to one or more other networked devices. Network-Based IDSA network-based IDS system monitors the traffic on its network segment as a data source. This is generally accomplished by placing the network interface card in promiscuous mode to capture all network traffic that crosses its network segment. Network traffic on other segments, and traffic on other means of communication (like phone lines) can't be monitored. Network-based IDS involves looking at the packets on the network as they pass by some sensor. The sensor can only see the packets that happen to be carried on the network segment it's attached to. Packets are considered to be of interest if they match a signature.Network-based intrusion detection passively monitors network activity for indications of attacks. Network monitoring offers several advantages over traditional host-based intrusion detection systems. Because many intrusions occur over networks at some point, and because networks are increasingly becoming the targets of attack, these techniques are an excellent method of detecting many attacks which may be missed by host-based intrusion detection mechanisms. Non-Printable CharacterA character that doesn't have a corresponding character letter to its corresponding ASCII code. Examples would be the Linefeed, which is ASCII character code 10 decimal, the Carriage Return, which is 13 decimal, or the bell sound, which is decimal 7. On a PC, you can often add non-printable characters by holding down the Alt key, and typing in the decimal value (i.e., Alt-007 gets you a bell). There are other character encoding schemes, but ASCII is the most prevalent. Non-RepudiationNon-repudiation is the ability for a system to prove that a specific user and only that specific user sent a message and that it hasn't been modified. Null SessionKnown as Anonymous Logon, it is a way of letting an anonymous user retrieve information such as user names and shares over the network or connect without authentication. It is used by applications such as explorer.exe to enumerate shares on remote servers. OctetA sequence of eight bits. An octet is an eight-bit byte. One-Way EncryptionIrreversible transformation of plaintext to cipher text, such that the plaintext cannot be recovered from the cipher text by other than exhaustive procedures even if the cryptographic key is known. One-Way FunctionA (mathematical) function, f, which is easy to compute the output based on a given input. However given only the output value it is impossible (except for a brute force attack) to figure out what the input value is. Open Shortest Path First (OSPF)Open Shortest Path First is a link state routing algorithm used in interior gateway routing. Routers maintain a database of all routers in the autonomous system with links between the routers, link costs, and link states (up and down). OSIOSI (Open Systems Interconnection) is a standard description or "reference model" for how messages should be transmitted between any two points in a telecommunication network. Its purpose is to guide product implementers so that their products will consistently work with other products. The reference model defines seven layers of functions that take place at each end of a communication. Although OSI is not always strictly adhered to in terms of keeping related functions together in a well-defined layer, many if not most products involved in telecommunication make an attempt to describe themselves in relation to the OSI model. It is also valuable as a single reference view of communication that furnishes everyone a common ground for education and discussion. OSI layersThe main idea in OSI is that the process of communication between two end points in a telecommunication network can be divided into layers, with each layer adding its own set of special, related functions. Each communicating user or program is at a computer equipped with these seven layers of function. So, in a given message between users, there will be a flow of data through each layer at one end down through the layers in that computer and, at the other end, when the message arrives, another flow of data up through the layers in the receiving computer and ultimately to the end user or program. The actual programming and hardware that furnishes these seven layers of function is usually a combination of the computer operating system, applications (such as your Web browser), TCP/IP or alternative transport and network protocols, and the software and hardware that enable you to put a signal on one of the lines attached to your computer. OSI divides telecommunication into seven layers. The layers are in two groups. The upper four layers are used whenever a message passes from or to a user. The lower three layers (up to the network layer) are used when any message passes through the host computer or router. Messages intended for this computer pass to the upper layers. Messages destined for some other host are not passed up to the upper layers but are forwarded to another host. The seven layers are: Layer 7: The application layer...This is the layer at which communication partners are identified, quality of service is identified, user authentication and privacy are considered, and any constraints on data syntax are identified. (This layer is not the application itself, although some applications may perform application layer functions.) Layer 6: The presentation layer...This is a layer, usually part of an operating system, that converts incoming and outgoing data from one presentation format to another (for example, from a text stream into a popup window with the newly arrived text). Sometimes called the syntax layer. Layer 5: The session layer...This layer sets up, coordinates, and terminates conversations, exchanges, and dialogs between the applications at each end. It deals with session and connection coordination. Layer 4: The transport layer...This layer manages the end-to-end control (for example, determining whether all packets have arrived) and error-checking. It ensures complete data transfer. Layer 3: The network layer...This layer handles the routing of the data (sending it in the right direction to the right destination on outgoing transmissions and receiving incoming transmissions at the packet level). The network layer does routing and forwarding. Layer 2: The data-link layer...This layer provides synchronization for the physical level and does bit-stuffing for strings of 1's in excess of 5. It furnishes transmission protocol knowledge and management. Layer 1: The physical layer...This layer conveys the bit stream through the network at the electrical and mechanical level. It provides the hardware means of sending and receiving data on a carrier. OverloadHindrance of system operation by placing excess burden on the performance capabilities of a system component.P-Q. PacketA piece of a message transmitted over a packet-switching network. One of the key features of a packet is that it contains the destination address in addition to the data. In IP networks, packets are often called datagrams. Packet Switched NetworkA packet switched network is where individual packets each follow their own paths through the network from one endpoint to another. PartitionsMajor divisions of the total physical hard disk space. Password Authentication Protocol (PAP)Password Authentication Protocol is a simple, weak authentication mechanism where a user enters the password and it is then sent across the network, usually in the clear. Password CrackingPassword cracking is the process of attempting to guess passwords, given the password file information. Password SniffingPassive wiretapping, usually on a local area network, to gain knowledge of passwords. PatchA patch is a small update released by a software manufacturer to fix bugs in existing programs. PatchingPatching is the process of updating software to a different version. PayloadPayload is the actual application data a packet contains. PenetrationGaining unauthorized logical access to sensitive data by circumventing a system's protections. Penetration TestingPenetration testing is used to test the external perimeter security of a network or facility. PermutationPermutation keeps the same letters but changes the position within a text to scramble the message. Personal FirewallsPersonal firewalls are those firewalls that are installed and run on individual PCs. PharmingThis is a more sophisticated form of MITM attack. A user’s session is redirected to a masquerading website. This can be achieved by corrupting a DNS server on the Internet and pointing a URL to the masquerading website’s IP. Almost all users use a URL like www.worldbank.com instead of the real IP (192.86.99.140) of the website. Changing the pointers on a DNS server, the URL can be redirected to send traffic to the IP of the pseudo website. At the pseudo website, transactions can be mimicked and information like login credentials can be gathered. With this the attacker can access the real www.worldbank.com site and conduct transactions using the credentials of a valid user on that website. PhishingThe use of e-mails that appear to originate from a trusted source to trick a user into entering valid credentials at a fake website. Typically the e-mail and the web site looks like they are part of a bank the user is doing business with. Ping of DeathAn attack that sends an improperly large ICMP echo request packet (a "ping") with the intent of overflowing the input buffers of the destination machine and causing it to crash. Ping ScanA ping scan looks for machines that are responding to ICMP Echo Requests. Ping SweepAn attack that sends ICMP echo requests ("pings") to a range of IP addresses, with the goal of finding hosts that can be probed for vulnerabilities. PlaintextOrdinary readable text before being encrypted into ciphertext or after being decrypted. Point-to-Point Protocol (PPP)A protocol for communication between two computers using a serial interface, typically a personal computer connected by phone line to a server. It packages your computer's TCP/IP packets and forwards them to the server where they can actually be put on the Internet. Point-to-Point Tunneling Protocol (PPTP)A protocol (set of communication rules) that allows corporations to extend their own corporate network through private "tunnels" over the public Internet. Poison ReverseSplit horizon with poisoned reverse (more simply, poison reverse) does include such routes in updates, but sets their metrics to infinity. In effect, advertising the fact that there routes are not reachable. PolyinstantiationPolyinstantiation is the ability of a database to maintain multiple records with the same key. It is used to prevent inference attacks. PolymorphismPolymorphism is the process by which malicious software changes its underlying code to avoid detection. PortA port is nothing more than an integer that uniquely identifies an endpoint of a communication stream. Only one process per machine can listen on the same port number. Port ScanA port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a "well-known" port number, the computer provides. Port scanning, a favorite approach of computer cracker, gives the assailant an idea where to probe for weaknesses. Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed for weakness. PossessionPossession is the holding, control, and ability to use information. Post Office Protocol, Version 3 (POP3)An Internet Standard protocol by which a client workstation can dynamically access a mailbox on a server host to retrieve mail messages that the server has received and is holding for the client. Practical Extraction and Reporting Language (Perl)A script programming language that is similar in syntax to the C language and that includes a number of popular Unix facilities such as sed, awk, and tr. PreambleA preamble is a signal used in network communications to synchronize the transmission timing between two or more systems. Proper timing ensures that all systems are interpreting the start of the information transfer correctly. A preamble defines a specific series of transmission pulses that is understood by communicating systems to mean "someone is about to transmit data". This ensures that systems receiving the information correctly interpret when the data transmission starts. The actual pulses used as a preamble vary depending on the network communication technology in use. Pretty Good Privacy (PGP)TMTrademark of Network Associates, Inc., referring to a computer program (and related protocols) that uses cryptography to provide data security for electronic mail and other applications on the Internet. Private AddressingIANA has set aside three address ranges for use by private or non-Internet connected networks. This is referred to as Private Address Space and is defined in RFC 1918. The reserved address blocks are: 10.0.0.0 to 10.255.255.255 (10/8 prefix) 172.16.0.0 to 172.31.255.255 (172.16/12 prefix) 192.168.0.0 to 192.168.255.255 (192.168/16 prefix) Program InfectorA program infector is a piece of malware that attaches itself to existing program files. Program PolicyA program policy is a high-level policy that sets the overall tone of an organization's security approach. Promiscuous ModeWhen a machine reads all packets off the network, regardless of who they are addressed to. This is used by network administrators to diagnose network problems, but also by unsavory characters who are trying to eavesdrop on network traffic (which might contain passwords or other information). Proprietary InformationProprietary information is that information unique to a company and its ability to compete, such as customer lists, technical data, product costs, and trade secrets. ProtocolA formal specification for communicating; an IP address the special set of rules that end points in a telecommunication connection use when they communicate. Protocols exist at several levels in a telecommunication connection. Protocol Stacks (OSI)A set of network protocol layers that work together. Proxy ServerA server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service. A proxy server is associated with or part of a gateway server that separates the enterprise network from the outside network and a firewall server that protects the enterprise network from outside intrusion. Public KeyThe publicly-disclosed component of a pair of cryptographic keys used for asymmetric cryptography. Public Key EncryptionThe popular synonym for "asymmetric cryptography". Public Key Infrastructure (PKI)A PKI (public key infrastructure) enables users of a basically unsecured public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates. Public-Key Forward Secrecy (PFS)For a key agreement protocol based on asymmetric cryptography, the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the private keys is compromised in the future. QAZA network worm.R-S. Race ConditionA race condition exploits the small window of time between a security control being applied and when the service is used. Radiation MonitoringRadiation monitoring is the process of receiving images, data, or audio from an unprotected source by listening to radiation signals. RansomwareA type of malware that is a form of extortion. It works by encrypting a victim's hard drive denying them access to key files. The victim must then pay a ransom to decrypt the files and gain access to them again. ReconnaissanceReconnaissance is the phase of an attack where an attackers finds new systems, maps out networks, and probes for specific, exploitable vulnerabilities. Reflexive ACLs (Cisco)Reflexive ACLs for Cisco routers are a step towards making the router act like a stateful firewall. The router will make filtering decisions based on whether connections are a part of established traffic or not. RegistryThe Registry in Windows operating systems in the central set of settings and information required to run the Windows computer. regression analysisThe use of scripted tests which are used to test software for all possible input is should expect. Typically developers will create a set of regression tests that are executed before a new version of a software is released. Also see "fuzzing". Request for Comment (RFC)A series of notes about the Internet, started in 1969 (when the Internet was the ARPANET). An Internet Document can be submitted to the IETF by anyone, but the IETF decides if the document becomes an RFC. Eventually, if it gains enough interest, it may evolve into an Internet standard. Resource ExhaustionResource exhaustion attacks involve tying up finite resources on a system, making them unavailable to others. ResponseA response is information sent that is responding to some stimulus. Reverse Address Resolution Protocol (RARP)RARP (Reverse Address Resolution Protocol) is a protocol by which a physical machine in a local area network can request to learn its IP address from a gateway server's Address Resolution Protocol table or cache. A network administrator creates a table in a local area network's gateway router that maps the physical machine (or Media Access Control - MAC address) addresses to corresponding Internet Protocol addresses. When a new machine is set up, its RARP client program requests from the RARP server on the router to be sent its IP address. Assuming that an entry has been set up in the router table, the RARP server will return the IP address to the machine which can store it for future use. Reverse EngineeringAcquiring sensitive data by disassembling and analyzing the design of a system component. Reverse LookupFind out the hostname that corresponds to a particular IP address. Reverse lookup uses an IP (Internet Protocol) address to find a domain name. Reverse ProxyReverse proxies take public HTTP requests and pass them to back-end webservers to send the content to it, so the proxy can then send the content to the end-user. RiskRisk is the product of the level of threat with the level of vulnerability. It establishes the likelihood of a successful attack. Risk AssessmentA Risk Assessment is the process by which risks are identified and the impact of those risks determined. Risk AverseAvoiding risk even if this leads to the loss of opportunity. For example, using a (more expensive) phone call vs. sending an e-mail in order to avoid risks associated with e-mail may be considered "Risk Averse" Rivest-Shamir-Adleman (RSA)An algorithm for asymmetric cryptography, invented in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. Role Based Access ControlRole based access control assigns users to roles based on their organizational functions and determines authorization based on those roles. RootRoot is the name of the administrator account in Unix systems. RootkitA collection of tools (programs) that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network. RouterRouters interconnect logical networks by forwarding information to other networks based upon IP addresses. Routing Information Protocol (RIP)Routing Information Protocol is a distance vector protocol used for interior gateway routing which uses hop count as the sole metric of a path's cost. Routing LoopA routing loop is where two or more poorly configured routers repeatedly exchange the same packet over and over. RPC ScansRPC scans determine which RPC services are running on a machine. Rule Set Based Access Control (RSBAC)Rule Set Based Access Control targets actions based on rules for entities operating on objects. S/KeyA security mechanism that uses a cryptographic hash function to generate a sequence of 64-bit, one-time passwords for remote user login. The client generates a one-time password by applying the MD4 cryptographic hash function multiple times to the user's secret key. For each successive authentication of the user, the number of hash applications is reduced by one. SafetySafety is the need to ensure that the people involved with the company, including employees, customers, and visitors, are protected from harm. ScavengingSearching through data residue in a system to gain unauthorized knowledge of sensitive data. Secure Electronic Transactions (SET)Secure Electronic Transactions is a protocol developed for credit card transactions in which all parties (customers, merchant, and bank) are authenticated using digital signatures, encryption protects the message and provides integrity, and provides end-to-end security for credit card transactions online. Secure Shell (SSH)A program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. Secure Sockets Layer (SSL)A protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a public key to encrypt data that's transferred over the SSL connection. Security PolicyA set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources. SegmentSegment is another name for TCP packets. Sensitive InformationSensitive information, as defined by the federal government, is any unclassified information that, if compromised, could adversely affect the national interest or conduct of federal initiatives. Separation of DutiesSeparation of duties is the principle of splitting privileges among multiple individuals or systems. ServerA system entity that provides a service in response to requests from other system entities called clients. SessionA session is a virtual connection between two hosts by which network traffic is passed. Session HijackingTake over a session that someone else has established. Session KeyIn the context of symmetric encryption, a key that is temporary or is used for a relatively short period of time. Usually, a session key is used for a defined period of communication between two computers, such as for the duration of a single connection or transaction set, or the key is used in an application that protects relatively large amounts of data and, therefore, needs to be re-keyed frequently. SHA1A one way cryptographic hash function. Also see "MD5" Shadow Password FilesA system file in which encryption user password are stored so that they aren't available to people who try to break into the system. ShareA share is a resource made public on a machine, such as a directory (file share) or printer (printer share). ShellA Unix term for the interactive user interface with an operating system. The shell is the layer of programming that understands and executes the commands a user enters. In some systems, the shell is called a command interpreter. A shell usually implies an interface with a command syntax (think of the DOS operating system and its "C:>" prompts and user commands such as "dir" and "edit"). Signals AnalysisGaining indirect knowledge of communicated data by monitoring and analyzing a signal that is emitted by a system and that contains the data but is not intended to communicate the data. SignatureA Signature is a distinct pattern in network traffic that can be identified to a specific tool or exploit. Simple Integrity PropertyIn Simple Integrity Property a user cannot write data to a higher integrity level than their own. Simple Network Management Protocol (SNMP)The protocol governing network management and the monitoring of network devices and their functions. A set of protocols for managing complex networks. Simple Security PropertyIn Simple Security Property a user cannot read data of a higher classification than their own. SmartcardA smartcard is an electronic badge that includes a magnetic strip or chip that can record and replay a set key. SmurfThe Smurf attack works by spoofing the target address and sending a ping to the broadcast address for a remote network, which results in a large amount of ping replies being sent to the target. SnifferA sniffer is a tool that monitors network traffic as it received in a network interface. SniffingA synonym for "passive wiretapping." Social EngineeringA euphemism for non-technical or low-technology means - such as lies, impersonation, tricks, bribes, blackmail, and threats - used to attack information systems. SocketThe socket tells a host's IP stack where to plug in a data stream so that it connects to the right application. Socket PairA way to uniquely specify a connection, i.e., source IP address, source port, destination IP address, destination port. SOCKSA protocol that a proxy server can use to accept requests from client users in a company's network so that it can forward them across the Internet. SOCKS uses sockets to represent and keep track of individual connections. The client side of SOCKS is built into certain Web browsers and the server side can be added to a proxy server. SoftwareComputer programs (which are stored in and executed by computer hardware) and associated data (which also is stored in the hardware) that may be dynamically written or modified during execution. Source PortThe port that a host uses to connect to a server. It is usually a number greater than or equal to 1024. It is randomly generated and is different each time a connection is made. SpamElectronic junk mail or junk newsgroup postings. Spanning PortConfigures the switch to behave like a hub for a specific port. Split HorizonSplit horizon is a algorithm for avoiding problems caused by including routes in updates sent to the gateway from which they were learned. Split KeyA cryptographic key that is divided into two or more separate data items that individually convey no knowledge of the whole key that results from combining the items. SpoofAttempt by an unauthorized entity to gain access to a system by posing as an authorized user. SQL InjectionSQL injection is a type of input validation attack specific to database-driven applications where SQL code is inserted into application queries to manipulate the database. Stack MashingStack mashing is the technique of using a buffer overflow to trick a computer into executing arbitrary code. Standard ACLs (Cisco)Standard ACLs on Cisco routers make packet filtering decisions based on Source IP address only. Star PropertyIn Star Property, a user cannot write data to a lower classification level without logging in at that lower classification level. State MachineA system that moves through a series of progressive conditions. Stateful InspectionAlso referred to as dynamic packet filtering. Stateful inspection is a firewall architecture that works at the network layer. Unlike static packet filtering, which examines a packet based on the information in its header, stateful inspection examines not just the header information but also the contents of the packet up through the application layer in order to determine more about the packet than just information about its source and destination. Static Host TablesStatic host tables are text files that contain hostname and address mapping. Static RoutingStatic routing means that routing table entries contain information that does not change. StealthingStealthing is a term that refers to approaches used by malicious code to conceal its presence on the infected system. SteganalysisSteganalysis is the process of detecting and defeating the use of steganography. SteganographyMethods of hiding the existence of a message or other data. This is different than cryptography, which hides the meaning of a message but does not hide the message itself. An example of a steganographic method is "invisible" ink. StimulusStimulus is network traffic that initiates a connection or solicits a response. Store-and-ForwardStore-and-Forward is a method of switching where the entire packet is read by a switch to determine if it is intact before forwarding it. Straight-Through CableA straight-through cable is where the pins on one side of the connector are wired to the same pins on the other end. It is used for interconnecting nodes on the network. Stream CipherA stream cipher works by encryption a message a single bit, byte, or computer word at a time. Strong Star PropertyIn Strong Star Property, a user cannot write data to higher or lower classifications levels than their own. Sub NetworkA separately identifiable part of a larger network that typically represents a certain limited number of host computers, the hosts in a building or geographic area, or the hosts on an individual local area network. Subnet MaskA subnet mask (or number) is used to determine the number of bits used for the subnet and host portions of the address. The mask is a 32-bit value that uses one-bits for the network and subnet portions and zero-bits for the host portion. SwitchA switch is a networking device that keeps track of MAC addresses attached to each of its ports so that data is only transmitted on the ports that are the intended recipient of the data. Switched NetworkA communications network, such as the public switched telephone network, in which any user may be connected to any other user through the use of message, circuit, or packet switching and control devices. Any network providing switched communications service. Symbolic LinksSpecial files which point at another file. Symmetric CryptographyA branch of cryptography involving algorithms that use the same key for two different steps of the algorithm (such as encryption and decryption, or signature creation and signature verification). Symmetric cryptography is sometimes called "secret-key cryptography" (versus public-key cryptography) because the entities that share the key. Symmetric KeyA cryptographic key that is used in a symmetric cryptographic algorithm. SYN FloodA denial of service attack that sends a host more TCP SYN packets (request to synchronize sequence numbers, used when opening a connection) than the protocol implementation can handle. SynchronizationSynchronization is the signal made up of a distinctive pattern of bits that network hardware looks for to signal that start of a frame. SyslogSyslog is the system logging facility for Unix systems. System Security Officer (SSO)A person responsible for enforcement or administration of the security policy that applies to the system. System-Specific PolicyA System-specific policy is a policy written for a specific system or device.T-U. T1, T3A digital circuit using TDM (Time-Division Multiplexing). TamperTo deliberately alter a system's logic, data, or control information to cause the system to perform unauthorized functions or services. TCP FingerprintingTCP fingerprinting is the user of odd packet header combinations to determine a remote operating system. TCP Full Open ScanTCP Full Open scans check each port by performing a full three-way handshake on each port to determine if it was open. TCP Half Open ScanTCP Half Open scans work by performing the first half of a three-way handshake to determine if a port is open. TCP WrapperA software package which can be used to restrict access to certain network services based on the source of the connection; a simple tool to monitor and control incoming network traffic. TCP/IPA synonym for "Internet Protocol Suite;" in which the Transmission Control Protocol and the Internet Protocol are important parts. TCP/IP is the basic communication language or protocol of the Internet. It can also be used as a communications protocol in a private network (either an Intranet or an Extranet). TCPDumpTCPDump is a freeware protocol analyzer for Unix that can monitor network traffic on a wire. TELNETA TCP-based, application-layer, Internet Standard protocol for remote login from one host to another. ThreatA potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm. Threat AssessmentA threat assessment is the identification of types of threats that an organization might be exposed to. Threat ModelA threat model is used to describe a given threat and the harm it could to do a system if it has a vulnerability. Threat VectorThe method a threat uses to get to the target. Time to LiveA value in an Internet Protocol packet that tells a network router whether or not the packet has been in the network too long and should be discarded. Tiny Fragment AttackWith many IP implementations it is possible to impose an unusually small fragment size on outgoing packets. If the fragment size is made small enough to force some of a TCP packet's TCP header fields into the second fragment, filter rules that specify patterns for those fields will not match. If the filtering implementation does not enforce a minimum fragment size, a disallowed packet might be passed because it didn't hit a match in the filter. STD 5, RFC 791 states: Every Internet module must be able to forward a datagram of 68 octets without further fragmentation. This is because an Internet header may be up to 60 octets, and the minimum fragment is 8 octets. Token RingA token ring network is a local area network in which all computers are connected in a ring or star topology and a binary digit or token-passing scheme is used in order to prevent the collision of data between two computers that want to send messages at the same time. Token-Based Access ControlToken based access control associates a list of objects and their privileges with each user. (The opposite of list based.) Token-Based DevicesA token-based device is triggered by the time of day, so every minute the password changes, requiring the user to have the token with them when they log in. TopologyThe geometric arrangement of a computer system. Common topologies include a bus, star, and ring. The specific physical, i.e., real, or logical, i.e., virtual, arrangement of the elements of a network. Note 1: Two networks have the same topology if the connection configuration is the same, although the networks may differ in physical interconnections, distances between nodes, transmission rates, and/or signal types. Note 2: The common types of network topology are illustrated Traceroute (tracert.exe)Traceroute is a tool the maps the route a packet takes from the local machine to a remote destination. Transmission Control Protocol (TCP)A set of rules (protocol) used along with the Internet Protocol to send data in the form of message units between computers over the Internet. While IP takes care of handling the actual delivery of the data, TCP takes care of keeping track of the individual units of data (called packets) that a message is divided into for efficient routing through the Internet. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent. Transport Layer Security (TLS)A protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer. Triple DESA block cipher, based on DES, that transforms each 64-bit plaintext block by applying the Data Encryption Algorithm three successive times, using either two or three different keys, for an effective key length of 112 or 168 bits. Triple-WrappedS/MIME usage: data that has been signed with a digital signature, and then encrypted, and then signed again. Trojan HorseA computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program. TrunkingTrunking is connecting switched together so that they can share VLAN information between them. TrustTrust determine which permissions and what actions other systems or users can perform on remote machines. Trusted PortsTrusted ports are ports below number 1024 usually allowed to be opened by the root user. TunnelA communication channel created in a computer network by encapsulating a communication protocol's data packets in (on top of) a second protocol that normally would be carried above, or at the same layer as, the first one. Most often, a tunnel is a logical point-to-point link - i.e., an OSI layer 2 connection - created by encapsulating the layer 2 protocol in a transport protocol (such as TCP), in a network or inter-network layer protocol (such as IP), or in another link layer protocol. Tunneling can move data between computers that use a protocol not supported by the network connecting them. UDP ScanUDP scans perform scans to determine which UDP ports are open. UnicastBroadcasting from host to host. Uniform Resource Identifier (URI)The generic term for all types of names and addresses that refer to objects on the World Wide Web. Uniform Resource Locator (URL)The global address of documents and other resources on the World Wide Web. The first part of the address indicates what protocol to use, and the second part specifies the IP address or the domain name where the resource is located. For example, http://www.pcwebopedia.com/ind... . UnixA popular multi-user, multitasking operating system developed at Bell Labs in the early 1970s. Created by just a handful of programmers, Unix was designed to be a small, flexible system used exclusively by programmers. Unprotected ShareIn Windows terminology, a "share" is a mechanism that allows a user to connect to file systems and printers on other systems. An "unprotected share" is one that allows anyone to connect to it. UserA person, organization entity, or automated process that accesses a system, whether authorized to do so or not. User Contingency PlanUser contingency plan is the alternative methods of continuing business operations if IT systems are unavailable. User Datagram Protocol (UDP)A communications protocol that, like TCP, runs on top of IP networks. Unlike TCP/IP, UDP/IP provides very few error recovery services, offering instead a direct way to send and receive datagrams over an IP network. It's used primarily for broadcasting messages over a network. UDP uses the Internet Protocol to get a datagram from one computer to another but does not divide a message into packets (datagrams) and reassemble it at the other end. Specifically, UDP doesn't provide sequencing of the packets that the data arrives in.V-Z. Virtual Private Network (VPN)A restricted-use, logical (i.e., artificial or simulated) computer network that is constructed from the system resources of a relatively public, physical (i.e., real) network (such as the Internet), often by using encryption (located at hosts or gateways), and often by tunneling links of the virtual network across the real network. For example, if a corporation has LANs at several different sites, each connected to the Internet by a firewall, the corporation could create a VPN by (a) using encrypted tunnels to connect from firewall to firewall across the Internet and (b) not allowing any other traffic through the firewalls. A VPN is generally less expensive to build and operate than a dedicated real network, because the virtual network shares the cost of system resources with other users of the real network. VirusA hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting - i.e., inserting a copy of itself into and becoming part of - another program. A virus cannot run by itself; it requires that its host program be run to make the virus active. Voice FirewallA physical discontinuity in a voice network that monitors, alerts and controls inbound and outbound voice network activity based on user-defined call admission control (CAC) policies, voice application layer security threats or unauthorized service use violations. Voice Intrusion Prevention System (IPS)Voice IPS is a security management system for voice networks which monitors voice traffic for multiple calling patterns or attack/abuse signatures to proactively detect and prevent toll fraud, Denial of Service, telecom attacks, service abuse, and other anomalous activity. War ChalkingWar chalking is marking areas, usually on sidewalks with chalk, that receive wireless signals that can be accessed. War DialerA computer program that automatically dials a series of telephone numbers to find lines connected to computer systems, and catalogs those numbers so that a cracker can try to break into the systems. War DialingWar dialing is a simple means of trying to identify modems in a telephone exchange that may be susceptible to compromise in an attempt to circumvent perimeter security. War DrivingWar driving is the process of traveling around looking for wireless access point signals that can be used to get network access. Web of TrustA web of trust is the trust that naturally evolves as a user starts to trust other's signatures, and the signatures that they trust. Web ServerA software process that runs on a host computer connected to the Internet to respond to HTTP requests for documents from client web browsers. WHOISAn IP for finding information about resources on networks. WindowingA windowing system is a system for sharing a computer's graphical display presentation resources among multiple applications at the same time. In a computer that has a graphical user interface (GUI), you may want to use a number of applications at the same time (this is called task). Using a separate window for each application, you can interact with each application and go from one application to another without having to reinitiate it. Having different information or activities in multiple windows may also make it easier for you to do your work. A windowing system uses a window manager to keep track of where each window is located on the display screen and its size and status. A windowing system doesn't just manage the windows but also other forms of graphical user interface entities. WindumpWindump is a freeware tool for Windows that is a protocol analyzer that can monitor network traffic on a wire. Wired Equivalent Privacy (WEP)A security protocol for wireless local area networks defined in the standard IEEE 802.11b. Wireless Application ProtocolA specification for a set of communication protocols to standardize the way that wireless devices, such as cellular telephones and radio transceivers, can be used for Internet access, including e-mail, the World Wide Web, newsgroups, and Internet Relay Chat. WiretappingMonitoring and recording data that is flowing between two points in a communication system. World Wide Web ("the Web", WWW, W3)The global, hypermedia-based collection of information and services that is available on Internet servers and is accessed by browsers using Hypertext Transfer Protocol and other information retrieval mechanisms. WormA computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively. Zero DayThe "Day Zero" or "Zero Day" is the day a new vulnerability is made known. In some cases, a "zero day" exploit is referred to an exploit for which no patch is available yet. ("day one" - day at which the patch is made available). Zero-day attackA zero-day (or zero-hour or day zero) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or undisclosed to the software developer. Zero-day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software developer knows about the vulnerability. ZombiesA zombie computer (often shortened as zombie) is a computer connected to the Internet that has been compromised by a hacker, a computer virus, or a trojan horse. Generally, a compromised machine is only one of many in a botnet, and will be used to perform malicious tasks of one sort or another under remote direction. Most owners of zombie computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to zombies.#. 3-way handshakeMachine A sends a packet with a SYN flag set to Machine B. B acknowledges A's SYN with a SYN/ACK. A acknowledges B's SYN/ACK with an ACK.
Topics
  • Topic
  • Tf
  • Position
  • network
  • 186
  • 7
  • system
  • 149
  • 7
  • data
  • 118
  • 7
  • protocol
  • 111
  • 7
  • internet
  • 82
  • 7
  • user
  • 81
  • 7
  • computer
  • 77
  • 7
  • information
  • 76
  • 7
  • address
  • 69
  • 7
  • layer
  • 67
  • 7
  • packet
  • 66
  • 7
  • access
  • 60
  • 7
  • ip
  • 55
  • 7
  • server
  • 53
  • 7
  • key
  • 51
  • 7
  • security
  • 49
  • 7
  • based
  • 47
  • 7
  • host
  • 46
  • 7
  • attack
  • 43
  • 7
  • service
  • 41
  • 7
  • control
  • 39
  • 7
  • program
  • 39
  • 7
  • message
  • 39
  • 7
  • application
  • 38
  • 7
  • router
  • 36
  • 7
  • domain
  • 32
  • 7
  • set
  • 32
  • 7
  • number
  • 32
  • 7
  • port
  • 31
  • 7
  • file
  • 29
  • 7
  • ip address
  • 24
  • 7
  • operating system
  • 18
  • 7
  • internet protocol
  • 17
  • 7
  • access control
  • 15
  • 7
  • computer network
  • 12
  • 7
  • digital signature
  • 10
  • 7
  • network traffic
  • 10
  • 7
  • public key
  • 9
  • 7
  • local area network
  • 8
  • 7
  • information system
  • 8
  • 7
  • bit
  • 8
  • 7
  • local area
  • 8
  • 7
  • area network
  • 8
  • 7
  • mail
  • 8
  • 7
  • hash function
  • 8
  • 7
  • point
  • 8
  • 7
  • based access
  • 8
  • 7
  • system resource
  • 7
  • 7
  • system entity
  • 7
  • 7
  • layerthi layer
  • 7
  • 7
  • world wide web
  • 6
  • 7
  • layer layer
  • 6
  • 7
  • day day
  • 6
  • 7
  • ip network
  • 6
  • 7
  • web browser
  • 6
  • 7
  • autonomou system
  • 6
  • 7
  • protocol internet
  • 6
  • 7
  • denial service
  • 6
  • 7
  • world wide
  • 6
  • 7
  • wide web
  • 6
  • 7
  • cryptographic hash
  • 6
  • 7
  • network internet
  • 6
  • 7
  • echo request
  • 6
  • 7
  • intrusion detection
  • 6
  • 7
  • internet protocol address
  • 5
  • 7
  • based access control
  • 5
  • 7
  • host computer
  • 5
  • 7
  • day
  • 5
  • 7
  • port number
  • 5
  • 7
  • address resolution
  • 5
  • 7
  • resolution protocol
  • 5
  • 7
  • protocol address
  • 5
  • 7
  • private key
  • 5
  • 7
  • internet domain
  • 5
  • 7
  • host network
  • 5
  • 7
  • computer program
  • 5
  • 7
  • authentication protocol
  • 5
  • 7
  • source destination
  • 5
  • 7
  • network network
  • 5
  • 7
  • asymmetric cryptography
  • 5
  • 7
  • network device
  • 5
  • 7
  • property user
  • 5
  • 7
  • network based
  • 5
  • 7
  • cryptographic key
  • 5
  • 7
  • address resolution protocol
  • 4
  • 7
  • denial service attack
  • 4
  • 7
  • based intrusion detection
  • 4
  • 7
  • point point
  • 4
  • 7
  • cryptographic hash function
  • 4
  • 7
  • encryption algorithm
  • 4
  • 7
  • user interface
  • 4
  • 7
  • security mechanism
  • 4
  • 7
  • maliciou code
  • 4
  • 7
  • service attack
  • 4
  • 7
  • disaster recovery
  • 4
  • 7
  • voice network
  • 4
  • 7
  • data object
  • 4
  • 7
  • cryptographic algorithm
  • 4
  • 7
  • client server
  • 4
  • 7
  • computer system
  • 4
  • 7
  • hot site
  • 4
  • 7
  • backup tape
  • 4
  • 7
  • warm site
  • 4
  • 7
  • cold site
  • 4
  • 7
  • inter network
  • 4
  • 7
  • client side
  • 4
  • 7
  • system operation
  • 4
  • 7
  • cipher text
  • 4
  • 7
  • encryption key
  • 4
  • 7
  • access system
  • 4
  • 7
  • network point
  • 4
  • 7
  • organization entity
  • 4
  • 7
  • file system
  • 4
  • 7
  • icmp echo
  • 4
  • 7
  • sensitive data
  • 4
  • 7
  • security policy
  • 4
  • 7
  • packet network
  • 4
  • 7
  • based intrusion
  • 4
  • 7
  • proxy server
  • 4
  • 7
  • internet standard
  • 4
  • 7
  • attack send
  • 4
  • 7
  • classification level
  • 4
  • 7
  • monitor network
  • 4
  • 7
  • layer function
  • 4
  • 7
  • network layer
  • 4
  • 7
  • application layer
  • 4
  • 7
  • end
  • 4
  • 7
  • computer connected
  • 4
  • 7
  • communication protocol
  • 4
  • 7
  • real network
  • 4
  • 7
  • security management system
  • 3
  • 7
  • telecommunication telephone utility
  • 3
  • 7
  • telephone utility connectivity
  • 3
  • 7
  • continue primary site
  • 3
  • 7
  • primary site operation
  • 3
  • 7
  • data synchronization occur
  • 3
  • 7
  • synchronization occur primary
  • 3
  • 7
  • data loss offsite
  • 3
  • 7
  • loss offsite data
  • 3
  • 7
  • offsite data backup
  • 3
  • 7
  • data backup tape
  • 3
  • 7
  • backup tape obtained
  • 3
  • 7
  • tape obtained delivered
  • 3
  • 7
  • site restore operation
  • 3
  • 7
  • site expensive option
  • 3
  • 7
  • digital signature algorithm
  • 3
  • 7
  • acl cisco router
  • 3
  • 7
  • filtering decision based
  • 3
  • 7
  • intrusion detection system
  • 3
  • 7
  • protocol internet protocol
  • 3
  • 7
  • star property user
  • 3
  • 7
  • internet standard protocol
  • 3
  • 7
  • echo request ping
  • 3
  • 7
  • part operating system
  • 3
  • 7
  • icmp echo request
  • 3
  • 7
  • public key infrastructure
  • 3
  • 7
  • property user write
  • 3
  • 7
  • user write data
  • 3
  • 7
  • monitor network traffic
  • 3
  • 7
  • lower classification level
  • 3
  • 7
  • data higher
  • 3
  • 7
  • packet filtering
  • 3
  • 7
  • lower classification
  • 3
  • 7
  • system system
  • 3
  • 7
  • fragment size
  • 3
  • 7
  • token based
  • 3
  • 7
  • connected internet
  • 3
  • 7
  • windowing system
  • 3
  • 7
  • zombie computer
  • 3
  • 7
Result 8
TitleCyber Security Terminology | A-Z Dummies Guide | MetaCompliance
Urlhttps://www.metacompliance.com/cyber-security-terminology/
DescriptionCyber Security Terminology A-Z. - Our Dummies guide to Cyber Security terminology will help you understand those confusing technology terms
Date
Organic Position8
H1A-Z Cyber Security Terminology
H2Request Demo
H3
H2WithAnchorsRequest Demo
BodyA-Z Cyber Security Terminology The Dummies Guide to Cyber Security Terminology The A-Z guide on Cyber Security Terminology brought to you by MetaCompliance. Adware – Adware refers to any piece of software or application that displays advertisements on your computer. Advanced Persistent Threat (APT) – An advanced persistent threat is an attack in which an unauthorised user gains access to a system or network without being detected. Anti-Virus Software – Anti-virus software is a computer program used to prevent, detect, and remove malware. Artificial Intelligence – Artificial intelligence (AI) refers to the simulation of human intelligence in machines that are programmed to think like humans and mimic their actions. Attachment – An attachment is a computer file sent with an email message. Authentication – Authentication is a process that ensures and confirms a user’s identity. Back door – A backdoor is used to describe a hidden method of bypassing security to gain access to a restricted part of a computer system. Backup – To make a copy of data stored on a computer or server to reduce the potential impact of failure or loss. Baiting – Online baiting involves enticing a victim with an incentive. Bluetooth – Bluetooth is a wireless technology for exchanging data over short distances. Blackhat – Black hat hacker refers to a hacker that violates computer security for personal gain or malice. Botnet – A botnet is a collection of internet-connected devices, which may include PCs, servers and mobile devices that are infected and controlled by a common type of malware. Broadband – High-speed data transmission system where the communications circuit is shared between multiple users. Browser – A browser is software that is used to access the internet. The most popular web browsers are Chrome, Firefox, Safari, Internet Explorer, and Edge. Brute Force Attack – Brute force attack is an activity which involves repetitive successive attempts of trying various password combinations to break into any website. Bug – A bug refers to an error, fault or flaw in a computer program that may cause it to unexpectedly quit or behave in an unintended manner. BYOD – Bring your own device (BYOD) refers to employees using personal devices to connect to their organisational networks. Clickjacking – Clickjacking, also known as a UI redress attack, is a common hacking technique in which an attacker creates an invisible page or an HTML element that overlays the legitimate page. Cloud Computing – The practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or a personal computer. Cookie – Cookies are small files which are stored on a user’s computer.  Cookies provide a way for the website to recognize you and keep track of your preferences. Critical Update – A fix for a specific problem that addresses a critical, non-security-related bug in computer software. Cyber Warfare – Cyber warfare typically refers to cyber-attacks perpetrated by one nation-state against another. Data Breach – A data breach is a confirmed incident where information has been stolen or taken from a system without the knowledge or authorization of the system’s owner. Data Server – Data server is the phrase used to describe computer software and hardware that delivers database services. DDoS Attack – A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. Deepfake – Deepfake refers to any video in which faces have been either swapped or digitally altered, with the help of AI. Domain name – The part of a network address which identifies it as belonging to a particular domain. Domain Name Server – A server that converts recognisable domain names into their unique IP address Download – To copy (data) from one computer system to another, typically over the Internet. Exploit – A malicious application or script that can be used to take advantage of a computer’s vulnerability. Firewall – A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. Hacking – Hacking refers to an unauthorised intrusion into a computer or a network. Honeypot – A decoy system or network that serves to attract potential attackers. HTML – Hypertext Markup Language (HTML) is the standard markup language for creating web pages and web applications. Identity theft – Identity theft is a crime in which someone uses personally identifiable information in order to impersonate someone else. Incident Response Plan – An incident response policy is a plan outlying organisation’s response to an information security incident. Internet of things (IoT) – The Internet of Things, or IoT, refers to the billions of physical devices around the world that are now connected to the internet, collecting and sharing data. IP Address – An IP address is an identifying number for a piece of network hardware. Having an IP address allows a device to communicate with other devices over an IP-based network like the internet. IOS – An operating system used for mobile devices manufactured by Apple. Keystroke logger – A keystroke logger is software that tracks or logs the keys struck on your keyboard, typically in a covert manner so that you are unaware actions are being monitored. Malware – Malware is shorthand for malicious software and is designed to cause damage to a computer, server, or computer network. Malvertising – The use of online advertising to deliver malware. Memory stick – A memory stick is a small device that connects to a computer and allows you to store and copy information. MP3 – MP3 is a means of compressing a sound sequence into a very small file, to enable digital storage and transmission. Multi-Factor Authentication – Multi-Factor Authentication (MFA) provides a method to verify a user’s identity by requiring them to provide more than one piece of identifying information. Packet Sniffer – Software designed to monitor and record network traffic. Padlock – A padlock icon displayed in a web browser indicates a secure mode where communications between browser and web server are encrypted. Patch – A patch is a piece of software code that can be applied after the software program has been installed to correct an issue with that program. Penetration testing – Penetration testing (also called pen testing) is the practice of testing a computer system, network or Web application to find vulnerabilities that an attacker could exploit. Phishing – Phishing is a method of trying to gather personal information using deceptive e-mails and websites. Policy Management – Policy Management is the process of creating, communicating, and maintaining policies and procedures within an organisation. Proxy Server – A proxy server is another computer system which serves as a hub through which internet requests are processed. Pre-texting – Pre-texting is the act of creating a fictional narrative or pretext to manipulate a victim into disclosing sensitive information. Ransomware – A type of malicious software designed to block access to a computer system until a sum of money is paid. Rootkit – Rootkits are a type of malware designed to remain hidden on your computer. Router – A router is a piece of network hardware that allows communication between your local home network and the Internet. Scam – A scam is a term used to describe any fraudulent business or scheme that takes money or other goods from an unsuspecting person. Scareware – Scareware is a type of malware designed to trick victims into purchasing and downloading potentially dangerous software. Security Awareness Training – Security awareness training is a training program aimed at heightening security awareness within an organisation. Security Operations Centre (SOC) – A SOC monitors an organisation’s security operations to prevent, detect and respond to any potential threats. Server – A server is a computer program that provides a service to another computer programs (and its user). Smishing – Smishing is any kind of phishing that involves a text message. Spam – Spam is slang commonly used to describe junk e-mail on the Internet. Social Engineering – Social engineering is the art of manipulating people, so they disclose confidential information. Software – Software is the name given to the programs you will use to perform tasks with your computer. Spear Phishing – Spear phishing is an email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information. Spyware – Spyware is a type of software that installs itself on a device and secretly monitors a victim’s online activity. Tailgating – Tailgating involves someone who lacks the proper authentication following an employee into a restricted area. Tablet – A tablet is a wireless, portable personal computer with a touchscreen interface. Traffic –  Web traffic is the amount of data sent and received by visitors to a website. Trojan – A Trojan is also known as Trojan horse. It is a type of malicious software developed by hackers to disguise as legitimate software to gain access to target users’ systems. Two-Factor Authentication –  Two-factor authentication (2FA), often referred to as two-step verification, is a security process in which the user provides two authentication factors to verify they are who they say they are. USB – USB (Universal Serial Bus) is the most popular connection used to connect a computer to devices such as digital cameras, printers, scanners, and external hard drives. Username – A username is a name that uniquely identifies someone on a computer system. Virus – A computer virus is a malicious software program loaded onto a user’s computer without the user’s knowledge and performs malicious actions. VPN (Virtual Private Network) – A virtual private network gives you online privacy and anonymity by creating a private network from a public Internet connection. VPNs mask your Internet protocol (IP) address so your online actions are virtually untraceable. Vulnerability – A vulnerability refers to a flaw in a system that can leave it open to attack. Vishing – Vishing is the telephone equivalent of phishing. It is an attempt to scam someone over the phone into surrendering private information that will be used for identity theft. Whaling – Whaling is a specific form of phishing that’s targeted at high-profile business executives and managers. Whitehat – White hat hackers perform penetration testing, test in-place security systems and perform vulnerability assessments for companies. Worm – A computer worm is a malware computer program that replicates itself in order to spread to other computers. Wi-Fi – Wi-Fi is a facility that allows computers, smartphones, or other devices to connect to the Internet or communicate with one another wirelessly within a particular area. Zero-Day – Zero-Day refers to a recently discovered vulnerability that hackers can use to attack systems. Request Demo. The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:email you content that you have requested from uswith your consent, occasionally email you with targeted information regarding our service offeringscontinually honour any opt-out request you submit in the futurecomply with any of our legal and/or regulatory obligations
Topics
  • Topic
  • Tf
  • Position
  • computer
  • 37
  • 8
  • software
  • 20
  • 8
  • system
  • 17
  • 8
  • network
  • 17
  • 8
  • internet
  • 17
  • 8
  • security
  • 16
  • 8
  • user
  • 15
  • 8
  • server
  • 15
  • 8
  • data
  • 12
  • 8
  • device
  • 12
  • 8
  • information
  • 12
  • 8
  • refer
  • 11
  • 8
  • program
  • 11
  • 8
  • attack
  • 10
  • 8
  • cyber
  • 8
  • 8
  • malware
  • 8
  • 8
  • authentication
  • 8
  • 8
  • vulnerability
  • 7
  • 8
  • web
  • 7
  • 8
  • address
  • 7
  • 8
  • maliciou
  • 7
  • 8
  • phishing
  • 7
  • 8
  • computer system
  • 6
  • 8
  • piece
  • 6
  • 8
  • access
  • 6
  • 8
  • hacker
  • 6
  • 8
  • personal
  • 6
  • 8
  • type
  • 6
  • 8
  • ip
  • 6
  • 8
  • computer program
  • 5
  • 8
  • ip address
  • 5
  • 8
  • factor
  • 5
  • 8
  • testing
  • 5
  • 8
  • cyber security
  • 4
  • 8
  • security terminology
  • 4
  • 8
  • software program
  • 4
  • 8
  • maliciou software
  • 4
  • 8
  • factor authentication
  • 4
  • 8
  • cyber security terminology
  • 3
  • 8
  • gain access
  • 3
  • 8
  • system network
  • 3
  • 8
  • type malware
  • 3
  • 8
  • device connect
  • 3
  • 8
  • identity theft
  • 3
  • 8
  • software designed
  • 3
  • 8
  • server computer
  • 3
  • 8
  • penetration testing
  • 3
  • 8
  • security awareness
  • 3
  • 8
  • private network
  • 3
  • 8
Result 9
TitleThe Top 15 Cybersecurity Terms To Know - Nexus
Urlhttps://digitalskills.engin.umich.edu/cybersecurity/the-top-15-cybersecurity-terms-to-know/
DescriptionWith an expanded interest for cybersecurity in every field, it's not unexpected that the demand for cybersecurity professionals is ascending. Administrations…
Date
Organic Position9
H1The Top 15 Cybersecurity Terms To Know
H215 Cybersecurity Terms to Know
Dive into Cybersecurity
Program
Pages
H3Categories
Categories
H2WithAnchors15 Cybersecurity Terms to Know
Dive into Cybersecurity
Program
Pages
BodyThe Top 15 Cybersecurity Terms To Know With an expanded interest for cybersecurity in every field, it’s not unexpected that the demand for cybersecurity professionals is ascending. Administrations, organizations, and people alike must adopt cybersecurity best practices regardless of their affiliation or employment. Hackers can perform cyber attacks on any system, if it’s left defenseless. Prepared cybersecurity professionals continually advance their skills to better guard against the endeavors of these malicious characters. The devices and procedures used to evade hackers will continue to be innovated. Be that as it may, It is dependent upon every person to organize cybersecurity with their home, work, and mobile devices. There is a significant need for increased cybersecurity on all devices. Individuals should be monitoring their networks to ensure the safety of their private data. It’s important to have a fundamental understanding of cybersecurity terminology will help you better protect your data and private information. 15 Cybersecurity Terms to Know . With an understanding of information technology and cybersecurity practices, you can help protect your private information from cyber threats. The 15 cybersecurity terms below detail how you can protect your devices, networks, and, ultimately, data without any specialized training. It’s increasingly important to take your cybersecurity seriously to maintain the privacy of your networks and ensure your private information remains secure. Firewall – is a network security system that tracks all incoming and outgoing network traffic based on security rules set up by an administrator.Phishing – is the fraudulent use of electronic communications to take advantage of users and collect personal information.Multi-Factor Authentication –  is a layered security system that requires more than one means of authentication (i.e. fingerprint and password) to grant access to an account or device.DoS / DDoS (Denial of Service) – is a cyber-attack in which the bad actor makes a device or network resource unavailable by flooding the services of a host connected to the Internet. User Authentication – is often used to identify and validate the identity of anyone who connects to a network resource.Encryption – is the process of encoding data, by converting the original representation of the information, known as plain text, into an alternative form known as cipher text.Antivirus – helps protect your computer against malware and cyber criminals by seeking out and removing computer viruses that have infected your computer.Malware – is any type of software designed to harm or exploit any programmable device, service or network. Examples include computer viruses, worms, and Trojan horses. Ethical Hacking – is an authorized, legal practice of bypassing system security to locate potential data breaches and threats in a network.Ransomware – is a form of malware that locks the user out of their devices or accounts, then demands payment to restore accessCyber Attack – is any unauthorized attempt to access, alter, steal or block system or user information.Cloud – is a storage system that allows the access of data and programs over the Internet instead of your computer’s hard drive.Network – is a digital telecommunications network for communication between devices that use a common telecommunications technologyIoT – (Internet of Things) is a system of interrelated computing devices, mechanical and digital machines or objects used and managed over a network. Penetration Test – is an authorized simulated cyber attack on a computer system, performed to locate network vulnerabilities. Dive into Cybersecurity . In an effort to better understand the growing field of cybersecurity, you can call an admission advisor at (734) 707-9985. The Nexus at University of Michigan Engineering Cybersecurity Bootcamp offers a program that will allow you to gain the skills and knowledge needed to have a career in cybersecurity in as little as a year. Individuals that complete the program will exit with all the training and skills you need to enter the workforce. Categories. Cybersecurity FinTech General . . View this post on Instagram A post shared by UMich Digital Skills (@um_nexusdigital) Categories. Cybersecurity FinTech General . . View this post on Instagram A post shared by UMich Digital Skills (@um_nexusdigital) To learn more about Nexus’ cybersecurity professional bootcamp, give our admissions advisors a call at (734)-707-9985 or fill out the form below. 2401 Plymouth Road, Suite A/B, Ann Arbor, MI 48105 (734)-707-9985 Program. Cybersecurity Bootcamp Pages. Home FAQ The Classroom Blog Career Services About Us Contact Us Powered by Privacy Policy Skip to content This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Topics
  • Topic
  • Tf
  • Position
  • cybersecurity
  • 20
  • 9
  • network
  • 11
  • 9
  • device
  • 9
  • 9
  • system
  • 8
  • 9
  • computer
  • 6
  • 9
  • data
  • 6
  • 9
  • cyber
  • 5
  • 9
  • skill
  • 5
  • 9
  • information
  • 5
  • 9
  • service
  • 5
  • 9
  • authentication
  • 4
  • 9
  • term
  • 4
  • 9
  • attack
  • 4
  • 9
  • private
  • 4
  • 9
  • protect
  • 4
  • 9
  • security
  • 4
  • 9
  • user
  • 4
  • 9
  • program
  • 4
  • 9
  • digital
  • 4
  • 9
  • post
  • 4
  • 9
  • 15 cybersecurity term
  • 3
  • 9
  • 734 707 9985
  • 3
  • 9
  • 15 cybersecurity
  • 3
  • 9
  • cybersecurity term
  • 3
  • 9
  • cybersecurity professional
  • 3
  • 9
  • cyber attack
  • 3
  • 9
  • private information
  • 3
  • 9
  • 734 707
  • 3
  • 9
  • 707 9985
  • 3
  • 9
  • professional
  • 3
  • 9
  • practice
  • 3
  • 9
  • privacy
  • 3
  • 9
  • access
  • 3
  • 9
  • internet
  • 3
  • 9
  • form
  • 3
  • 9
  • 734
  • 3
  • 9
  • 707
  • 3
  • 9
  • 9985
  • 3
  • 9
  • bootcamp
  • 3
  • 9
Result 10
Title45 Basic Cyber Security Terms You Should Know - Spinbackup
Urlhttps://spinbackup.com/blog/45-main-cybersecurity-terms-everyone-must-know/
DescriptionCyber Security Terms: Must-Know List · Google Workspace Backup & Data Loss Protection · Detect and disable shadow IT in Google Workspace · Free ...
DateNov 1, 2019
Organic Position10
H1
H2
H3
H2WithAnchors
Body
Topics
  • Topic
  • Tf
  • Position
Result 11
TitleCybersecurity 101: Basic Terminology You Need to Know
Urlhttps://arcticwolf.com/resources/blog/cybersecurity-101-basic-terminology-you-need-to-know
DescriptionBlue graphic with a computer and a skull on the screen with "Types of Cyberattacks · Brute-Force Attacks · Consent Phishing · Credential Stuffing.
DateFeb 26, 2021
Organic Position11
H1
H2
H3
H2WithAnchors
Body
Topics
  • Topic
  • Tf
  • Position
Result 12
TitleCybersecurity Glossary and Vocabulary | Cybrary
Urlhttps://www.cybrary.it/resources/glossary/
DescriptionCybersecurity Glossary Cybrary’s cybersecurity glossary provides the cybersecurity community with knowledge of and insight on the industry’s significant terms and definitions. This list contains key terminology and is one of the most extensive cybersecurity glossary/vocabulary resources online. Start your search on the critical terms
Date
Organic Position12
H1Cybersecurity Glossary
H2
H3
H2WithAnchors
BodyCybersecurity GlossaryCybrary’s cybersecurity glossary provides the cybersecurity community with knowledge of and insight on the industry’s significant terms and definitions. This list contains key terminology and is one of the most extensive cybersecurity glossary/vocabulary resources online. Start your search on the critical terms you need to know as a security professional.A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A Back to Top Acceptable interruption window 1 An acceptable interruption window is the maximum time allowed for restoration, when interrupted, of critical systems or applications of an organization, so that its business goals are not negatively affected. Acceptable interruption window 2 The maximum amount of a business can function without negatively affecting the goals of the organization, even when its critical systems or applications are unavailable. Acceptable use policy Acceptable use policy is a policy that defines the level of access and degree of use of the organization’s network or internet by the members of an organization. Access control list acl An access control list is a set of rules or instructions to inform the operating system about the access constraints for users or user groups, so that the operating system knows whether or not a user id has permission to access a file or a directory. Access path An access path is a logical order that directs to the location on the computer where an object such as webpage, file etc., is stored. Access point An access point is a computer networking device which allows a wi-fi compliant device to connect to a wired network and usually connects via a router. Access profile An access profile is information about a user that is stored on a computer, including their password and name as well as what they are allowed access to. Access rights Access rights are the privileges or permissions awarded to a user or a program to access or alter, edit, delete the files stored on a network. Access type Access type is applied to an entity class, mapped superclass or embeddable class and is used to specify attributes. Account management user User account management is the methods which are used to create, manage and authenticate users. Accountability Accountability is the ability to trace an action performed on the system to a user, a process or an application. Accounting legend code Accounting legend code is numeric code used to indicate the minimum accounting controls required for items accountable communications security (comsec) material within the control systems. Active security testing Active security testing is security testing which involves directly interacting with a target, such as sending packets Ad hoc network An ad hoc network is a local area network (lan) that spontaneously builds as devices connect. An ad hoc network does not rely on a base station to coordinate different points, rather the individual base nodes forward packets to and from each other. Administrative safeguards Administrative safeguards are a special set of the hipaa security rules. Administrative safeguards focus on internal organization, policies and procedures and the maintenance of security managers which are in place to protect sensitive patient information. Advanced encryption standard aes An advanced data encryption algorithm that employs key sizes of variable length in the range of 128 – 256 bits. Advanced encryption standards help protect highly sensitive data such as financial information, and classified government records. Advanced penetration testing Advanced penetration testing is the process of testing a network to discover vulnerabilities which make it open to harmful intruders; then addressing and remedying the issues. Advanced persistent threat apt Advanced persistent threat is a user or a program that has highly sophisticated techniques and intends to pursue them with a malicious intent. Adversary An adversary is a process, user or device that possesses a threat to the network. Adware Adware is software distributed to the user free of cost with advertisements embedded into them. As such, it displays advertisements, and redirects your queries to sponsor’s websites. Adware helps advertisers collect data for marketing purposes, without your permissions to do so. A user can disable ad pop-ups by purchasing a registration key. Alert situation An alert situation is when the interruption in an enterprise is not resolved even after the competition of the threshold stage, an alert situation requires the enterprise to start escalation procedure. Alternate facilities Alternate facilities are secondary facilities including offices, data processing centers etc., from where high- priority emergency tasks can be performed, delivered when primary facilities are interrupted, unavailable. Alternate process An alternate process is a back-up process devised to help continue a business critical process without any interruption, from the time the primary enterprise system breaks down to the time of its restoration. Analog Analog is a transmission signal denoted by ‘sine way,’ that varies in signal strength (amplitude) or frequency (time). While the higher and lower points of the wave denotes the value of signal strength, on the other hand the physical length of the wave indicates the value of time. Anti malware Anti-malware is a program designed to protect computers and networks against any threats or attacks from viruses such as adware, spyware, and any such other malicious programs. Anti virus software Antivirus software is a program or a set of programs that help prevent any malicious object, code, program from entering your computer or network. If any such malicious programs enter your computer, antivirus software helps detect, quarantine, or remove such programs from the computer or networks. App attack An app attack occurs when a user unknowingly installs a harmful app on their tablet or smartphone and the app in turn steals their personal data. Application layer An application layer is one of the seven layers in the open-system interconnection (osi) model of the tcp/ip protocol suite. Application layer defines the way process-to-process communication happens in a network; it only offers a strong communication interface and end user services. Architecture Architecture is a structure that defines or describes the very fundamentals of a system or an organization, its components, the relationship between each of these components, their relationship to the overall system, and finally, their effectiveness in guiding the system towards its goals. Asset An asset is the resources of an organization, business either having tangible value – finance, infrastructure, physical properties, human resource – or of intangible value such as goodwill that helps business and can be converted to cash for future use. Asymmetric key public key An asymmetric key (public key) is a security measure that uses two keys to ensure the confidentiality of a message. One key encrypts the message, while the other key decrypts it. Attack mechanism An attack mechanism is a system or strategy by which a target is hit; the attacker may use different attack mechanisms such as a container or payload to hit the intended target. Attack vector An attack vector is a means and ways by which an attacker gains entry into the target system. Attackers mainly use the human element or the weak links to gain such access. Attack An attack is an action with malicious intention to interrupt the operations of a network or steal the data, etc. Attenuation Attenuation is the weakening of signal strength, analog or digital, especially when transmitted over long distances. Audit trail An audit trail is a detailed history of transactions to help you trace a piece of information back to its origin. In the field of computers, audit trail or paper log, helps maintain security, recover any lost data. Authentication Authentication is the process of identifying a piece of information, the veracity of information provided. In computers, it is the process of identifying a person or system with the username; password, etc. Authentication helps individuals; systems gain authorization based on their identity. Authenticity Authenticity is the proof or validity that a claimed identity (whether human or a resource) is real and legitimate. Availability Availability is the time duration a system or resource is ready for use. B Back to Top Backdoor A backdoor or trapdoor is a process to gain unauthorized access to a computer or a network. A programmer may bypass security steps and gain access to a computer by trapdoor programs, in the event of an attack on the computer system or networks. Attackers may also use such mechanisms to enter computers or networks without proper permission. Bandwidth Bandwidth is the volume of data or information that can pass through a network for a given period, and is usually measured in bits per second. Banner grabbing Banner grabbing is the process of grabbing banner information such as the application type and version. This information is then transmitted by a remote port when a connection is initiated. Banner A banner is a display on an information system that sets the parameters for system or data use. Baseline security Baseline security is the minimum set of security controls required for safeguarding an it system. Baseline security is based upon a system’s identified needs for confidentiality, integrity and availability protection. Bastion host A bastion host is a special services computer on a network that is designed to withstand attacks. Bastion A bastion is a system of high level of security protection; such a system offers very strong protection against attacks. Behavioral outcome A behavioral outcome is what an individual who has completed a specific training module is expected to accomplish on regular IT security job performance. Biometrics Biometrics are a security system, which takes into account the unique physiological characteristics of a person such as fingerprints, dna, hair, etc., for identification purposes. Bit error rate A bit error rate is the ratio between the number of bits incorrectly received and the total number of bits transmitted in a telecommunications system. Black core A black core is a communication network architecture in which user data traversing a global internet protocol (ip) is end-to-end encrypted at the ip layer. Blended attack A blended attack is a hostile action with the intent of spreading malicious code. Block cipher algorithm A block cipher algorithm is a family of functions and their inverses parameterized by a cryptographic key in which the function maps bit strings of a fixed length to bit strings of the same length. Block cipher A block cipher is a method used to cipher text information by encrypting data in blocks, strings, or groups at a time rather than encrypting individual bits. Botnet A botnet is a remote controlled robotic network or a network of computers set up to further attacks such as spam, virus, etc., to the target computers or networks. Attackers use various malicious programs, viruses to take control of computers and form a botnet or robotic network; the owners of such member computers may be unaware that their computer carries and forwards such a threat. Boundary 1 A boundary is a fence or an imaginary line, which indicates the limit of an organization, and its relationship with its neighbors. Boundary 2 The physical and/or logical perimeter of a system. Bridge A bridge is an electronic device that connects two networks such as lan that uses the same protocol such as ethernet or token ring, and creates two distinct lan’s or wide area networks. Operating at the data link layer of the open system interconnect model, bridges have the ability to filter the information and can pass such information to the right nodes, or decide not to pass any information. They also help in streamlining or reducing the volume of traffic on a lan by dividing the data into two segments. Bring your own device Bring your own device (byod) is a policy of the organization allowing its employees to use their personal devices such as smartphones, tablet PCs, laptops for business purposes. Broadcast A broadcast is a process of transmitting the same message to multiple users simultaneously. Brute force attack A brute force attack is the process of finding the solution by constantly trying many probable variants of information such as passwords, deciphered keys, etc., in a random fashion. Brute force Brute force is a computing method that relies on strong algorithms and computing techniques to find the ultimate solution to a given issue. Buffer overflow A buffer overflow is when a program tries to store an excess amount of data to a buffer than it can hold, as there is a limit on how much data a buffer can hold, the surplus data overflows to the adjoining buffers. Thus, overwriting the data stored in those buffers, and triggering unpredictable consequences. Business continuity plan A business continuity plan is also known as a business emergency plan, it offers safeguards against a disaster, and outlines the strategies, action plan on how to continue business as usual in the event of any disaster. Business impact analysis assessment A business impact analysis/assessment is the process of evaluating and identifying risks and threats that a business might face in the event of an accident, disaster, or an emergency. It evaluates the possible risk to tangible and intangible assets such as personal, infrastructure, data and goodwill. In addition, it offers steps needed to recover from any such disasters. C Back to Top Category A category is a restrictive label applied to classified or unclassified information to limit access. Central services node A central services node is the key management infrastructure core node that provides central security management and data management services. Certificate authority ca A certificate authority (ca) is an independent third party that verifies the online identity of an entity. They issue digital certificates that contain information about the owner of the certificate and details of the certificates, thus verifying the identity of the owner. Certificate management Certificate management is the process in which certificates are generated, used, transmitted, loaded and destroyed. Certification revocation list A certificate revocation list is an independent third party that verifies the online identity of an entity. They issue digital certificates that contain information about the owner of the certificate and details of the certificates, thus verifying the identity of the owner. Chain of custody A chain of custody is a process that defines rules for evidence to be legally accepted. A neutral third party, who has no interest in the case, collects the evidence after properly identifying it; and that the evidence is accountable until it is presented in the court of law. The collector makes the evidence tamper-proof and seals it tightly. It contains the complete information of the evidence as to how had collected it, and who had access to it. Chain of evidence The chain of evidence shows who obtained the evidence, where the evidence came from, also who secured, had control and possession of the evidence. The chain of evidence goes in the following order: collection and identification; analysis; storage; preservation; presentation in court; return to owner. Challenge response protocol Challenge response protocol is a kind of authentication protocol in which the verifier sends the claimant a challenge. Then, via hashing the challenge or applying a private key operation, a response is generated and sent to the verifier. This information is then verified to establish the claimant’s control of the secret. Checksum A numerical value that helps to check if the data transmitted is the same as the data stored and that the recipient has error free data. It is often the sum of the numerical values of bits of digital data stored, this value should match with the value at the recipients end, and a mismatch in the value indicates an error. Chief information security officer A chief information security officer is a senior level executive of an organization entrusted with the responsibilities of protecting the information assets of the businesses and making sure that the information policies of the organization align with the objectives of the organization. Chief security officer A chief security officer is an executive of the company with assigned responsibility to protect assets such as the infrastructure, personnel, including information in digital and physical form. Cipher text Cipher text is data converted from plain text into code using an algorithm, making it unreadable without the key. Cipher A cipher is a process to convert data into code, or encrypt, with the help of an algorithm; to decipher the code a key is required. Ciphony Ciphony is the process of enciphering audio information with the result of encrypted speech. Claimant A claimant is the party who needs to be identified via an authentication protocol. Cleartext Cleartext is data in ascii format or data that is not coded or encrypted. All applications and machines support plain text. Clinger cohen act 1996 The clinger-cohen act is also known as the information technology management reform act. This statute made significant changes in the way that its resources are managed and procured. The most significant aspect of this act is the requirement that each agency design and implement a process for maximizing the value and assessing and managing the risks of its investments. Cloud computing Cloud computing is a platform that utilizes shared resources to access information, data, etc., rather than local servers. Information is stored on, and retrieved from the cloud or internet. Cloud computing allows remote sharing of files, data and facilitates remote working, as long as users are connected to the internet. Cold site A cold site is a backup site that can become operational fairly quickly, usually in one or two days. A cold site might have all the standard office things such as furniture and telephones, however there is unlikely to be any computer equipment in a cold site. Basically, a cold site is a backup facility ready to receive computer equipment should it need to move to an alternate location. Collision A collision is a situation where two or more devices – networking devices or computers – try sending requests or transmit data to the same device at the same time. Common access card cac A common access card is a standard identification/smart card issued by the department of defense. A common access card has an embedded integrated chip storing public key infrastructure (pki) certificates. Common attack pattern enumeration and classification capec A common attack pattern enumeration and classification is a document published by mitre corporation that details how vulnerable systems are attacked. The community-developed document describes common attack patterns and how such attacks are executed. Compartmentalization Compartmentalization is a technique of protecting confidential information by revealing it only to a few people, to those who actually need to know the details to perform their job. Thus, by restricting access to information, data the risk to business objectives is limited. Compliance documents A compliance document is a document detailing the actions required to comply or adhere to the set standards by regulatory bodies. Any violations of the said rules attract punitive actions from the regulatory bodies. Compliance Compliance is the act of abiding by, and adhering to the set standards, rules, and laws of the land, or of any such regulatory bodies, authorities. In the software field, for example, development of software adheres to certain standards set by the quality and standards body, and installation process abides by the vendor license agreement. Computer emergency response team cert A computer emergency response team (cert) is a team formed to study the vulnerabilities of information systems of an organization and offer solutions and strategies to face such vulnerabilities. Such teams are highly organized with clearly defined roles and responsibilities. Computer forensics Computer forensics is the process of analyzing and investing computer devices, on suspecting that such devices may have been used in a cybercrime, with the aim of gathering evidence for presentation in a court of law. Computer forensics offers many tools for investigation and analysis to find out such evidence. Confidentiality Confidentiality is the set of rules that places restrictions on access to, or sharing of information with the aim of preserving and protecting the privacy of the information. Configuration management Configuration management is the process of entering, editing, updating information relating to an organization’s hardware and software. Every detail such as the version of software installed, updates applied to the software, and the location of the devices, etc., is recorded, updated regularly. Consumerization Consumerization refers to new trends or changes in enterprise technology as more and more consumers embrace such technology. Employees use devices for personal use and as they gain wide acceptance, even organizations start using such technologies. Containment Containment is steps taken to control any further risks upon identifying a threat. Content filtering Content filtering is a process by which access to certain content, information, data is restricted, limited, or completely blocked based on organization’s rules. Any objectionable email, website, etc., is blocked using either software or hardware based tools. Control 1 Control is the policies, strategies, guidelines, etc. Established in collaboration with various departments of an organization such as management, legal, technical to help mitigate risk. Control 2 A policy that guarantees an organization that the systems are reliable, and work in accordance with the established rules. It also assures that the organization complies with all the standards and rules as established by various authorities. Countermeasure A countermeasure is a defensive mechanism that helps mitigate risk, threat, to a network or computers, using a process, system or a device. Critical infrastructure Critical infrastructure is the fundamental system of an organization that is important for its survival, any threat to such basic systems would push the entire organization into jeopardy. Criticality analysis Criticality analysis is evaluating the importance of an asset or information to an organization; and the effects its failure would have on the overall performance of the organization. Criticality Criticality is the level of importance assigned to an asset or information. The organization may not function effectively and efficiently in the absence of an asset or information that is highly critical. Cross site scripting xss Cross site scripting is an attack on trusted and otherwise secure websites, by injecting malicious scripting. Attackers target websites that do not filter user inputs for strings or common characters in a script. Cryptography Cryptography is the science and art of protecting the privacy of information by encrypting it into a secret code, so no one but the authorized person with an encryption key can read or view the information. Cryptosystem A system or an algorithm to encrypt plain text to secret code or cipher text to protect the privacy of information stored. A key helps convert plain text to cipher text and vice-versa. Cyber security architecture Cyber security architecture is the information security layout that describes the overall structure, including its various components, and their relationships in an organization. It displays how strong the data security, controls and preventive mechanisms implemented in the organization are. Cyber security Cyber security are the processes employed to safeguard and secure assets used to carry information of an organization from being stolen or attacked. It requires extensive knowledge of the possible threats such as viruses or such other malicious objects. Identity management, risk management and incident management form the crux of cyber security strategies of an organization. Cybercop A cybercop is a law enforcement officer entrusted with the responsibilities of monitoring online activities to control criminal activities online or cybercrimes. Cyber Espionage Cyber espionage is spying on the computer systems of an organization with the help of a virus to steal or destroy data, information, etc. Such spying is unauthorized and happens in a clandestine matter. Cyberwarfare Cyber warfare is virtual warfare waged online over the internet to weaken or harm the financial systems of an organization by stealing private and personal information available online on websites, etc. D Back to Top Data asset A data asset is any entity that is composed of data; for example, a database is an example of a data asset. A system or application output file, database, document, or web page are also considered data assets. Data assets can also be a service that may be provided to access data from an application. Data classification Data classification is a data management process that involves categorizing and organizing data into different classes based on their forms, types, importance, sensitivity, and usage in an organization. Data custodian A data custodian is an executive of an organization entrusted with the responsibilities of data administration, as such protecting and safeguarding data is the primary responsibility of a data custodian. Data element A data element is a basic unit of information that has a unique meaning and subcategories (data items) of distinct value. Gender, race, and geographic location are all examples of data elements. Data encryption standard A data encryption standard is a form of algorithm to convert plain text to a cipher text. Data encryption standard uses the same key to encrypt and decrypt the data, and hence it is a symmetric key algorithm. Data flow control Data flow control is another term for information flow control. Data leakage Data leakage is the accidental or intentional transfer and distribution of private and confidential information of an organization without its knowledge or the permission. Data owner A data owner is an executive of an organization entrusted with the administrative control of the data. Such an individual or executive has complete control over data, and he can control or limit the access of such data to people, assign permissions, etc., also he is accountable for such data accuracy and integrity. Data retention Data retention is the process of storing and protecting data for historical reasons and for data back up when needed. Every organization has its own rules governing data retention within the organization. Data transfer device dtd A data transfer device is a fill device designed to securely store, transport, and transfer electronically both comsec and transec keys. A dtd is designed to be backward compatible with the previous generation of comsec common fill devices, and programmable to support modern mission systems. Database A database is a systematic collection and organization of data by individuals or organizations so that it can be easily stored, retrieved, and edited for future use. Decentralization Decentralization is the process of distributing functions, authorities among different people or to different locations. Decryption key A decryption key is a piece of code that is required to decipher or convert encrypted text or information into plain text or information. Decryption Decryption is the process of decoding cipher text to plain text, so it is readable by the user. It is the opposite of encryption, the process of converting plaintext to cipher text. Defense in depth Defense in depth is the process of creating multiple layers of security to protect electronics and information resources against attackers. Also called the castle approach, it is based on the principle that in the event of an attack, even if one layer fails to protect the information resource other layers can offer defense against the attack. Demilitarized zone A demilitarized zone is a firewall setting that separates the lan of an organization from the outside world or the internet. Demilitarized zone (dmz) makes certain resources servers, etc., available to everyone, yet keeping the internal lan access private, safe and secure offers access only to authorized personnel. Denial of service attack A denial of service attack is an attack on a network or a machine to make it unavailable to other or important users. Single user floods the network or server with the same requests keeping it busy, occupied, and unavailable for other users. Digital certificate A digital certificate is a piece of information that guarantees that the sender is verified, genuine and that he is the person who he claims to be. Otherwise known as public key information, digital certificate issued by certificate authority, helps exchange information over the internet in a safe and secure manner. Digital evidence Digital evidence is electronic information stored or transferred in digital form. Digital forensics Digital forensics is the process of procuring, analyzing, interpreting electronic data for the purpose of presenting it as an acceptable evidence in a legal proceedings in a court of law. Digital signature A digital signature is an electronic code that guarantees the authenticity of the sender of information as who he claims to be, and that the information he sent out is first- hand, without any alterations. Digital signatures use the private key information of the sender and cannot be imitated or forged, easily. Disaster recovery plan A disaster recovery plan (drp) or a business continuity plan (bcp) prescribes steps required to carry on the business as usual in the event of a disaster. Disaster recovery plan aims to bring business activities back to normalcy in the shortest possible time; such efforts require an in-depth study and analysis of business critical processes and their continuity needs. Business continuity plans also prescribe preventive measures to avoid disasters in the first place. Disaster A sudden event, catastrophe caused by the forces of nature or by a human error that results in serious damages to nature, society, human life, and property. Disaster in a business or commercial sense disables an enterprise from delivering the essential tasks for a specified period; for organisations disasters may result in loss of resources, assets, including data. Discretionary access control Discretionary access control is a security measure, by which the owner can restrict the access of the resources such as files, devices, directories to specific subjects or users or user groups based on their identity. It is the discretion of the owner to grant permission or restrict users from accessing the resources completely or partially. Disk imaging Disk imaging is the process of generating a bit-for-bit copy of the original media, including free space and slack space. Disruption A disruption is an unplanned event that causes the general system or major application to be inoperable for an unacceptable length of time (e.g., minor or extended power outage, extended unavailable network, or equipment or facility damage or destruction). Distributed denial service ddos A distributed denial of service is a denial of service technique that uses numerous hosts to perform the attack. Domain name system dns exfiltration Domain name system (dns) exfiltration is a difficult to detect lower level attack on dns servers to gain unauthorized access. Such attack attacks lead to loss of data that range from simple to complex in nature and importance. Domain name system A domain name system is a distributed system that internet servers follow to convert alphabetical domain names into numerical ip addresses. Internet servers follow a numerical ip addresses system, and to remember the numerical values of many domains is a difficult task, so domains use alphabetical addresses. Every time a user types in an alphabetical domain name, the dns helps the internet by converting the alphabetical domain name into a numerical ip address. Dual use certificate A dual-use certificate is a certificate that is intended for use with both digital signature and data encryption services. Due care Due care is the degree of care a rational person would exercise in similar situations as the one at hand. Alternatively known as ordinary care or reasonable care is a test of a person’s preparedness to act, be responsible or neglectful of responsibility. Due diligence Due diligence is the process of conducting a thorough and detailed investigation, to verify the truthfulness of the information provided in the statements for analysis and review before committing to a transaction. It is a measure of prudence, a rational person would undertake before taking a final decision. Duplicate digital evidence Duplicate digital evidence is a duplicate that is an accurate digital reproduction of all data objects contained on the original physical item and associated media. Dynamic ports Dynamic ports are otherwise known as private ports, these ports ranging from port number 49,152 to 65, 535 do not need any registration; these ports help any computer application communicate with any other application or program that uses transmission control protocol (tcp) or the user datagram protocol (udp). E Back to Top E commerce The process of conducting any kind of business transaction or a commercial transaction electronically with the help of the internet is termed as e-commerce. The internet enables sellers to accept orders and payments online. As the most popular mode of business today, e-commerce is widely used for completing business-to-business; business-to-consumer; consumer-to-consumer; or consumer-to business transactions. E government E-government is the u.s. government use of web-based internet applications and other information technology Easter egg An easter egg is the hidden functionality within an application program, which becomes activated when an undocumented set of commands and keystrokes are entered. Easter eggs are typically used to display the credits for the development team and are intended to be non threatening. Egress filtering Egress filtering is the filtering of outgoing network traffic. Electronic key entry Electronic key entry is the entry of cryptographic keys into a cryptographic module using electronic methods such as a smart card or a key-loading device. Electronic key management system An electronic key management system is an interoperable collection of systems being developed by services and agencies of the u.s. government to automate the planning, ordering, generating, distributing, storing, filling, using, and destroying of electronic key and management of other types of comsec material. Electronic signature An electronic signature is the process of applying any mark in electronic form with the intent to sign a data object and is used interchangeably with digital signature. Electronically generated key An electronically generated key is a key generated in a comsec device by mechanically or electronically introducing a seed key into the device and then using the seed in conjunction with a software algorithm stored in the device to produce the desired key. Elliptical curve cryptography ecc Elliptical curve cryptography is a technique that uses an elliptical curve equation to create cryptography keys; keys generated by this theory are much smaller, faster, and efficient, as well! This modern technique keeps the decryption key private, while the encryption key is public. Unlike traditional methods of generating cryptography keys such as rsa, elliptical curve technique uses discrete algorithms making it difficult to decipher the keys or challenge the keys. Embedded cryptographic system An embedded cryptosystem is a system performing or controlling a function as an integral element of a larger system or subsystem. Embedded cryptography Embedded cryptography is cryptography engineered into an equipment or system whose basic function is not cryptographic. Encapsulation security payload An encapsulation security payload is an ipsec protocol that offers mixed security in the areas of authentication, confidentiality, and integrity for ipv4 and ipv6 network packets. Encapsulation security payload offers data integrity and protection services by encrypting data, anti-replay, and preserving it in its assigned ip. Encipher To encipher is to convert plain text to cipher text via a cryptographic system. Encryption algorithm An encryption algorithm is a set of mathematically expressed rules for rendering data unintelligible by executing a series of conversions controlled by a key. Encryption certificate An encryption certificate is a certificate containing a public key that is used to encrypt electronic messages, files, documents, or data transmissions, or to establish or exchange a session key for these same purposes. Encryption key An encryption key is a code of variable value developed with the help of an encryption algorithm to encrypt and decrypt information. Encryption Encryption is a process of maintaining data integrity and confidentiality by converting plain data into a secret code with the help of an algorithm. Only authorized users with a key can access encrypted data or cipher text. End cryptographic unit An end cryptographic unit is a device that (1) performs cryptographic functions, (2) typically is part of a larger system for which the device provides security services, and (3) from the viewpoint of a supporting security infrastructure (e.g., a key management system), is the lowest level of identifiable component with which a management transaction can be conducted. End end encryption End-to-end encryption describes communications encryption in which data is encrypted when passing through a network with the routing information still visible. Enterprise architecture The enterprise architecture is the description of an enterprise’s entire set of information systems: configuration, integration and how they interface. Enterprise architecture also describes how they are operated to support the enterprise mission, and how they contribute to the enterprise’s overall security posture. Enterprise risk management Enterprise risk management is the methods and processes used by an enterprise to manage risks to its mission and to establish the trust necessary for the enterprise to support shared missions. It involves the identification of mission dependencies on enterprise capabilities, the identification and prioritization of risks due to defined threats, the implementation of countermeasures to provide both a static risk posture and an effective dynamic response to active threats; and it assesses enterprise performance against threats and adjusts countermeasures as necessary. Enterprise An enterprise is an organization with a defined mission/goal and a defined boundary, using information systems to execute that mission, and with responsibility for managing its own risks and performance. An enterprise may consist of all or some of the following business aspects: acquisition, program management, financial management (e.g., budgets), human resources, security, and information systems, information and mission management. Entrapment Entrapment is the deliberate planting of apparent flaws in an information system with the intent to detect attempted penetrations. Eradication Eradication is an important function of the incident management process that follows the containment of an incident. Upon identifying and controlling the incident in the containment stage, eradication helps identify and remove the root cause of the incident completely from the system and avoid any chances of recurrences of the incident. Ethernet Ethernet is the most popular local area network (lan) technology that specifies cabling and signalling systems for home networks or for organizations. Ethernet uses bus topology to support data transfers and carrier sense multiple access/ collision detection (csma/cd) systems to process requests at the same time. Event An event is an action or an occurrence that a program can detect. Examples of some events are clicking a mouse button or pressing the key, etc. Evidence Evidence is documents, records or any such objects or information that helps prove the facts in a case. Exercise key An exercise key is cryptographic key material used exclusively to safeguard communications transmitted over-the-air during military or organized civil training exercises. Exploit code An exploit code is a program that allows attackers to automatically break into a system. Exploit An exploit is taking advantage of a weakness or a flaw in the system to intrude, attack it. Exploitable channel An exploitable channel is a channel that allows the violation of the security policy governing an information system and is usable or detectable by subjects external to the trusted computing base. External network An external network is a network not controlled by the organization. External security testing External security testing is security testing conducted from outside the organization’s security perimeter. F Back to Top fail safe A fail safe is the automatic protection of programs and/or processing systems when hardware or software failure is detected. Fail soft Fail soft is the elective termination of affected nonessential processing when hardware or software failure is determined to be imminent. Failover Failover is a system’s capability to switch over automatically without any warning or human intervention to a redundant or standby information system upon the failure or abnormal termination of the previously active system. False positive A false positive is an alert that incorrectly indicates that malicious activity is occurring. Federal information system The federal information system is an information system used or operated by an executive agency, a contractor of an executive agency, or by another organization on behalf of an executive agency. Federal public key infrastructure policy authority fpki pa The federal pki policy authority is a federal government body responsible for setting, implementing, and administering policy decisions regarding interagency pki interoperability that uses the fbca. File encryption File encryption is the process of encrypting individual files on a storage medium and permitting access to the encrypted data only after proper authentication is provided. Filename anomaly File name anomaly is a mismatch between the internal file header and its external extension. A file name anomaly is also a file name inconsistent with the content of the file (e.g., renaming a graphics file with a non-graphical extension). File protection File protection is the aggregate of processes and procedures designed to inhibit unauthorized access, contamination, elimination, modification, or destruction of a file or any of its contents. File security File security is the method in which access to computer files is limited to authorized users only. File transfer protocol ftp File transfer protocol (ftp) is an internet protocol for transferring files from one computer to another in a network using tcp/ ip. Fill device A fill device is a comsec item used to transfer or store keys in electronic form or to insert key into cryptographic equipment. Firewall control proxy A firewall control proxy is the component that controls a firewall’s handling of a call. The firewall control proxy can instruct the firewall to open specific ports that are needed by a call, and direct the firewall to close these ports at call termination. Firewall A firewall is a security system tool that includes any software or hardware aimed at preventing viruses, worms, and hackers from intruding into a system or network. Firmware Firmware consists of the programs and data components of a cryptographic module that are stored in hardware within the cryptographic boundary and cannot be dynamically written or modified during execution. Flaw hypothesis methodology Flaw hypothesis methodology is the system analysis and penetration technique in which the specification and documentation for an information system are analyzed to produce a list of hypothetical flaws. This list is prioritized on the basis of the estimated probability that a flaw exists, on the ease of exploiting it, and on the extent of control or compromise it would provide. The prioritized list is used to perform penetration testing of a system. Flooding Flooding is an attack that attempts to cause a failure in a system by providing more input than the system can process properly. Focused testing Focused testing is a test methodology that assumes some knowledge of the internal structure and implementation detail of the assessment object. Focused testing is also known as gray box testing. Forensic copy Forensic copy is an accurate bit-for-bit reproduction of the information contained on an electronic device or associated media, whose validity and integrity has been verified using an accepted algorithm. Forensic examination Forensic examination is the investigation to evaluate, analyze, organize, preserve, and document evidence, including digital evidence that helps identify the cause of an incident. Forensic specialist A forensic specialist is a professional who locates, identifies, collects, analyzes, and examines data while preserving the integrity and maintaining a strict chain of custody of information discovered. Forensically clean Forensically clean describes digital media that is completely wiped of all data, including nonessential and residual data, scanned for malware, and verified before use. Forensics Forensics is the practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data. Forward cipher A forward cipher is one of the two functions of the block cipher algorithm that is determined by the choice of a cryptographic key. The term “forward cipher operation” is used for tdea, while the term “forward transformation” is used for dea. Freeware Freeware is an application, program, or software available for use at no cost. Full disk encryption fde Full disk encryption is the process of encrypting all the data on the hard disk drive used to boot a computer, including the computer’s operating system, and permitting access to the data only after successful authentication with the full disk encryption product. G Back to Top gateway Gateways are network points that act as an entrance to another network. A node or stopping point can be either a gateway node or a host (end-point) node. Get nearest server Get nearest server is a request packet sent by a client on an ipx network to locate the nearest active server of a particular type. An ipx network client issues a gns request to solicit either a direct response from a connected server or a response from a router that tells it where on the inter-network the service can be located. Gns is part of the ipx sap. Gethostbyaddr The gethostbyaddr is a dns (domain name system) query that returns the internet host name corresponding to an ip address. Global information grid gig The global information grid is the globally interconnected, end-to-end set of information capabilities for collecting, processing, storing, disseminating, and managing information on demand to warfighters, policy makers, and support personnel. The gig includes owned and leased communications and computing systems and services, software (including applications), data, security services, other associated services, and national security systems. Non-gig includes stand-alone, self-contained, or embedded it that is not, and will not be, connected to the enterprise network. Global information infrastructure gii The global information infrastructure is the worldwide interconnections of the information systems of all countries, international and multinational organizations, and international commercial communications. Gnu The name gnu stands for “gnu’s not unix” (gnu is pronounced as g’noo). The development of gnu started in january 1984 and is known as the gnu project. Gnu is a unix-like operating system (os), that comprises many programs such as applications, libraries, developer tools, games. The gnu is available with source code that allows a user to run, copy, modify, distribute, study, change, and improve the software. Gnutella Gnutella is an open file sharing or peer-to-peer (p2p) network that was originally developed by Justin Frankel and Tom Pepper of Nullsoft in the early 2000. It was the first decentralised file sharing network that acts as a server for sharing files while simultaneously acting as a client that searches for and downloads files from other users. Governance risk management and compliance Governance, risk management and compliance is a comprehensive and integrated organization wide system for achieving the goals set in each area namely governance, risk management, and compliance, and meet the regulatory standards and requirements. Governance Governance is a system for directing and controlling an organization. It includes a set of rules, processes, practises established to evaluate the options, needs, conditions of the stakeholders such as management, suppliers, financiers, customers, etc. It also includes a framework for attaining the established goals of an organization, alongside achieving a balance between the goals of organization and interests of the stakeholders. It aims to protect the interests of the organization by protecting assets of the organization, and the interests of the creditors, customers. Graduated security Graduated security is a security system that provides several levels (e.g., low, moderate, high) of protection based on threats, risks, available technology, support services, time, human concerns, and economics. Group authenticator A group authenticator is used sometimes in addition to a sign-on authenticator, to allow access to specific data or functions that may be shared by all members of a particular group. Guard system A guard system is a mechanism limiting the exchange of information between information systems or subsystems. Guessing entropy A guessing entropy is a measure of the difficulty that an attacker has to guess the average password used in a system. In this document, entropy is stated in bits. When a password has n-bits of guessing entropy then an attacker has as much difficulty guessing the average password as in guessing an n-bit random quantity. The attacker is assumed to know the actual password frequency distribution. Guideline A guideline is a general rule or a piece of advice required to follow in order to accomplish the set goals of an organization. H Back to Top Hacker A hacker is a term used for an expert computer programmer who tries to gain unauthorized access into a network or computer systems with intent. Handshaking procedures Handshaking procedures are the dialogue between two information systems for synchronizing, identifying, and authenticating themselves to one another. Hard copy key A hard copy key is physical keying material, such as printed key lists, punched or printed key tapes, or programmable, read-only memories. Hardening Hardening is also known as system hardening and refers to providing protection to a computer system at various layers such as host, application, os, user, physical levels, and all the other sublevels in between. A hardened computer system is a more secure computer system. Hardening eliminates as many risks and threats to a computer system as necessary. Hardware Hardware is the physical component of an information system. See also software and firmware. Hardwired key A hardwired key is a permanently installed key. Hash based message authentication code hmac Hash-based message authentication code is a message authentication code that uses a cryptographic key in conjunction with a hash function. Hash function A hash function is a function that is used to map data of arbitrary size to a data of a known or fixed size. The values returned by a hash function are called hash values, hash codes, hash sums, or simply hashes. Hash functions A cryptographic hash function is a kind of hash function where it is practically impossible to recreate the input data from its hash value alone. The input data is referred to as the ‘message’, and the hash value is called the ‘message digest’ or the ‘digest’. The result of this hash function can be used to validate if a larger file has been changed, without comparing the larger files. Examples of frequently used hash functions are md5 and sha1. Hash total A hash total is a method of verifying the accuracy of data; it includes adding up the data in different fields including fields, which have no significance such as account numbers, etc. The sum thus arrived should be the same as original, a mismatch in the totals indicates an error. Hash value A hash value is the result of applying a cryptographic hash function to data (e.g., a message). Hashing Hashing is a system of generating string values with the help of algorithms to maintain data integrity and accuracy. Header A header refers to the additional data at the beginning of a chunk of data (or packet) being stored or transmitted. The data that follows the header is called the payload or body. Note that it is important that the header is of clear and unambiguous format to allow for parsing. High assurance guard hag High assurance guard is an enclave boundary protection device that controls access between a local area network that an enterprise system has a requirement to protect, and an external network that is outside the control of the enterprise system, with a high degree of assurance. A guard that has two basic functional capabilities: a message guard and a directory guard. The message guard provides filter service for message traffic traversing the guard between adjacent security domains. The directory guard provides filter service for directory access and updates traversing the guard between adjacent security domains. High availability High availability is a failover feature to ensure availability during device or component interruptions. High impact system A high impact system is an information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a fips 199 potential impact value of high. An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a potential impact value of high. High impact High impact is the loss of confidentiality, integrity, or availability that could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the united states; (i.e., 1) causes a severe degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; 2) results in major damage to organizational assets; 3) results in major financial loss; or 4) results in severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries). Hijack attack A hijack attack is a form of active wiretapping in which the attacker seizes control of a previously established communication association. Hijacking Hijacking is a network security attack by which the intruder takes control of a connection, while a session is in progress. The intruder gains unauthorized access to the information. Honeyclient Honeyclient is a web browser-based high interaction client honeypot designed by Kathy Wang in 2004 and subsequently developed at mitre. It was the first open source client honeypot and is a mix of perl, c++, and ruby. Honeyclient is state-based and detects attacks on windows clients by monitoring files, process events, and registry entries. Honeymonkey A honeymonkey is an automated program that imitates a human user to detect and identify websites which exploit vulnerabilities on the internet. It is also known as a honey client. Honeypot Honeypot is a computer security program that simulates one or more network services that you define on your computer’s ports. An attacker may assume that you’re running weak services that can be used to break into the machine. A honeypot provides you advanced warning of a more concerted attack. Two or more honeypots on a network form a honeynet. Hop A hop occurs each time that a data packet is passed from one device (source) to the next device (destination). Data packets pass through bridges, routers, and gateways on the way. Host based intrusion detection system hids A host-based intrusion detection system (hids) is an intrusion detection system that monitors and analyses information from the operating system audit records occurring on the host. These operations are then compared to a predefined security policy norm. This analysis of the audit trail forces significant overhead requirements on the system due to the increased amount of processing power which must be utilized by the intrusion detection system. Depending on the size of the audit trail and the processing ability of the system, the review of audit data could result in the loss of a real-time analysis capability. Host A network host is a computer or other device connected to a computer network. A network host is a network node that is assigned a network layer host address. A network host may offer information resources, services, and applications to users or other nodes on the network. Hot site A hot site is a fully operational offsite data processing facility equipped with hardware and software, to be used in the event of an information system disruption. Backup site that includes phone systems with the phone lines already connected. Networks will also be in place, with any necessary routers and switches plugged in and turned on. Desks will have desktop pcs installed and waiting, and server areas will be replete with the necessary hardware to support business-critical functions. Within a few hours, a hot site can become a fully functioning element of an organization. Hot wash A hot wash is a debrief conducted immediately after an exercise or test with the staff and participants. Http proxy An http proxy is a server that receives requests from your web browser and then, requests the internet on your behalf. It then returns the results to your browser. Https Https (also called http over tls, http over ssl, and http secure) is an internet protocol used for secure communication over a computer network. Https is very important over insecure networks (such as public wifi), as anyone on the same local network can discover sensitive information not protected by https. Https consists of communication over hypertext transfer protocol (http) within a connection encrypted by transport layer security or its predecessor, secure sockets layer. Hub A hub is a network device that is a common connection point for devices in a network. These are commonly used to connect segments of a lan. A hub contains multiple ports. When a data packet is received at one port, it is transmitted to the other ports on the hub. Hybrid attack A hybrid attack is a blend of both a dictionary attack method as well as brute force attack. This means that while a dictionary attack method would include a wordlist of passwords, the brute-force attack would be applied to each possible password in that list. Hybrid encryption Hybrid encryption is a method of encryption that combines two or more encryption algorithms or systems. This method merges asymmetric and symmetric encryption in order to derive benefit from the strengths of each form of encryption. These strengths include speed and security respectively. Hybrid security control Hybrid security control is a security control that is implemented in an information system in part as a common control and in part as a system-specific control. Hyperlink A hyperlink (usually highlighted by color or underscoring) could be a word, a phrase, or an image that refers to data or related information that the user can directly follow either by clicking or by hovering. A hyperlink points to a whole document or to a specific element within a document while a hypertext is text with hyperlinks. Hypertext markup language html Hypertext markup language (html) is a set of markup symbols or codes that are inserted in a file intended for display on a world wide web (www) browser page. This markup states the browser how to display a web page to the user. Hypertext transfer protocol http Http is the underlying protocol used by the world wide web (www). This protocol defines how messages are formatted and transmitted on the internet and what actions web servers and browsers should take in response to various commands. I Back to Top Identity Internet identity (iid) or internet persona is a social identity that an internet user creates on online communities and websites. While some users prefer using their real names online, others prefer to be anonymous and identify themselves by means of pseudonyms. Incident handling Incident handling is an action plan developed (by an organisation or individual) to counteract intrusions, cyber-theft, denial of service, fire, flood, and any other security-related events. It comprises six process steps: preparation, identification of attack, containment of attack, eradication, recovery, and analysis (lessons learned documentation). Incident An incident is an unplanned disruption or degradation of a network or system service and needs to be resolved immediately. An example of an incident is a server crash that causes a disruption in the business process. However, if the disruption is planned, say, a scheduled maintenance, it is not an incident. Incremental backups An incremental backup provides a backup of only those files that have changed, modified, or are new since the last backup. Incremental backups are often desirable as they consume minimum storage and are quicker to perform than differential backups. Inetd Inetd stands for internet service daemon and is a super-server daemon on many unix systems to manage several internet services. This reduces the load of the system. This means that the network services such as telnet, file transfer protocol (ftp), and simple mail transfer protocol (smtp) can be activated on demand rather than running continuously. Inference attack An inference attack is a data mining technique used to illegally access information about a subject or database by analyzing data. This is an example of breached information security. Such an attack occurs when a user is able to deduce key or critical information of a database from trivial information without directly accessing it. Information warfare Information warfare (iw) is primarily a United States military concept that involves the use and management of information and communication technology in pursuit of a competitive advantage over an opponent. This concept may employ a combination of tactical information, assurance(s) that the information is valid, spreading of propaganda or disinformation to demoralise or manipulate the enemy and the public, undermining the quality of opposing force information and denial of information-collection opportunities to opposing forces. Ingress filtering Ingress filtering is used to ensure that all incoming packets (of data) are from the networks from which they claim to originate. Network ingress filtering is a commonly used packet filtering technique by many internet service providers to prevent any source address deceiving. This helps in combating several net abuse or crimes by making internet traffic traceable to its source. Input validation attacks Input validations attacks are when an attacker purposefully sends strange inputs to confuse a web application. Input validation routines serve as the first line of defence for such attacks. Examples of input validation attacks include buffer overflow, directory traversal, cross-site scripting and sql injection. Integrity star property Integrity star property means a user cannot access or read data of a lower integrity level than their own. Integrity Integrity of a system or network is the assurance that information can only be accessed or modified by those who are authorised. Several measures are taken to ensure integrity. These include controlling the physical environment of networked terminals and servers, restricting access to data, and maintaining rigorous authentication practices. Data integrity can be threatened by environmental hazards, such as heat, dust, and electrical surges. Internet control message protocol icmp The internet control message protocol (icmp) is one of the key internet protocols and is used by network devices such as routers to generate error messages to the source ip address when network problems prevent delivery of ip packets. Any ip network device has the capability to send, receive or process icmp messages. This protocol is also used to relay query messages and is assigned protocol number 1. Internet engineering task force ietf The internet engineering task force (ietf) is a large open international community of network designers, operators, vendors, and researchers who are concerned with the evolution of the internet architecture and its smooth operations. This body defines the standard internet operating protocols such as tcp/ip. The ietf is supervised by the internet society internet architecture board (iab). The internet assigned numbers authority (iana) is the central coordinator for the assignment of unique parameter values for internet protocols. Internet message access protocol imap The internet message access protocol (imap) is a standard internet protocol that is used by email clients to retrieve email messages from a mail server over tcp/ip. Imap is defined by rfc 3501. An imap server typically listens on port number 143. Imap over ssl (imaps) is assigned the port number 993. Internet protocol ip The internet protocol (ip) is a communication protocol that is used for relaying datagrams across network boundaries. It has a routing function which enables inter-networking, and essentially establishes the internet. Internet protocol security ipsec Internet protocol security (ipsec) is a protocol suite for secure internet protocol (ip) communications by authenticating and encrypting each ip packet of a communication session. Ipsec can be used in protecting data flows between a pair of hosts (host-to-host), security gateways (network-to-network), or between a security gateway and a host (network-to-host). Internet protocol An internet protocol address (ip address) is a numerical label that is assigned to each device that is using internet protocol or any other protocol and is connected to an internet network. An ip address serves two basic functions, that is, host or network interface identification and location addressing. Internet standard An internet standard (std) is a normative specification (that is approved by the iesg and published as an rfc) of a technology or methodology applicable to the internet. Internet standards are created and published by the internet engineering task force (ietf). An internet standard is characterised by technical reliability and usefulness. The ietf also defines a proposed standard as a less mature but stable and well-reviewed specification. Internet The internet is the worldwide network of interconnected computers that use the internet protocol suite (or tcp/ip) to link billions of devices across globally. It carries an extensive range of information resources and services, such as the inter-linked hypertext documents and applications of the world wide web (www), electronic mail, telephony, and peer-to-peer networks for file sharing. Interrupt An interrupt is a signal sent to the processor by hardware or software indicating an event that needs immediate attention. Intranet An intranet is a private or internal network that is accessible only to an organisation’s personnel. An intranet is established with the technologies for local area networks (lans) and wide area networks (wans). Intrusion detection id Intrusion detection (id) is a security management system for computers and networks. An id system gathers and analyses information on a computer or a network to identify possible security breaches which include both intrusions and misuse. This system uses vulnerability assessment which is a technology developed to assess the security of a computer system or network. Ip flood Ip flood is a type of denial of service attack where the victim or system is flooded with information that uses up all the available bandwidth and prevents legitimate users from access. When ip flood detection is enabled, the router has the ability to block malicious devices that are attempting to flood devices. Ip forwarding Ip forwarding is also known as internet routing. It is a process used to determine using which path a packet or datagram can be sent. Ip forwarding is an os option that allows a host to act as a router. A system that has more than one network interface card must have ip forwarding turned on in order for the system to be able to act as a router. Ip spoofing Ip spoofing is also known as ip address forgery or a host file hijack. It is a hijacking technique where a hacker impersonates as a trusted host to conceal his identity, spoof a website, hijack browsers, or gain access to a network. Iso The international organization for standardization (iso) is an international standard-setting body that is composed of voluntary representatives from various national standards organizations. Issue specific policy An issue-specific policy is intended to address specific needs within an organisation, such as a password policy. Itu t The itu telecommunication standardization sector (itu-t) is one of the three sectors of the international telecommunication union (itu). It coordinates standards for telecommunications. The international telegraph and telephone consultative committee (ccitt, from french: comité consultatif international téléphonique et télégraphique) was created in 1956, and was renamed itu-t in 1993. Itu became a United Nations specialized agency in 1947. J Back to Top Jitter Jitter is any deviation in, or displacement of, the signal pulses in a high-frequency digital signal. The aberration can be in amplitude, phase timing, or the width of the signal pulse. Jitter is sometimes referred to as “packet delay variation,” or pdv. Controlling jitter is critical for a good online experience. Jump bag A jump bag is a container that has all the items necessary to respond to an incident inside to help mitigate the effects of delayed reactions. K Back to Top Kerberos Kerberos is a computer network authentication protocol and is ticket-based allowing nodes to communicate over a non-secure. Massachusetts institute of technology (mit) developed the kerberos to protect network services provided by the project athena. This protocol is based on the earlier needham–schroeder symmetric key protocol. Kerberos protocol messages are protected against snooping and replay attacks. Kernel The kernel is an essential center of a computer operating system, the core that provides basic services for all other parts of the operating system. A synonym is nucleus. A kernel can be contrasted with a shell, the outermost part of an operating system that interacts with user commands. Kernel and shell are terms used more frequently in unix operating systems than in ibm mainframe or microsoft windows systems. L Back to Top Lattice techniques Lattice techniques use security designations to determine access to information. Layer 2 forwarding protocol l2f Layer 2 forwarding protocol (l2f) is an internet protocol, originally developed by cisco corporation, that uses tunnelling of ppp over ip to create a virtual extension of a dial-up link across a network, initiated by the dial-up server and transparent to the dial-up user. Layer 2 tunneling protocol l2tp An extension of the point-to-point tunneling protocol used by an internet service provider to enable the operation of a virtual private network over the internet. Least privilege Least privilege is the principle of allowing users or applications the least amount of permissions necessary to perform their intended function. Legion A legion is a software used to detect unprotected shares. Lightweight directory access protocol ldap Lightweight directory access protocol (ldap) is an open, vendor-neutral, industry standard application protocol used for accessing and maintaining distributed directory information services over an ip network. Link state Link-state routing protocols are one of the two main classes of routing protocols used in packet switching networks. The link-state protocol is performed by every switching node in the network. Every node creates a map of the connectivity to the network (in the form of a graph) displaying all the nodes that are connected to other nodes. Each node then calculates the next best logical path from it to every possible destination in the network. The collection of these best paths forms the node’s routing table. List based access control List based access control associates a list of users and their privileges with each object, such as a file directory or individual file. Each object has a security attribute that identifies its access control list. The list has an entry for each system user with access privileges. This list is implemented differently by each operating system. Loadable kernel modules lkm Loadable kernel modules (lkm) is an object file that contains code to extend the running kernel or the base kernel of an operating system. Lkms are usually used to add support for new hardware and/or file systems, and even for adding system calls. Log clipping Log clipping is the selective removal of log entries from a system log to hide a compromise. Logic bombs A logic bomb is a piece of code that is deliberately inserted into a system to trigger a malicious program. Viruses and worms often contain logic bombs that execute a certain payload at a pre-defined time or when some other condition is met. Some viruses attack their host systems on specific dates, such as friday the 13th or april fools’ day. Trojans that activate on certain dates are often called time bombs. Logic gate A logic gate is an elementary building block of a digital circuit. This device is used to implement a boolean function. It performs a logical operation on one or more logical inputs, and produces a single logical output. Loopback address A loopback address is a pseudo address that sends outgoing signals back to the same computer for testing. In a tcp/ip network, the loopback ip address is 127.0.0.1, and pinging this address always returns a reply unless the firewall prevents it. M Back to Top Mac address A media access control address (mac address) is also known as the physical address and is a unique identifier assigned to the network interface for communication. Mac addresses are generally used as a network address for most ieee 802 network technologies (including ethernet and wifi). Mac addresses are used in the media access control protocol sub-layer of the osi reference model. Malicious code Malicious code is any code in any part of a software system or script that is intended to cause undesired effects, security breaches, or damage to a system. Such codes actually gain unauthorised access to system resources or trick a user into executing other malicious logic. Malicious code describes a broad category of system security terms that includes attack scripts, viruses, worms, trojan horses, backdoors, and malicious active content. Malware Malware is a short term used for malicious software. Malware is defined as any software that is used to interrupt or disrupt computer operations, gather sensitive information, or gain access to certain files or programs. Mandatory access control mac Mandatory access control (mac) is a security approach that contains the ability of an individual resource owner to grant or deny access to resources or files on the system. Whenever a user tries to access an object, an authorisation rule is enforced by the os. Kernel examines these security aspects and decides whether the user can access or not. Any operation by any user is typically tested against a set of authorisation rules (aka policy) to determine if the operation is allowed. Masquerade attack A masquerade attack is any attack that uses a forged identity (such as a network identity) to gain unofficial access to a personal or organisational computer. Masquerade attacks are generally performed by using either stolen passwords and logins, locating gaps in programs, or finding a way around the authentication process. Such attacks are triggered either by someone within the organisation or by an outsider if the organisation is connected to a public network. Md5 The md5 was designed by professor ronald l. Rivest of mit in 1991. The md5 message-digest algorithm is the most widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit hexadecimal number. It was developed to be used with digital signature applications that require large files to be compressed by a secure method before being encrypted with a secret key, under a public key cryptosystem. Md5 is currently a standard internet engineering task force (ietf) request for comments (rfc) 1321. Measures of effectiveness moe The measures of effectiveness (moe) is a probability model based on engineering concepts that allows one to estimate the impact of a given action on an environment. Moe quantifies the results to be obtained by a system and may be expressed as probabilities that the system will perform as required. Monoculture Monoculture is the case where a large number of users run the same software, and are vulnerable to the same attacks. Morris worm The morris worm (or internet worm) program was written by a graduate student at cornell university, robert tappan morris, and launched on november 2, 1988 from mit. It was the first computer worm distributed via the internet and gained significant mainstream media attention. Multicast An ip multicast is a method of sending packets of data to a group of receivers in a single transmission. This method is often used to stream media applications on the internet and private networks. Multi homed Multi-homed is any computer host that has multiple ip addresses to connected networks. A multi-homed host is physically connected to multiple data links that can be on the same or different networks. Multihoming is commonly used in web management for load balancing, redundancy, and disaster recovery. Multiplexing Multiplexing is a technique by which multiple analog or digital data streams are combined into one signal over a shared medium. Multiplexing originated in telegraphy in the 1870s, and is now widely applied in communications. The multiplexed signal is transmitted over a communication channel, such as a cable. A reverse process, known as demultiplexing, extracts the original channels on the receiver end. N Back to Top Nat Network address translation (nat) is an approach that is used to remap an IP address space into another by modifying network address information in ip datagram packet headers while they are in transit. This technique was originally used for rerouting traffic in ip networks without renumbering every host. Typically home or small business networks use nat to share a single dsl or cable modem ip address. However, in some cases nat is used for servers as an additional layer of protection. National institute of standards and technology nist The national institute of standards and technology (nist) is a non-regulatory federal agency within the u.s. department of commerce. NIST’s mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. Natural disaster Natural disasters are any act of god or natural event caused by environmental factors. Some examples of these disasters include fire, flood, earthquake, lightning, or wind and disables the system, part of it, or a network of systems. Netmask A netmask is a string of 0’s and 1’s that screens out the network part of an ip address so that only the host computer part of the address remains. The binary 1’s at the beginning of the mask turn the network id part of the ip address into 0’s. The binary 0’s that follow allow the host id to remain. In a netmask, two bits are always automatically assigned. For example, in 255.255.225.0, “0” is the assigned network address, and in 255.255.255.255, “255” is the assigned broadcast address. The 0 and 255 are always assigned and cannot be used. Network based ids Network-based intrusion detection systems (nids) are placed at a strategic point (or points) to monitor the traffic on the network. It analyses the passing traffic on the entire subnet, and matches the traffic that is passed on the subnets to the library of known attacks. When an attack is identified, or abnormal behaviour is detected, an alert is sent to the administrator. Opnet and netsim are commonly used tools for simulation network intrusion detection systems. Network mapping Network mapping is the study of physical connectivity of networks. It is used to compile an electronic inventory of the systems and the services on any network. With the increase in complexities of networks, automated network mapping has become more popular. Network taps Network taps are hardware devices that help in accessing the data flow across a computer network. It is also desirable for a third party to monitor the traffic between two points in the network. The network tap has (at least) three ports, an a port, a b port, and a monitor port. Network taps are generally used for network intrusion detection systems, voip recording, network probes, rmon probes, packet sniffers, and other monitoring and collection devices and software that require access to a network segment. Non printable character A non-printable character is a character that doesn’t have a corresponding character letter to its corresponding ascii code. Examples would be the linefeed, which is ascii character code 10 decimal, the carriage return, which is 13 decimal, or the bell sound, which is decimal 7. On a pc, you can often add non-printable characters by holding down the alt key, and typing in the decimal value (i.e., alt-007 gets you a bell). There are other character encoding schemes, but ascii is the most prevalent. Non repudiation Non-repudiation refers to the ability of a system to prove that a specific user and only that specific user sent a message and that it hasn’t been modified. On the internet, a digital signature is used not only to ensure that a message or document has been electronically signed by the person, but also, since a digital signature can only be created by one person, to ensure that a person cannot later deny that they furnished the signature. Null session A null session is also known as anonymous logon. It is a method that allows an anonymous user to retrieve information such as user names and share this over the network, or connect without authentication. Null sessions are one of the most commonly used methods for network exploration employed by “hackers.” A null session connection allows you to connect to a remote machine without using a username or password. Instead, you are given anonymous or guest access. O Back to Top Octet An octet is a unit of digital information that consists of eight bits. Octets are generally displayed using a variety of representations, for example in the hexadecimal, decimal, or octal number systems. The binary value of all 8 bits set (or turned on) is 11111111, equal to the hexadecimal value ff, the decimal value 255, and the octal value 377. One octet can be used to represent decimal values ranging from 0 to 255. One way encryption One-way encryption or one-way hash function is designed in a manner that it is hard to reverse the process, that is, to find a string that hashes to a given value (hence the name one-way). A good hash function makes it hard to find two strings that would produce the same hash value. One way function A one-way function is any function that is easy to compute on every input, but hard to invert given the image of a random input. Open shortest path first ospf An open shortest path first (ospf) is a routing protocol for ip networks and uses a link-state routing algorithm. It falls into the group of interior routing protocols, operating within a single autonomous system (as). Ospf is the most commonly used interior gateway protocol (igp) in large enterprise networks. Osi layers The open system interconnection (osi) model defines a networking framework to implement protocols in seven layers. Control is passed from one layer to the next, starting at the application layer in one station, and proceeding to the bottom layer, over the channel to the next station and back up the hierarchy. The osi model takes the task of internetworking and divides that up into what is referred to as a vertical stack that consists of the following layers. 1. Physical (layer 1) – this layer conveys the bit stream, electrical impulse, light, or radio signal through the network at the electrical and mechanical level. Fast ethernet, rs232, and atm are protocols with physical layer components. 2. Data link (layer 2) – at this layer, data packets are encoded and decoded into bits. The data link layer is divided into two sub layers: the media access control (mac) layer and the logical link control (llc) layer. 3. Network (layer 3) – this layer provides switching and routing technologies, creating logical paths, known as virtual circuits, for transmitting data from node to node. 4. Transport (layer 4) – this layer provides transparent transfer of data between end systems, or hosts, and is responsible for end-to-end error recovery and flow control. It ensures complete data transfer. 5. Session (layer 5) – this layer establishes, manages and terminates connections between applications. 6. Presentation (layer 6) – this layer provides independence from differences in data representation (e.g., encryption) by translating from application to network format, and vice versa. 7. Application (layer 7) – this layer supports application and end-user processes. This layer provides application services for file transfers, e-mail, and other network software services. Telnet and ftp are applications that exist entirely at the application level. Osi Osi stands for open system interconnection and is an iso standard for worldwide communications. Osi defines a networking framework for implementing protocols in seven layers. Osi defines seven layers of functions that take place at each end of a communication. Although osi is not always strictly adhered to in terms of keeping related functions together in a well-defined layer, many products involved in telecommunication attempt to describe themselves in relation to the osi model. Overload Overload is defined as the limitation of system operation by excessive burden on the performance capabilities of a system component. P Back to Top Packet switched network psn A packet switched network (psn) is a computer communications network that groups and sends data in the form of small packets. It enables sending of data packets between a source and destination node over a channel that is shared between multiple users and/or applications. A packet switch is also known as a connectionless network, as it does not create a permanent connection between a source and destination node. Packet A packet is a unit of data that is routed between an origin and a destination on the internet or any other packet-switched network. When any file (such as e-mail message, html file, graphics interchange format file, uniform resource locator request) is sent from one place to another, the transmission control protocol (tcp) layer of tcp/ip divides the file into smaller chunks ideal for routing. Partitions Partitioning is the division of a computer hard disk or other secondary storage into one or more regions. Many computers have hard disk drives with only a single partition but others have multiple partitions so that an os can manage information in each region separately. Each partition then appears in the os as a distinct logical disk that uses part of the actual disk. Password authentication protocol pap Password authentication protocol (pap) is the most basic form of authentication in which a user’s name and password are transmitted over a network and compared to a table of name-password pairs. The basic authentication feature built into the http protocol uses pap. Password cracking Password cracking is the process of trying to guess or crack passwords to gain access to a computer system or network. Crackers generally use a variety of tools, scripts, or software to crack a system password. Password cracks work by comparing every encrypted dictionary word against the entries in the system password file until a match is found. Password sniffing Password sniffing is a technique used to gain knowledge of passwords that involves monitoring traffic on a network to pull out information. There are several softwares available for automatic password sniffing. Patch A patch is a piece of software designed and created to update a computer program or its supporting data, to fix or improve it. This includes fixing security vulnerabilities and other bugs, usually called bug fixes. Each patch is created to improve the usability and/or performance of the system or application. Patching Patching is the process of updating software to a different version. It is also referred to as updating the software to the latest version available and is key in removing bugs of the previous version. Payload A payload is the actual application data a packet contains. It is part of the transmitted data which is the fundamental purpose of the transmission. In summary, payload refers to the actual intended message in a transmission. Penetration testing Penetration testing is also called pen testing. It is the practice of testing a computer system, network or web application to find vulnerabilities that an attacker or attacker could exploit. Penetration Penetration is defined as gaining unauthorised logical access to sensitive data by evading a system’s protections. Permutation Permutation is a technique that keeps the same letters but changes the position within a text to scramble the message. Personal firewall Personal firewalls are those firewalls that are installed and run on individual computers. A personal firewall is an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy. Typically it works as an application layer firewall. Pharming Pharming is defined as a cyber attack that is intended to redirect a website’s traffic to a masquerading website, which may be a fake one. Pharming is achieved by corrupting a dns server on the internet and steering a url to the masked website’s ip. Generally all users use a url like www.worldbank.com instead of the real ip (192.86.99.140) of the website. The url can be redirected to send traffic to the ip of the pseudo website by substituting the pointers on a dns server. The transactions can be imitated and information like login credentials can be gathered at the pseudo site. Using the information gathered, the attacker can access the real site and conduct transactions using the credentials of a valid user. Phishing Phishing is an attempt to acquire sensitive information such as usernames, passwords, and credit card details by impersonating as a trustworthy entity. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Ping of death A ping of death is an attack that involves sending a distorted or otherwise malicious ping to a computer with the intent of overflowing the input buffers of the destination machine and causing it to crash. A ping of death is fragmented into groups of 8 octets before transmission. Ping scan A ping scan looks for machines that are responding to icmp echo requests. Ping sweep A ping sweep is a technique that is used to establish a range of ip addresses mapping to live hosts. Well-known tools with ping sweep capability include nmap for unix systems, and the pinger software from rhino9 for windows nt. There are many other tools with this capability, including: hping, simple nomad’s icmpenum, solarwinds ping sweep, and foundstone’s superscan. Pings can be detected by protocol loggers like ippl. Plaintext Plaintext is the most portable format and is supported by almost every application. In cryptography, plaintext refers to any message that is not encrypted. Point to point protocol ppp Point-to-point protocol (ppp) is a communication protocol between two computers that uses a serial interface, typically a personal computer connected by a phone line to a server. Ppp uses the internet protocol (ip) and is sometimes considered a member of the tcp/ip suite of protocols. Point to point tunneling protocol pptp The point-to-point tunneling protocol (pptp) is an approach used to implement virtual private networks (vpn). Pptp uses a control channel over tcp and a gre tunnel operating to encapsulate ppp packets. Poison reverse Poison reverse is a method where the gateway node communicates its neighbour gateways that one of the gateways is no longer connected. The notifying gateway sets the number of hops to the unconnected gateway to a number that indicates “infinite”. In effect, advertising the fact that their routes are not reachable. Polyinstantiation Polyinstantiation is the ability of a database to maintain multiple records with the same key. It is used to prevent inference attacks. It may also indicate, such as in the case of database polyinstantiation, that two different instances have the same name (identifier, primary key). Polymorphism Polymorphism is the process where malicious software changes its underlying code to avoid detection. A polymorphic type is one whose operations can also be applied to values of some other type, or types. Port scan A port scan is a sequence of messages sent by an attacker attempting to break into a computer. Port scanning provides the attacker an idea where to probe for weaknesses. A port scan consists of sending a message to each port, one at a time. Port A port is an end point of communication in an operating system. It is identified for each address and protocol by a 16-bit number, commonly known as the port number. Possession Possession is the holding, control, and ability to use information. Post office protocol version 3 pop3 Post office protocol, version 3 (pop3) is an internet standard protocol through which a client workstation can access a mailbox on a server host to retrieve mail messages that the server has received and is holding for the client. Practical extraction and reporting language perl Perl is a family of high-level, general-purpose, dynamic programming languages. These languages include perl 5 and perl 6. Perl was originally developed by Larry Wall in 1987 as a general-purpose unix scripting language. Preamble A preamble is a signal used in communications to synchronize the transmission timing between two or more systems. A preamble defines a specific series of transmission pulses that is understood by communicating systems. This ensures that systems receiving the information correctly interpret when the data transmission starts. The actual pulses used as a preamble vary depending on the network communication technology in use. Pretty good privacy pgp tm Pretty good privacy (pgp) tm is a trademark data encryption and decryption program. This program provides cryptographic privacy and authentication for data communication. It was created by phil zimmermann in 1991. Pgp is generally used for encrypting and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications. Private addressing Iana has set aside three address ranges for use by private or non-internet connected networks. This is referred to as private address space and is defined in rfc 1918. The reserved address blocks are: 10.0.0.0 to 10.255.255.255 (10/8 prefix) 172.16.0.0 to 172.31.255.255 (172.16/12 prefix) 192.168.0.0 to 192.168.255.255 (192.168/16 prefix). program infector A program infector is a piece of malware (or virus) that attaches itself to existing program files. Once the original infected program is run the virus transfers to the computer memory and may replicate itself further, spreading the infection. This type of virus can be spread beyond one’s system as soon as the infected file or program is passed to another computer. Program policy A program policy is a high-level policy that sets the overall tone of an organisation’s security approach. Promiscuous mode Promiscuous mode allows a network device to intercept and read each network packet that reaches in its entirety. This is used by network administrators to diagnose network problems, but also by unsavoury characters who are trying to eavesdrop on network traffic (which might contain passwords or other information). Proprietary information Proprietary information is that information unique to a company and its ability to compete, such as customer lists, technical data, product costs, and trade secrets. Protocol stacks osi Protocol stacks are a set of network protocol layers that work together. Protocol A protocol is a special set of rules that end points in a telecommunication connection when they communicate. Protocols specify interactions between the communicating entities. Protocols exist at several levels in a telecommunication connection. Proxy server A proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. A proxy server is associated with or part of a gateway server that separates the enterprise network from the outside network and a firewall server that protects the enterprise network from outside intrusion. Most proxies are web proxies, facilitating access to content on the world wide web and providing anonymity. Public key encryption Public key encryption is also known as asymmetric cryptography. Public key encryption is a cryptographic system that uses two keys, a public key known to everyone and a private or secret key known only to the recipient of the message. Public key forward secrecy pfs Public-key forward secrecy (pfs) is a key agreement protocol based on asymmetric cryptography. It ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the private keys is compromised in the future. Public key infrastructure pki A public key infrastructure (pki) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption. It enables users of an unsecured network to securely exchange data and money through the use of a public and a private cryptographic key pair that is obtained through a trusted authority. The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates. Public key A public key is the publicly-disclosed component of a pair of cryptographic keys used for asymmetric cryptography. Q Back to Top Qaz A qaz is a network worm. R Back to Top Race condition Race condition is also known as race hazard. Race condition is the behavior of an electronic, software, or other system where the output is dependent on the sequence or timing of other uncontrollable events. This becomes a bug when events don’t happen in the order the programmer planned. Race conditions can occur in electronics systems, especially logic circuits, and in computer software, especially multithreaded or distributed programs. Radiation monitoring Radiation monitoring is the process of receiving images, data, or audio from an unprotected source by snooping to radiation signals. Reconnaissance Reconnaissance is the phase of an attack where an attacker is able to locate new systems, maps out several networks, and probes for specific vulnerabilities in the system or network. It is used to obtain information by either visual observation or other detection methods about the activities and resources of an attacker. Reflexive acls cisco Reflexive access lists are an important part of securing the network against network hackers and is generally included in a firewall defence. Reflexive access lists provide a level of security against spoofing and denial-of-service attacks. Reflexive acls for Cisco routers are a step towards making the router act like a stately firewall. The router makes filtering decisions based on whether connections are a part of established traffic or not. Registry Registry is a system-defined database where applications and system components store and retrieve configuration data. Applications use the registry api to retrieve, modify, or delete registry data. Regression analysis The use of scripted tests which are used to test software for all possible input is expected. Typically developers will create a set of regression tests that are executed before a new version of a software is released. Request for comment rfc A request for comments (rfc) is a type of publication from the internet engineering task force (ietf) and the internet society. An rfc is authored by engineers and computer scientists in the form of a memorandum describing methods, behaviors, research, or innovations applicable to the working of the internet and internet-connected systems. Rfc started in 1969, when the internet was the arpanet. Resource exhaustion Resource exhaustion is a kind of attack where the attacker or hacker ties up finite resources on a system, making them unavailable to others. Response A response is information that is sent in response to some stimulus. Reverse address resolution protocol rarp Reverse address resolution protocol (rarp) is a protocol where a physical machine in a local area network (lan) can request to learn its ip address from a gateway server’s address resolution protocol (arp) table or cache. When a new machine is set up, its rarp client program requests from the rarp server on the router to be sent its ip address. Reverse engineering Reverse engineering is also known as the “back engineering” and is the process of extracting design information or any kind of sensitive information by disassembling and analyzing the design of a system component. Reverse lookup The reverse lookup is used to locate the hostname that corresponds to a particular ip address. Reverse lookup uses an ip (internet protocol) address to find a domain name. Reverse proxy A reverse proxy is a device or service that is placed between a client and a server in a network. All the incoming http requests are handled by the proxy (back-end web servers), so the proxy can then send the content to the end-user. Risk assessment Risk assessment is a systematic process to analyze and identify any possible threats or risks that may leave sensitive information vulnerable to attacks. It also employs methods to calculate the risk impact and eliminate such threats. Risk averse Risk averse means avoiding risks even if this leads to the loss of opportunity. An example is using a (more expensive) phone call vs. Sending an email in order to avoid risks associated with email may be considered “risk averse”. Risk Risk is the probability of a system or network attack. Risk is the potential of losing valuable and sensitive information. Rivest shamir adleman rsa Rivest-shamir-adleman (rsa) is one of the first practical public-key cryptosystems and is widely used for secure data transmission. Rsa is an algorithm for asymmetric cryptography, invented in 1977 by ron rivest, adi shamir, and leonard adleman. This is based on the practical difficulty of factoring the product of two large prime numbers, the factoring problem. Role based access control Role based access control (rbac) assigns users to roles based on their organizational functions and determines authorization based on those roles. It is used by enterprises with more than 500 employees, and can implement mandatory access control (mac) or discretionary access control (dac). Root Root is the user name or account that by default has access to all commands and files on a linux or other unix-like operating system. It is also referred to as the root account, root user and the super user. Rootkit A rootkit is a type of malicious software that is activated each time the system boots up. Rootkits are difficult to detect as they are activated before your system’s operating system has completely booted up. Router A router is a device that forwards or transfers data packets across networks. A router is connected to at least two networks, commonly two lans or wans or a lan and its isp’s network. Routers are located at gateways, the places where two or more networks connect. Routing information protocol rip The routing information protocol (rip) defines a manner for routers to share information on how to route traffic among various networks. Rip is classified by the internet engineering task force (ietf) as an interior gateway protocol (igp), one of several protocols for routers moving traffic around within a larger autonomous system network. Routing loop A routing loop is where two or more poorly configured routers repeatedly exchange the same data packet over and over. In case of distance vector protocols, the fact that these protocols route by rumor and have a slow convergence time can cause routing loops. Rpc scans Rpc scans determine which rpc services are running on a machine. Rule set based access control rsbac Rule set based access control (rsbac) targets actions based on rules for entities operating on objects. Rsbac is an open source access control framework for current linux kernels, which has been in stable production use since january 2000. S Back to Top Scoping guidance Scoping guidance is a part of tailoring guidance providing organizations with specific policy/regulatory-related, technology-related, system component allocation-related, operational/environmental-related, physical infrastructure-related, public access-related, scalability-related, common control-related, and security objective-related considerations on the applicability and implementation of individual security controls in the security control baseline. Scoping guidance is also specific factors related to technology, infrastructure, public access, scalability, common security controls, and risk that can be considered by organizations in the applicability and implementation of individual security controls in the security control baseline. Safeguarding statement A safeguarding statement is a statement affixed to a computer output or printout that states the highest classification being processed at the time the product was produced and requires control of the product, at that level, until determination of the true classification by an authorized individual. Synonymous with banners. Safeguards Safeguards are protective measures prescribed to meet the security requirements (i.e., confidentiality, integrity, and availability) specified for an information system. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices. Synonymous with security controls and countermeasures. Safety Safety is defined as the requirement to ensure that the individuals involved with an organization, including employees, customers, and visitors, are safeguarded from any kind of malicious act or attack. Salt Salt is a non-secret value that is used in a cryptographic process, usually to ensure that the results of computations for one instance cannot be reused by an attacker. Sandboxing Sandboxing is a method of isolating application modules into distinct fault domains enforced by software. Sandboxing is a technique which allows untrusted programs written in an unsafe language, such as c, to be executed safely within the single virtual address space of an application. Untrusted machine interpretable code modules are transformed so that all memory accesses are confined to code and data segments within their fault domain. Access to system resources can also be controlled through a unique identifier associated with each domain. A restricted, controlled execution environment that prevents potentially malicious software, such as mobile code, from accessing any system resources except those for which the software is authorized. Sanitization Sanitization is the process to remove information from media such that information recovery is not possible. It includes removing all labels, markings, and activity logs. A general term referring to the actions taken to render data written on media unrecoverable by both ordinary and, for some forms of sanitization, extraordinary means. S box A s-box is a nonlinear substitution table used in several byte substitution transformations and in the key expansion routine to perform a one-for-one substitution of a byte value. Scanning Scanning is sending packets or requests to another system to gain information to be used in a subsequent attack. Scatternet Scatternet is a chain of piconets created by allowing one or more bluetooth devices to each be a slave in one piconet and act as the master for another piconet simultaneously. A scatternet allows several devices to be networked over an extended distance. Scavenging Scavenging is the process of searching through data residue in a system or a network to gain unauthorised knowledge of sensitive information. Secret key symmetric cryptographic algorithm Secret key (symmetric) cryptographic algorithm is a cryptographic algorithm that uses a single secret key for both encryption and decryption. A cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption and decryption. Secret key A secret key is a cryptographic key that is used with a secret-key (symmetric) cryptographic algorithm that is uniquely associated with one or more entities and is not made public. The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure. A secret key is also a cryptographic key that is used with a symmetric cryptographic algorithm that is uniquely associated with one or more entities and is not made public. The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure. A secret key is also a cryptographic key that must be protected from unauthorized disclosure to protect data encrypted with the key. The use of the term “secret” in this context does not imply a classification level; rather, the term implies the need to protect the key from disclosure or substitution. A secret key is also a cryptographic key that is uniquely associated with one or more entities. The use of the term “secret” in this context does not imply a classification level, but rather implies the need to protect the key from disclosure or substitution. Secret key – a cryptographic key, used with a secret key cryptographic algorithm, that is uniquely associated with one or more entities and should not be made public. Secret seed A secret seed is a secret value used to initialize a pseudorandom number generator. Secure communication protocol Secure communication protocol is a communication protocol that provides the appropriate confidentiality, authentication, and content-integrity protection. Secure communications Secure communications are telecommunications deriving security through use of nsa-approved products and/or protected distribution systems. Configuring and operating dns servers so that the security goals of data integrity and source authentication are achieved and maintained. Secure electronic transactions set A secure electronic transaction (set) is a communications protocol standard for securing credit card transactions over insecure networks. Set ensures that all parties (customers, merchant, and bank) are authenticated using digital signatures, encryption protects the message and provides integrity, and provides end-to-end security for credit card transactions online. Secure erase Secure erase is an overwrite technology using a firmware-based process to overwrite a hard drive. Is a drive command defined in the ansi ata and scsi disk drive interface specifications, which runs inside drive hardware. It completes in about 1/8 the time of 5220 block erasure. Secure hash algorithm sha Secure hash algorithm (sha) is a hash algorithm with the property that is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest. Secure hash standard The secure hash standard specifies secure hash algorithms -sha-1, sha-224, sha-256, sha-384, sha-512, sha-512/224 and sha-512/256 -for computing a condensed representation of electronic data (message). When a message of any length less than 2 64 bits (for sha-1, sha224 and sha-256) or less than 2 128 bits (for sha-384, sha-512, sha-512/224 and sha-512/256) is input to a hash algorithm, the result is an output called a message digest. The message digests range in length from 160 to 512 bits, depending on the algorithm. Secure hash algorithms are typically used with other cryptographic algorithms, such as digital signature algorithms and keyed-hash message authentication codes, or in the generation of random numbers (bits). The hash algorithms specified in this standard are called secure because, for a given algorithm, it is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest. Any change to a message will, with a very high probability, result in a different message digest. This will result in a verification failure when the secure hash algorithm is used with a digital signature algorithm or a keyed-hash message authentication algorithm. In addition, a secure hash standard is a specification for a secure hash algorithm that can generate a condensed message representation called a message digest. Secure shell ssh A secure shell (ssh) is also known as a secure socket shell. Ssh is a unix-based command interface and protocol used to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. Secure sockets layer ssl A secure sockets layer (ssl) is the standard security technology for establishing an encrypted link between a web server and a browser. Ssl was developed by netscape for transmitting private documents via the internet. Secure state Secure state is a condition in which no subject can access any object in an unauthorized manner. Secure subsystem A secure subsystem is a subsystem containing its own implementation of the reference monitor concept for those resources it controls. Secure subsystem must depend on other controls and the base operating system for the control of subjects and the more primitive system objects Security assertion markup language saml Security assertion markup language (saml) is an xml-based security specification developed by the organization for the advancement of structured information standards (oasis) for exchanging authentication (and authorization) information between trusted entities over the internet. A framework for exchanging authentication and authorization information. Security typically involves checking the credentials presented by a party for authentication and authorization. Saml standardizes the representation of these credentials in an xml format called “assertions,” enhancing the interoperability between disparate applications. A protocol consisting of xml-based request and response message formats for exchanging security information, expressed in the form of assertions about subjects, between online business partners. Security association A security association is a relationship established between two or more entities to enable them to protect data they exchange. Security attribute A security attribute is a security-related quality of an object. Security attributes may be represented as hierarchical levels, bits in a bit map, or numbers. Compartments, caveats, and release markings are examples of security attributes. A security attribute is also an abstraction representing the basic properties or characteristics of an entity with respect to safeguarding information; typically associated with internal data structures (e.g., records, buffers, files) within the information system which are used to enable the implementation of access control and flow control policies; reflect special dissemination, handling, or distribution instructions; or support other aspects of the information security policy. Security authorization boundary A security authorization boundary is an information security area that includes a grouping of tools, technologies, and data. Security banner A security banner is a banner at the top or bottom of a computer screen that states the overall classification of the system in large, bold type. A security banner can also refer to the opening screen that informs users of the security implications of accessing a computer resource. Security categorization Security categorization is the process of determining the security category for information or an information system. The process of determining the security category for information or an information system. Security categorization methodologies are described in cnss instruction 1253 for national security systems and in fips 199 for other than national security systems. Security category Security category is the characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, or individuals. It is also the characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, individuals, other organizations, and the nation. Security concept operations Security concept of operations is a security-focused description of an information system, its operational policies, classes of users, interactions between the system and its users, and the system’s contribution to the operational mission. Security content automation protocol scap Security content automation protocol (scap) is a method for using specific standardized testing methods to enable automated vulnerability management, measurement, and policy compliance evaluation against a standardized set of security requirements. Security control assessment Security control assessment is the testing and/or evaluation of the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. Security control assessment is the testing and/or evaluation of the management, operational, and technical security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system and/or enterprise. Security control assessor A security control assessor is the individual, group, or organization responsible for conducting a security control assessment. Security control baseline A security control baseline is the set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system. One of the sets of minimum security controls defined for federal information systems in nist special publication 800-53 and cnss instruction 1253. Security control effectiveness Security control effectiveness is the measure of correctness of implementation (i.e., how consistently the control implementation complies with the security plan) and how well the security plan meets organizational needs in accordance with current risk tolerance. Security control enhancements Security control enhancements are statements of security capability to 1) build in additional, but related, functionality to a basic control; and/or 2) increase the strength of a basic control. Statements of security capability to: (i) build in additional, but related, functionality to a security control; and/or (ii) increase the strength of the control. Security control inheritance Security control inheritance is a situation in which an information system or application receives protection from security controls (or portions of security controls) that are developed, implemented, assessed, authorized, and monitored by entities other than those responsible for the system or application; entities either internal or external to the organization where the system or application resides. See common control. Security controls baseline Security controls baseline is the set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system. Security controls Security controls are the management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information. Security domain A security domain is a set of subjects, their information objects, and a common security policy; it is also a collection of entities to which applies a single security policy executed by a single authority. A domain that implements a security policy and is administered by a single authority. Security engineering Security engineering is an interdisciplinary approach and means to enable the realization of secure systems. It focuses on defining customer needs, security protection requirements, and required functionality early in the systems development life cycle, documenting requirements, and then proceeding with design, synthesis, and system validation while considering the complete problem. Security fault analysis sfa Security fault analysis is an assessment, usually performed on information system hardware, to determine the security properties of a device when hardware fault is encountered. Security features user's guide (sfug) a security features users guide is a guide or manual explaining how the security mechanisms in a specific system work. Security filter Security filter is a secure subsystem of an information system that enforces security policy on the data passing through it. Security functions Security functions are the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security goals Security goals are the five security goals are confidentiality, availability, integrity, accountability, and assurance. Security impact analysis Security impact analysis is the analysis conducted by an organizational official to determine the extent to which changes to the information system have affected the security state of the system. Security information event management siem tool Security information and event management (siem) tool is an application that provides the ability to gather security data from information system components and present that data as actionable information via a single interface. Security inspection A security inspection is the examination of an information system to determine compliance with security policy, procedures, and practices. Security kernel A security kernel is the hardware, firmware, and software elements of a trusted computing base implementing the reference monitor concept. A security kernel must mediate all accesses, be protected from modification, and be verifiable as correct. Security label A security label is a marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource. Information that represents or designates the value of one or more security relevant-attributes (e.g., classification) of a system resource. Security level A security level is a hierarchical indicator of the degree of sensitivity to a certain threat. It implies, according to the security policy being enforced, a specific level of protection. Security management dashboard A security management dashboard is a tool that consolidates and communicates information relevant to the organizational security posture in near real-time to security management stakeholders. Security marking – human-readable information affixed to information system components, removable media, or output indicating the distribution limitations, handling caveats, and applicable security markings Security markings Security markings are human-readable indicators applied to a document, storage media, or hardware component to designate security classification, categorization, and/or handling restrictions applicable to the information contained therein. For intelligence information, security markings could include compartment and sub-compartment indicators and handling restrictions. Security mechanism A security mechanism is a device designed to provide one or more security services usually rated in terms of strength of service and assurance of the design. Security net control station A security net control system is a management system overseeing and controlling implementation of network security policy. Security objective A security objective pertains to confidentiality, integrity, or availability. Security perimeter A security perimeter is a physical or logical boundary that is defined for a system, domain, or enclave, within which a specified security policy or security architecture is applied. Security plan A security plan is a formal document that provides an overview of the security requirements for an information system or an information security program and describes the security controls in place or planned for meeting those requirements. Security policy Security policy is a set of rules and practices that specify how a system or organization delivers security services to protect sensitive and critical information. Security posture The security status of an enterprise’s networks, information, and systems based on resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes. Security program plan A security management plan is a formal document that provides an overview of the security requirements for an organization-wide information security program and describes the program management security controls and common security controls in place or planned for meeting those requirements. Security range A security range is the highest and lowest security levels that are permitted in or on an information system, system component, subsystem, or network. Security relevant change A security relevant change is any change to a system’s configuration, environment, information content, functionality, or users which has the potential to change the risk imposed upon its continued operations. Security relevant event A security relevant event is an occurrence (e.g., an auditable event or flag) considered to have potential security implications to the system or its environment that may require further action (noting, investigating, or reacting). Security relevant information Security relevant information is any information within the information system that can potentially impact the operation of security functions in a manner that could result in failure to enforce the system security policy or maintain isolation of code and data. Security requirements baseline Security requirements baseline is the description of the minimum requirements necessary for an information system to maintain an acceptable level of risk. Security requirements traceability matrix srtm A security requirements traceability matrix (srtm) is a matrix that captures all security requirements linked to potential risks and addresses all applicable c&a requirements. It is, therefore, a correlation statement of a system’s security features and compliance methods for each security requirement. Security requirements Security requirements are requirements levied on an information system that are derived from applicable laws, executive orders, directives, policies, standards, instructions, regulations, or procedures, or organizational mission/business case needs to ensure the confidentiality, integrity, and availability of the information being processed, stored, or transmitted. Security safeguards Security safeguards are protective measures and controls prescribed to meet the security requirements specified for an information system. Safeguards may include security features, management constraints, personnel security, and security of physical structures, areas, and devices Security service A security service is a capability that supports one, or many, of the security goals. Examples of security services are key management, access control, and authentication. A capability that supports one, or more, of the security requirements (confidentiality, integrity, availability). Examples of security services are key management, access control, and authentication. Security specification Security specification is the detailed description of the safeguards required to protect an information system. Security strength Security strength is a measure of the computational complexity associated with recovering certain secret and/or security-critical information concerning a given cryptographic algorithm from known data (e.g. Plaintext/ciphertext pairs for a given encryption algorithm). It is also a number associated with the amount of work (that is, the number of operations) that is required to break a cryptographic algorithm or system. Sometimes referred to as a security level. Security tag A security tag is an information unit containing a representation of certain security related information (e.g., a restrictive attribute bitmap). Security target A security target is a common criteria specification that represents a set of security requirements to be used as the basis of an evaluation of an identified target of evaluation (toe). Security test evaluation ste A security test and evaluation is an examination and analysis of the safeguards required to protect an information system, as they have been applied in an operational environment, to determine the security posture of that system. Security testing Security testing is the process to determine that an information system protects data and maintains functionality as intended. Security Security is a condition that results from the establishment and maintenance of protective measures that enable an enterprise to perform its mission or critical functions despite risks posed by threats to its use of information systems. Protective measures may involve a combination of deterrence, avoidance, prevention, detection, recovery, and correction that should form part of the enterprise’s risk management approach. Seed key A seed key is an initial key used to start an updating or key generation process Segment A segment is another name for tcp packets. Dividing an ethernet into multiple segments is one of the most common ways of increasing available bandwidth on the lan. Sensitive information Sensitive information is data that must be protected from unauthorised access to safeguard the privacy or security of an individual, organisation, or nation. Information sensitivity is the control of access to information or knowledge that might result in loss of an advantage or level of security, if disclosed to others. Separation of duties Separation of duties (sod) is also known as “segregation of duties”. It is based on the principle of splitting privileges among multiple individuals or systems. Server A server is a computer entity or a machine that waits for requests from other machines or software (clients) and responds to them. The purpose of a server is to share data or hardware and software resources among clients. Session hijacking Session hijacking is also known as cookie hijacking. It is an exploitation of a valid computer session, sometimes also called a session key, to gain unauthorised access to sensitive information or services in a computer system or network. Session key A session key is a key that is temporary or is used for a relatively short period of time. It is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers. These keys are sometimes called symmetric keys, because the same key is used for both encryption and decryption. Session A session is a virtual connection between two hosts by which network traffic is passed. It is a way to store information (in variables) to be used across multiple pages. Sha1 Secure hash algorithm 1 (sha-1) is a cryptographic hash function designed by the united states national security agency and is a u.s. federal information processing standard published by the united states nist. Shadow password files Shadow password files are system files where encrypted user passwords are stored so that they aren’t available to people who try to break into the system. Share A share is any resource that has been made public on a system or network, such as a directory (file share) or printer (printer share). Shell Shell is a unix term for the interactive user interface with an operating system. The shell is the layer of programming that recognises and executes the commands that a user enters. In some systems, the shell is called a command interpreter. Signals analysis Signals analysis is a process of gaining indirect knowledge of communicated data by monitoring and analysing a signal that is emitted by a system and that contains the data, but is not intended to communicate the data. Signature A signature is a distinct pattern in network traffic that can be identified by a specific tool. Simple integrity property In simple integrity property, a user cannot write data to a higher integrity level than their own. Simple network management protocol snmp Simple network management protocol (snmp) is an internet-standard protocol for managing devices on ip networks. Devices that typically support snmp include routers, switches, servers, workstations, printers, modem racks and more. Snmp is widely used in network management systems to monitor network-attached devices for conditions that warrant administrative attention. Simple security property In simple security property, a user cannot read data of a higher classification than their own. Skey An s/key is a one-time password mechanism developed for authentication to unix-like operating systems, particularly from dumb terminals or untrusted public computers. This mechanism uses a cryptographic hash function to generate a sequence of 64-bit, one-time passwords for remote user login. Since each password is only used once, the user is protected from password sniffers. Smartcard A smart card is an electronic badge that includes a magnetic strip or chip that can record and replay a set key. The card connects to a reader with direct physical contact or with a remote contactless radio frequency interface. S/mime An s/mime is a set of specifications for securing electronic mail. Secure/ multipurpose internet mail extensions (s/mime) is based upon the widely used mime standard and describes a protocol for adding cryptographic security services through mime encapsulation of digitally signed and encrypted objects. The basic security services offered by s/mime are authentication, non-repudiation of origin, message integrity, and message privacy. Optional security services include signed receipts, security labels, secure mailing lists, and an extended method of identifying the signer’s certificate(s). Smurf attack A smurf attack is a distributed denial-of-service attack in which large numbers of internet control message protocol (icmp) packets with the intended victim’s spoofed source ip are broadcast to a computer network using an ip broadcast address. Most devices on a network respond to this by sending a reply to the source ip address. This can slow down the victim’s computer to the point where it becomes impossible to work on. Sniffer A sniffer is a tool that monitors network traffic that is received in a network interface. Sniffing Sniffing is also known as passive wiretapping. Packet sniffing allows individuals to capture data as it is transmitted over a network. Packet sniffer programs are used by network professionals to diagnose network issues and by malicious users to capture unencrypted data like passwords and usernames in network traffic. Once this information is captured, the user can then gain access to the system or network. Social engineering Social engineering is a non-technical technique that intrusion hackers commonly use. This approach relies on human interaction and often involves tricking people into breaking normal security procedures. Socket pair A socket pair is a way to uniquely specify a connection, i.e., source ip address, source port, destination ip address, destination port. Socket A socket is an endpoint for communication between two systems. The socket tells a host’s ip stack where to plug in a data stream so that it connects to the right application. Socks Socket secure (socks) is an internet protocol that routes network or data packets between a client and server through a proxy server. Socks ensures proper authentication of users and allows authorised users only to access a server. Socks uses sockets to represent and keep track of individual connections. The client side of socks is built into certain web browsers and the server side can be added to a proxy server. Software Software is any computer instructions, data, or programs that can be stored electronically and executed by computer hardware. While running any software, associated data that is stored in the hardware may be dynamically written or modified. Source port A source port is a port that a host uses to connect to a server. It is usually a number greater than or equal to 1024. It is randomly generated and is different each time a connection is established. Spam Spam is the term used for flooding the internet with many copies of the same message, in an attempt to force the message on individuals who would not otherwise choose to receive it. Most spam mails or messages are commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services. Spanning port A spanning port is used to configure the switch to behave like a hub for a specific port. Split horizon A split horizon is an algorithm used to prevent routing loops in distance-vector routing protocols by prohibiting a router from advertising a route back onto the interface from which it was learned. Split key A split key is a cryptographic key that is divided into two or more separate data items that individually convey no knowledge of the whole key or information that results from combining the items. Spoof A spoof is an attack attempt by an unauthorized entity or attacker to gain illegitimate access to a system by posing as an authorized user. Sql injection Sql injection is a code injection technique that is used to attack data-driven applications, in which malicious or manipulative sql statements are inserted into an entry field for execution. Stack smashing Stack smashing is used to cause a stack in a computer application or operating system to overflow. This makes it possible to weaken the program or system or cause it to crash. The stack is also called a pushdown stack or first-in last-out circuit. It is a form of buffer that holds the intermediate results of an operation or data that is awaiting processing. Standard acls cisco Standard access control lists (acls) are essentially a set of commands, grouped together by a number or name that is used to filter traffic entering or leaving an interface. Acls make packet filtering decisions based on source ip address only. Star network Star networks are one of the most common computer network topologies. A star network consists of one central switch, hub or computer, which acts as a conduit to transmit messages. This consists of a central node, to which all other nodes are connected. The central node provides a common connection point for all nodes through a hub. Star property A star property is a user who is unable to write data to a lower classification level without logging in at that lower classification level when using star property. State machine A state machine is any device that stores the status of something at a given time and can operate on input to change the status and cause an action to take place for any given change. A computer is basically a state machine and each machine instruction is input that changes one or more states and may cause other actions to take place. Each computer’s data register stores a state. The read-only memory from which a boot program is loaded stores a state. Stateful inspection Stateful inspection is also known as dynamic packet filtering. It is a firewall technology that monitors the state of active connections and uses this information to determine which network packets to allow through the firewall. Static host tables Static host tables are text files that contain hostname and address mapping. Static routing Static routing is a form of routing that occurs when a router uses a manually-configured routing entry, rather than information from a dynamic routing traffic. Static routing can also be used in stub networks, or to provide a gateway of last resort. Stealthing Stealthing is a term that refers to approaches used by malicious code to conceal its presence on the infected system. Steganalysis Steganalysis is the study of detecting and defeating the use of steganography. This is analogous to cryptanalysis applied to cryptography. Steganography Steganography is a technique used to hide the existence of a message, files, or any other information. The first recorded use of the term was in 1499 by Johannes Trithemius in his steganographia. This is different from cryptography, which hides the meaning of a message but does not hide the message itself. An example of a steganographic method is the invisible ink. Stimulus Stimulus is network traffic that initiates a connection or solicits a response. Store and forward Store-and-forward is a telecommunications technique in which information is sent to an intermediate station where it is kept and sent at a later time to the final destination or to another intermediate station. Straight through cable A straight-through cable is a type of twisted pair cable that is used in local area networks to connect a computer to a network hub such as a router. This type of cable is also sometimes called a patch cable and is an alternative to wireless connections where one or more computers access a router through a wireless signal. Stream cipher A stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream. In a stream cipher, each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, to give a digit of the ciphertext stream. Strong star property In strong star property, a user cannot write data to higher or lower classifications levels than their own. Sub network A sub network is a separately identifiable part of a larger network that typically represents a certain limited number of host computers, the hosts in a building or geographic area, or the hosts on an individual local area network. Subnet mask A subnet mask is used to determine the number of bits that are used for the subnet and host portions of the address. It is used as a screen of numbers used for routing traffic within a subnet. Once a packet has arrived at a gateway or connection point with its unique network number, it can be routed to its destination within the internal gateways using the subnet number. Switch A switch is also called switching hub, bridging hub, officially mac bridge. It is a computer networking device that connects devices together on a computer network by using packet switching to receive, process and forward data to the destination device. Switched network A stitched network is a fully switched network is a computer network that uses only network switches rather than network hubs on ethernet local area networks. The switches allow for a dedicated connection to each workstation. A switch allows for many conversations to occur simultaneously. Symbolic links Symbolic links are sometimes also known as symlinks. Symbolic links are essentially advanced shortcuts that point to another file. Symmetric cryptography Symmetric cryptography is a branch of cryptography involving algorithms that use symmetrical keys for two different steps of the algorithm. Symmetric cryptography is called secret-key cryptography because the entities that share the key. Symmetric key A symmetric key is a cryptographic key that is used in a symmetric cryptographic algorithm. Syn flood A syn flood is a type of denial-of-service attack in which an attacker sends a succession of syn requests to a target’s system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic. Synchronization Synchronization is the signal made up of a distinctive pattern of bits that network hardware looks for to signal that start of a frame. Synchronization refers to one of two distinct but related concepts: synchronization of processes, and synchronization of data. Syslog A syslog is a widely used standard for message logging facility in unix systems. It permits separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. System security officer sso A system security officer (sso) is an individual responsible for enforcement or administration of the security policy that applies to the system. system specific policy A system-specific policy is a policy written for a specific system or device and may change with changes in the system or device, its functionality, or its vulnerabilities. T Back to Top T1 t3 A t1, t3 is a digital circuit using tdm (time-division multiplexing). Tamper Tamper is defined as deliberately trying to change or alter a system’s logic, data, or control information to cause the system to perform unauthorized functions or services. Tcp fingerprinting Tcp/ip stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters may be used to infer the remote machine’s operating system (os), or incorporated into a device fingerprint. Tcp full open scan A tcp full open scan checks each and every port after performing a full three-way handshake on each port to determine if it was open. Tcp half open scan A tcp half open scan determines if a port is open by performing the first half of a three-way handshake. It is also referred to as the syn scanning. In syn scanning, the hostile client or attacker attempts to set up a tcp/ip connection with a server at every possible port. This is done by sending a syn (synchronization) packet, as if to initiate a three-way handshake, to every port on the server. Tcp wrapper A tcp wrapper is a software package that is used to restrict access to certain network services based on the source of the connection. In other words, it is a host-based networking acl system, used to filter network access to internet protocol servers on (unix-like) operating systems such as gnu/linux or bsd. Tcpdump A tcpdump is a freeware protocol analyzer for unix systems that can monitor network traffic on a wire. It allows the user to display tcp/ip and other packets being transmitted or received over a network. Tcpdump works on most unix-like operating systems: linux, solaris, bsd, os x, hp-ux, android and aix among others. It was originally written in 1987 by van jacobson, craig leres and steven mccanne who were working in the lawrence berkeley laboratory network research group. Tcp ip Tcp/ip stands for transmission control protocol/internet protocol. It is a basic communication language or protocol of the internet and can be used as a communications protocol in a private network as well (either an intranet or an extranet). Telnet Telnet is a tcp-based, application-layer, internet standard protocol and an essential tcp/ip protocol for accessing remote computers. Through telnet, an administrator or another user can access someone else’s computer remotely. Threat agent Threat assessment Threat assessment is a structured process used to identify and evaluate various risks or threats that an organization might be exposed to. Threat model A threat model is a process that is used to optimize network security by identifying the key objectives and vulnerabilities, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system or network. Threat vector A threat vector is a methodology that a threat uses to get to the target. Threat A threat is a possible danger that might exploit a vulnerability to violate security protocols and thus, cause possible harm. A threat can be either deliberate (example, an individual cracker or a criminal organization) or accidental (example, the possibility of a computer malfunctioning, or the possibility of a natural disaster such as an earthquake, a fire, or a tornado) or otherwise a circumstance, capability, action, or event. Time to live Time to live (ttl) or the hop limit is a mechanism that limits the lifespan of data in a computer or network. Ttl is generally implemented as a counter or time stamp attached to or embedded in the data. Ttl value in an ip data packet tells a network router whether or not the packet has been in the network too long and should be discarded. Tiny fragment attack A tiny fragment attack is ip fragmentation that is the process of breaking up a single internet protocol (ip) datagram into multiple packets of smaller size. Every network link has a characteristic size of messages that may be transmitted, called the maximum transmission unit (mtu). If the data packet size is made small enough to force some of a tcp packet’s tcp header fields into the second data fragment, filter rules that specify patterns for those fields will not match. If the filtering implementation does not enforce a minimum fragment size, a disallowed packet might be passed because it didn’t hit a match in the filter. Std 5, rfc 791 states that, “every internet module must be able to forward a datagram of 68 octets without further fragmentation.” This is because an internet header may be up to 60 octets, and the minimum fragment is 8 octets. Ip fragmentation exploits (attacks) use the fragmentation protocol within ip as an attack vector. Token based access control Token-based access control is an authentication method that offers additional security. Using this method, each user has a smart card or token that either displays a constantly changing password, passkey, or buttons that calculate a new password based on a challenge phrase. Without this card or token, it is impossible to authenticate yourself to the system. This two-factor authentication provides additional security by requiring an attacker to both guess the user’s password and steal the smart card or token that is used to access the system. Token based devices A token-based device or a security token is known by several names such as, hardware token, authentication token, usb token, cryptographic token, software token, virtual token, or key fob. A security token may be a physical device that an authorized user is given to access a system or network. Security tokens are used to prove one’s identity electronically and are used in addition to or in place of a password to prove that the customer is who they claim to be. The token acts like an electronic key to access something. Token ring A token ring network is a local area network in which all computers are connected in a ring or star topology and a binary digit or token-passing scheme is used in order to prevent the collision of data between two computers that want to send messages at the same time. It uses a special three-byte frame called a “token” that travels around a logical “ring” of workstations or servers. Topology Topology is the geometric arrangement of a computer system. Common topologies include a bus, star, and ring. Two networks have the same topology if the connection configuration is the same, although the networks may differ in physical interconnections, distances between nodes, transmission rates, and/or signal types. Traceroute tracert exe Traceroute is a tool that maps the route a packet takes from the local machine to a remote destination. The history of the route is recorded as the round-trip times of the packets received from each successive host (remote node) in the route (path). The sum of the mean times in each hop indicates the total time spent to establish the connection. Transmission control protocol tcp Transmission control protocol (tcp) is a set of rules or protocol that is used along with the internet protocol to send data in the form of message units between computers over the internet. Whereas the ip protocol deals only with packets, tcp enables two hosts to establish a connection and exchange streams of data. Tcp takes care of keeping track of the individual units of data called packets. Tcp guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent. It originated in the initial network implementation in which it complemented the internet protocol (ip). Therefore, the entire suite is commonly referred to as tcp/ip. Transport layer security tls Transport layer security (tls) is a protocol that ensures privacy between communicating applications and the users on the internet. When a server and client communicate, tls ensures that no third party may overhear or tamper with any message. Tls is the successor to the secure sockets layer (ssl). Triple des Triple des (3des) is the common name for the triple data encryption algorithm (tdea or triple dea) symmetric-key block cipher, which applies the data encryption standard (des) cipher algorithm three times to each data block. It transforms each 64-bit plaintext block by applying the des three successive times, using either two or three different keys, for an effective key length of 112 or 168 bits. Triple wrapped Triple wrapped describes any data that has been signed with a digital signature, encrypted, and then signed again is called triple-wrapped. Trojan horse A trojan horse is a computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorization of a system entity that invokes the program. Trunking Trunking is a method for a system to provide network access to many clients by sharing a set of lines or frequencies instead of providing them individually. This is analogous to the structure of a tree with one trunk and many branches. Trust Trust determines which permissions and what actions other systems or users can perform on remote machines. Trusted certificate A trusted certificate is any digital certificate that a certificate user accepts as being valid without testing the certificate to validate it as the final certificate on a certification path; especially a certificate that is used as a trust anchor certificate. Trusted ports Trusted ports are ports below number 1024 usually allowed to be opened by the root user. Tunnel A tunnel is a communication channel that is created in a computer network by encapsulating a communication protocol’s data packets in a second protocol that normally would be carried above, or at the same layer as, the first one. Most often, a tunnel is a logical point-to-point link created by encapsulating the layer 2 protocol in a transport protocol (such as tcp), in a network or inter-network layer protocol (such as ip), or in another link layer protocol. Tunneling can move data between computers that use a protocol not supported by the network connecting them. U Back to Top Udp scan A udp scan performs scans to determine which udp ports are open or vulnerable. Udp is a connectionless protocol so there is no equivalent to a tcp syn packet. However, if a udp packet is sent to a port that is not open, the system will respond with an icmp port unreachable message. Unicast Unicast is defined as any communication between a single sender and a single receiver over a network. The term exists in contradiction to multicast, communication between a single sender and multiple receivers, and any cast, communication between any sender and the nearest of a group of receivers in a network. Uniform resource identifier uri A uniform resource identifier (uri) is a string of characters that are used to identify the name of a resource. Such identification enables interaction with representations of the resource over a network (such as the world wide web) using specific protocols. In other words, uri is the generic term for all types of names and addresses that refer to objects on the world wide web. Uniform resource locator url A uniform resource locator (url) is the global address of documents and other resources on the world wide web. The first part of the address indicates what protocol to use, and the second part specifies the ip address or the domain name where the resource is located. A url is a specific type of uniform resource identifier (uri), although many people use the two terms interchangeably. A url implies the means to access an indicated resource, which is not true of every uri. Urls occur most commonly to reference web pages (http), but are also used for file transfer (ftp), email (mailto), database access (jdbc), and many other applications. Unix Unix is a popular multi-user, multi-tasking operating system developed at Bell labs in the early 1970s by ken thompson, dennis ritchie, and others. Unix was designed to be a small, flexible system used exclusively by programmers. Unprotected share An unprotected share is a mechanism that allows a user to connect to file systems and printers on other systems. An unprotected share is one that allows anyone to connect to it. User contingency plan A user contingency plan is the alternative method of continuing business operations if its systems are unavailable. User datagram protocol udp The user datagram protocol (udp) is a communication protocol that, like tcp, runs on top of ip networks. The protocol was designed by david p. Reed in 1980 and formally defined in rfc 768. Udp uses a simple connectionless transmission model with a minimum of protocol mechanism. It is used primarily for broadcasting messages over a network. Udp uses the internet protocol to get a datagram from one computer to another but does not divide a message into packets (datagrams) and reassemble it at the other end. Udp doesn’t provide sequencing of the packets that the data arrives in. User A user is any person, organization entity, or automated process that accesses a system, whether authorized to do so or not. Users generally use a system or a software product without the technical expertise required to fully understand it. V Back to Top Virtual private network vpn A virtual private network (vpn) extends a private network across a public network, such as the internet. Vpn enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. A vpn is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols, or traffic encryption. For example, if a corporation has lans at several different sites, each connected to the internet by a firewall, the corporation could create a vpn by (a) using encrypted tunnels to connect from firewall to firewall across the internet and (b) not allowing any other traffic through the firewalls. A vpn is generally less expensive to build and operate than a dedicated real network, because the virtual network shares the cost of system resources with other users of the real network. Virus A virus is a hidden, self-replicating section of a computer software or program, usually malicious logic, that propagates by infecting, i.e., inserting a copy of itself into and becoming part of another program. A virus cannot run by itself and requires that its host program be run to make the virus active. Voice firewall A voice firewall is a physical discontinuity in a voice network that monitors, alerts, and controls inbound and outbound voice network activity based on user-defined call admission control (cac) policies, voice application layer security threats or unauthorized service use violations. Voice intrusion prevention system vips A voice intrusion prevention system (vips) is a security management system for voice networks that monitors voice traffic for multiple calling patterns or attack/abuse signatures to proactively detect and prevent toll fraud, denial of service, telecom attacks, service abuse, and other anomalous activities. W Back to Top Warchalking War chalking is marking areas, usually on sidewalks with chalk, that receive wireless signals to advertise an open wi-fi network. Warchalking was inspired by hobo symbols and was conceived by a group of friends in june 2002. They were published by matt jones who designed the set of icons and produced a downloadable document containing them. War dialer A war dialer is a computer program that automatically dials a series of telephone numbers to locate lines connected to computer systems, and catalogs those numbers so that a cracker or attacker can try to break into the systems. War dialing War dialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, bulletin board systems (computer servers), and fax machines. Wardriving Wardriving is searching for wi-fi wireless networks by an individual in a moving vehicle while using a portable computer, smartphone, or personal digital assistant (pda). Web of trust The web of trust is a concept that is used in pgp, gnupg, and other openpgp-compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure (PKI), which relies exclusively on a certificate authority. Web server A web server is a computer system that processes requests via http, the basic network protocol used to distribute information on the world wide web. Web server is used to refer either the entire system, or specifically to the software that accepts and supervises the http requests. Whois A whois is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an internet resource, such as a domain name, an ip address block, or an autonomous system. The protocol stores and delivers database content in a human-readable format. The whois protocol is documented in rfc 3912. Windowing system A windowing system is a system that is used for sharing a computer’s graphical display presentation resources among multiple applications at the same time. A windowing system uses a window manager to keep track of where each window is located on the display screen and its size and status. A windowing system doesn’t just manage the windows but also other forms of graphical user interface entities. Windowing Windowing is the process of taking a small subset of a larger dataset for processing and analysis. In this approach, the rectangular window involves simply truncating the dataset before and after the window, while not modifying the contents of the window at all. Windump A windump is a freeware tool for windows that is a protocol analyzer that can monitor network traffic on a wire. Wired equivalent privacy wep Wired equivalent privacy (wep) is a security protocol for wireless local area networks defined in the standard ieee 802.11b. It was introduced as part of the original 802.11 standard ratified in 1997, its intention was to provide data confidentiality comparable to that of a traditional wired network. Wep, recognizable by the key of 10 or 26 hexadecimal digits, was at one time widely in use and was often the first security choice presented to users by router configuration tools. Wireless application protocol A wireless application protocol (wap) is a specification for a set of communication protocols to standardize the way that wireless devices, such as cellular telephones and radio transceivers, can be used for internet access, including e-mail, the world wide web, newsgroups, and internet relay chat. A wap browser is a web browser for mobile devices such as mobile phones that uses the protocol. Wiretapping Wiretapping is the process of monitoring and recording data that is flowing between two points in a communication system. World wide web the web www w3 The world wide web (www) is the global, hypermedia-based collection of information and services that is available on internet servers and is accessed by browsers using hypertext transfer protocol and other information retrieval mechanisms. Worm A worm is a computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively. X Back to Top X 400 X.400 was originally published in 1984 by ccitt and later re-written in 1988 jointly by iso and ccitt. X.400 is a standard that conforms to layer 7 of the osi and is a standard used for transporting e-mail messages. X.400 is an alternative standard to the commonly used smtp and includes support for several transport connections including ethernet, tcp/ip, and dial-up. Xhtml Xhtml is short for extensible hypertext markup language. Xhtml is a hybrid between xml and html and designed for network devices as a method of displaying web pages on network and portable devices. Xhtml was first released january 26, 2000. Xml Xml is short for extensible markup language. Xml is a specification developed by w3c starting with the recommendation on february 10, 1998. Xml is similar to html, xml uses tags to markup a document, allowing the browser to interpret the tags and display them on a page. Unlike html, xml language is unlimited (extensible) which allows self-defining tags and can describe the content instead of only displaying a page’s content. Using xml other languages such as rss and mathml have been created, even tools like xslt were created using xml. Xmpp Xmpp which stands for extensible messaging and presence protocol, is a communications protocol for messaging systems. It is based on xml, storing and transmitting data in that format. It is used for sending and receiving instant messages, maintaining buddy lists, and broadcasting the status of one’s online presence. Xmpp is an open protocol standard. Anyone can operate their own xmpp service, and use it to interact with any other xmpp service. The standard is maintained by xsf, the xmpp standards foundation. Xmt Xmt is also called transmit. Xmt is the method of sending data to an alternate computer or device. Xns Xns is short for xerox network services, xns is a proprietary network communications protocol developed by xerox. Xns is no longer used and has been replaced by transmission control protocol / interface program (tcp/ip). Y Back to Top Y2k Y2k is short for the year 2000 bug or the millennium bug. Y2k is a warning first published by bob bemer in 1971 describing the issues of computers using a two-digit year date stamp. Ymodem A ymodem is a file-transfer protocol developed by Chuck Forsburg, that is similar to the enhanced 1k version of xmodem. Ymodem sends data in 1024-byte blocks, allows for multiple file transmissions at once, performs cyclic redundancy checks (crc), and can reduce the transfer size to compensate for poor connections. Yottabyte Yottabyte is abbreviated as yb. A yottabyte is equal to 1,208,925,819,614,629,174,706,176 (280) bits, or 1,000,000,000,000,000,000,000,000 (1024) bytes and is the largest recognized value used with storage. Z Back to Top Zero day attack A zero-day (or zero-hour or day zero) attack is a computer threat that attempts to manipulate the computer application vulnerabilities that are undisclosed to the software developer. Zero-day exploits is the actual code that can use a security hole to carry out an attack. These exploits are used or shared by attackers before the software developer knows about the vulnerability. Zero day The zero day or day zero is the day a new vulnerability is made known. In some cases, a zero day exploit is referred to an exploit for which no patch is available yet. Day one is a day at which the patch is made available. Zombies A zombie computer is a computer connected to the internet that has been compromised by a hacker, a computer virus, or a trojan horse. Generally, a compromised machine is only one of many in a botnet, and is used to perform malicious tasks of one sort or another under remote direction.
Topics
  • Topic
  • Tf
  • Position
  • system
  • 342
  • 12
  • security
  • 335
  • 12
  • network
  • 290
  • 12
  • information
  • 228
  • 12
  • data
  • 220
  • 12
  • protocol
  • 168
  • 12
  • key
  • 157
  • 12
  • computer
  • 138
  • 12
  • control
  • 132
  • 12
  • access
  • 123
  • 12
  • user
  • 116
  • 12
  • internet
  • 110
  • 12
  • attack
  • 91
  • 12
  • layer
  • 87
  • 12
  • process
  • 84
  • 12
  • device
  • 77
  • 12
  • organization
  • 75
  • 12
  • message
  • 75
  • 12
  • service
  • 71
  • 12
  • ip
  • 70
  • 12
  • file
  • 69
  • 12
  • address
  • 65
  • 12
  • application
  • 63
  • 12
  • server
  • 62
  • 12
  • packet
  • 62
  • 12
  • software
  • 60
  • 12
  • program
  • 56
  • 12
  • algorithm
  • 55
  • 12
  • standard
  • 55
  • 12
  • based
  • 55
  • 12
  • information system
  • 54
  • 12
  • back top
  • 53
  • 12
  • security control
  • 40
  • 12
  • operating system
  • 30
  • 12
  • back
  • 27
  • 12
  • ip address
  • 25
  • 12
  • access control
  • 25
  • 12
  • internet protocol
  • 24
  • 12
  • computer network
  • 22
  • 12
  • public key
  • 22
  • 12
  • hash function
  • 18
  • 12
  • system network
  • 17
  • 12
  • security policy
  • 17
  • 12
  • security requirement
  • 17
  • 12
  • system security
  • 15
  • 12
  • secret key
  • 15
  • 12
  • data packet
  • 14
  • 12
  • computer system
  • 14
  • 12
  • cryptographic key
  • 14
  • 12
  • communication protocol
  • 13
  • 12
  • information security
  • 13
  • 12
  • message digest
  • 12
  • 12
  • security service
  • 12
  • 12
  • area network
  • 12
  • 12
  • confidentiality integrity
  • 12
  • 12
  • digital signature
  • 12
  • 12
  • confidentiality integrity availability
  • 11
  • 12
  • world wide web
  • 11
  • 12
  • denial service
  • 11
  • 12
  • hash algorithm
  • 11
  • 12
  • local area
  • 11
  • 12
  • integrity availability
  • 11
  • 12
  • end
  • 11
  • 12
  • key cryptographic
  • 11
  • 12
  • world wide
  • 11
  • 12
  • wide web
  • 11
  • 12
  • cryptographic algorithm
  • 11
  • 12
  • local area network
  • 10
  • 12
  • application layer
  • 10
  • 12
  • hardware software
  • 10
  • 12
  • protocol ip
  • 10
  • 12
  • cipher text
  • 10
  • 12
  • network traffic
  • 10
  • 12
  • information information
  • 10
  • 12
  • sensitive information
  • 10
  • 12
  • point
  • 10
  • 12
  • secure hash
  • 10
  • 12
  • service attack
  • 9
  • 12
  • network network
  • 9
  • 12
  • user access
  • 9
  • 12
  • key encryption
  • 9
  • 12
  • intrusion detection
  • 9
  • 12
  • key cryptographic key
  • 8
  • 12
  • information information system
  • 8
  • 12
  • based access control
  • 8
  • 12
  • risk management
  • 8
  • 12
  • system component
  • 8
  • 12
  • security testing
  • 8
  • 12
  • data encryption
  • 8
  • 12
  • digital certificate
  • 8
  • 12
  • plain text
  • 8
  • 12
  • bit
  • 8
  • 12
  • transfer protocol
  • 8
  • 12
  • operating
  • 8
  • 12
  • private network
  • 8
  • 12
  • based access
  • 8
  • 12
  • internet protocol ip
  • 7
  • 12
  • intrusion detection system
  • 7
  • 12
  • layer layer
  • 7
  • 12
  • secure hash algorithm
  • 7
  • 12
  • control protocol
  • 7
  • 12
  • file transfer
  • 7
  • 12
  • network security
  • 7
  • 12
  • host network
  • 7
  • 12
  • internet engineering
  • 7
  • 12
  • system application
  • 7
  • 12
  • encryption algorithm
  • 7
  • 12
  • key management
  • 7
  • 12
  • security management
  • 7
  • 12
  • symmetric key
  • 7
  • 12
  • control security
  • 7
  • 12
  • management system
  • 7
  • 12
  • detection system
  • 7
  • 12
  • star property
  • 7
  • 12
  • internet standard
  • 7
  • 12
  • security attribute
  • 7
  • 12
  • access system
  • 7
  • 12
  • key symmetric
  • 7
  • 12
  • classification level
  • 7
  • 12
  • security relevant
  • 7
  • 12
  • public key infrastructure
  • 6
  • 12
  • control security control
  • 6
  • 12
  • internet engineering task
  • 6
  • 12
  • engineering task force
  • 6
  • 12
  • task force ietf
  • 6
  • 12
  • security control baseline
  • 6
  • 12
  • secret key cryptographic
  • 6
  • 12
  • security officer
  • 6
  • 12
  • access information
  • 6
  • 12
  • key infrastructure
  • 6
  • 12
  • transmission control
  • 6
  • 12
  • protocol tcp
  • 6
  • 12
  • electronic key
  • 6
  • 12
  • network service
  • 6
  • 12
  • unix
  • 6
  • 12
  • high impact
  • 6
  • 12
  • proxy server
  • 6
  • 12
  • network device
  • 6
  • 12
  • markup language
  • 6
  • 12
  • web server
  • 6
  • 12
  • ip network
  • 6
  • 12
  • engineering task
  • 6
  • 12
  • task force
  • 6
  • 12
  • force ietf
  • 6
  • 12
  • mail
  • 6
  • 12
  • uniform resource
  • 6
  • 12
  • control baseline
  • 6
  • 12
  • access control list
  • 5
  • 12
  • key public key
  • 5
  • 12
  • computer system network
  • 5
  • 12
  • end end
  • 5
  • 12
  • transmission control protocol
  • 5
  • 12
  • consumer consumer
  • 5
  • 12
  • unix operating
  • 5
  • 12
  • cryptographic hash function
  • 5
  • 12
  • information system security
  • 5
  • 12
  • point point
  • 5
  • 12
  • key symmetric cryptographic
  • 5
  • 12
  • symmetric cryptographic algorithm
  • 5
  • 12
  • area network lan
  • 4
  • 12
  • gain unauthorized access
  • 4
  • 12
  • brute force attack
  • 4
  • 12
  • business continuity plan
  • 4
  • 12
  • text cipher text
  • 4
  • 12
  • key infrastructure pki
  • 4
  • 12
  • data encryption standard
  • 4
  • 12
  • control protocol tcp
  • 4
  • 12
  • file transfer protocol
  • 4
  • 12
  • message authentication code
  • 4
  • 12
  • secure socket layer
  • 4
  • 12
  • security control security
  • 4
  • 12
  • wide web www
  • 4
  • 12
  • source ip address
  • 4
  • 12
  • virtual private network
  • 4
  • 12
  • access control mac
  • 4
  • 12
  • binary
  • 4
  • 12
  • private network vpn
  • 4
  • 12
  • public key encryption
  • 4
  • 12
  • integrity availability information
  • 4
  • 12
  • key secret key
  • 4
  • 12
  • term secret context
  • 4
  • 12
  • secret context imply
  • 4
  • 12
  • context imply classification
  • 4
  • 12
  • imply classification level
  • 4
  • 12
  • imply protect key
  • 4
  • 12
  • protect key disclosure
  • 4
  • 12
  • find message
  • 4
  • 12
  • security policy security
  • 4
  • 12
  • security control assessment
  • 4
  • 12
  • input validation attack
  • 3
  • 12
  • internet control message
  • 3
  • 12
  • control message protocol
  • 3
  • 12
  • message protocol icmp
  • 3
  • 12
  • force ietf internet
  • 3
  • 12
  • point tunneling protocol
  • 3
  • 12
  • network link state
  • 3
  • 12
  • media access control
  • 3
  • 12
  • mandatory access control
  • 3
  • 12
  • request comment rfc
  • 3
  • 12
  • printable character
  • 3
  • 12
  • packet switched network
  • 3
  • 12
  • uniform resource locator
  • 3
  • 12
  • internet standard protocol
  • 3
  • 12
  • server proxy server
  • 3
  • 12
  • address resolution protocol
  • 3
  • 12
  • secret key symmetric
  • 3
  • 12
  • key encryption decryption
  • 3
  • 12
  • cryptographic algorithm uniquely
  • 3
  • 12
  • algorithm uniquely entity
  • 3
  • 12
  • uniquely entity made
  • 3
  • 12
  • entity made public
  • 3
  • 12
  • classification level imply
  • 3
  • 12
  • level imply protect
  • 3
  • 12
  • hash algorithm sha
  • 3
  • 12
  • secure hash standard
  • 3
  • 12
  • socket layer ssl
  • 3
  • 12
  • security attribute security
  • 3
  • 12
  • information system based
  • 3
  • 12
  • security requirement security
  • 3
  • 12
  • management operational technical
  • 3
  • 12
  • set minimum security
  • 3
  • 12
  • minimum security control
  • 3
  • 12
  • security control defined
  • 3
  • 12
  • requirement information system
  • 3
  • 12
  • access control authentication
  • 3
  • 12
  • monitor network traffic
  • 3
  • 12
  • lower classification level
  • 3
  • 12
  • handshake
  • 3
  • 12
  • uniform resource identifier
  • 3
  • 12
  • resource identifier uri
  • 3
  • 12
Result 13
TitleGlossary of IT security terms - Protecting networks, computers and data | BSI
Urlhttps://www.bsigroup.com/en-GB/Cyber-Security/Glossary-of-cyber-security-terms/
DescriptionGlossary of IT security terms - Protecting networks, computers and data
Date
Organic Position13
H1Glossary of cyber security terms
H2
H3
H2WithAnchors
BodyGlossary of cyber security terms The technical terms in this glossary are not comprehensive, they are intended only as a basic aid to understanding the pages on this website. A much more comprehensive Jargon Buster can be found on the government’s Get Safe Online website.   Word/Term Definition Access control Controlling who has access to a computer or online service and the information it stores. Asset Something of value to a person, business or organization. Authentication The process to verify that someone is who they claim to be when they try to access a computer or online service. Backing up To make a copy of data stored on a computer or server to lessen the potential impact of failure or loss. Bring your own device (BYOD) The authorised use of personally owned mobile devices such as smartphones or tablets in the workplace. Broadband High-speed data transmission system where the communications circuit is shared between multiple users. Business continuity management Preparing for and maintaining continued business operations following disruption or crisis. Certification Declaration that specified requirements have been met. Certification body An independent organization that provides certification services. Chargeback A payment card transaction where the supplier initially receives payment but the transaction is later rejected by the cardholder or the card issuing company. The supplier’s account is then debited with the disputed amount. Cloud computing Delivery of storage or computing services from remote servers online (ie via the internet). Common text A structure and series of requirements defined by the International Organization for Standardization, that are being incorporated in all management system International Standards as they are revised. Data server A computer or program that provides other computers with access to shared files over a network. Declaration of conformity Confirmation issued by the supplier of a product that specified requirements have been met. DMZ Segment of a network where servers accessed by less trusted users are isolated. The name is derived from the term “demilitarised zone”. Encryption The transformation of data to hide its information content. Ethernet Communications architecture for wired local area networks based uponIEEE 802.3 standards. Firewall Hardware or software designed to prevent unauthorised access to a computer or network from another computer or network. Gap analysis The comparison of actual performance against expected or required performance. Hacker Someone who violates computer security for malicious reasons, kudos or personal gain. Hard disk The permanent storage medium within a computer used to store programs and data.  Identification The process of recognising a particular user of a computer or online service. Infrastructure-as-a-service (IaaS) Provision of computing infrastructure (such as server or storage capacity) as a remotely provided service accessed online (ie via the internet). Inspection certificate A declaration issued by an interested party that specified requirements have been met. Instant messaging Chat conversations between two or more people via typing on computers or portable devices. Internet service provider (ISP) Company that provides access to the internet and related services. Intrusion detection system (IDS) Program or device used to detect that an attacker is or has attempted unauthorised access to computer resources. Intrusion prevention system (IPS) Intrusion detection system that also blocks unauthorised access when detected. ‘Just in time’ manufacturing Manufacturing to meet an immediate requirement, not in surplus or in advance of need. Keyboard logger A virus or physical device that logs keystrokes to secretly capture private information such as passwords or credit card details. Leased circuit Communications link between two locations used exclusively by one organization. In modern communications, dedicated bandwidth on a shared link reserved for that user. Local area network (LAN) Communications network linking multiple computers within a defined location such as an office building. Macro virus Malware (ie malicious software) that uses the macro capabilities of common applications such as spreadsheets and word processors to infect data. Malware Software intended to infiltrate and damage or disable computers. Shortened form of malicious software. Management system A set of processes used by an organisation to meet policies and objectives for that organisation. Network firewall Device that controls traffic to and from a network. Outsourcing Obtaining services by using someone else’s resources. Passing off Making false representation that goods or services are those of another business. Password A secret series of characters used to authenticate a person’s identity. Personal firewall Software running on a PC that controls network traffic to and from that computer. Personal information Personal data relating to an identifiable living individual. Phishing Method used by criminals to try to obtain financial or other confidential information (including user names and passwords) from internet users, usually by sending an email that looks as though it has been sent by a legitimate organization (often a bank). The email usually contains a link to a fake website that looks authentic. Platform-as-a-service (PaaS) The provision of remote infrastructure allowing the development and deployment of new software applications over the internet. Portable device A small, easily transportable computing device such as a smartphone, laptop or tablet computer. Proxy server Server that acts as an intermediary between users and others servers, validating user requests. Restore The recovery of data following computer failure or loss. Risk Something that could cause an organization not to meet one of its objectives. Risk assessment The process of identifying, analysing and evaluating risk. Router Device that directs messages within or between networks. Screen scraper A virus or physical device that logs information sent to a visual display to capture private or personal information. Security control Something that modifies or reduces one or more security risks. Security information and event management (SIEM)   Process in which network information is aggregated, sorted and correlated to detect suspicious activities. Security perimeter A well-defined boundary within which security controls are enforced. Server Computer that provides data or services to other computers over a network. Smartphone A mobile phone built on a mobile computing platform that offers more advanced computing ability and connectivity than a standard mobile phone. Software-as-a-service (SaaS) The delivery of software applications remotely by a provider over the internet; perhaps through a web interface. Spyware Malware that passes information about a computer user’s activities to an external party. Supply chain A set of organisations with linked resources and processes involved in the production of a product. Tablet An ultra-portable, touch screen computer that shares much of the functionality and operating system of smartphones, but generally has greater computing power. Threat Something that could cause harm to a system or organization. Threat actor A person who performs a cyber attack or causes an accident. Two-factor authentication Obtaining evidence of identity by two independent means, such as knowing a password and successfully completing a smartcard transaction. Username The short name, usually meaningful in some way, associated with a particular computer user. User account The record of a user kept by a computer to control their access to files and programs. Virtual private network (VPN)  Link(s) between computers or local area networks across different locations using a wide area network that cannot access or be accessed by other users of the wide area network. Virus Malware that is loaded onto a computer and then run without the user’s knowledge or knowledge of its full effects. Vulnerability  A flaw or weakness that can be used to attack a system or organization. Wide area network (WAN) Communications network linking computers or local area networks across different locations. Wi-Fi Wireless local area network based uponIEEE 802.11standards. Worm Malware that replicates itself so it can spread to infiltrate other computers. SHARE
Topics
  • Topic
  • Tf
  • Position
  • computer
  • 27
  • 13
  • service
  • 22
  • 13
  • network
  • 21
  • 13
  • user
  • 16
  • 13
  • software
  • 10
  • 13
  • access
  • 10
  • 13
  • information
  • 10
  • 13
  • device
  • 10
  • 13
  • data
  • 9
  • 13
  • server
  • 9
  • 13
  • system
  • 9
  • 13
  • area network
  • 8
  • 13
  • internet
  • 8
  • 13
  • organization
  • 8
  • 13
  • area
  • 8
  • 13
  • security
  • 7
  • 13
  • computing
  • 7
  • 13
  • online
  • 6
  • 13
  • control
  • 6
  • 13
  • process
  • 6
  • 13
  • communication
  • 6
  • 13
  • local area network
  • 5
  • 13
  • local area
  • 5
  • 13
  • password
  • 5
  • 13
  • requirement
  • 5
  • 13
  • local
  • 5
  • 13
  • personal
  • 5
  • 13
  • malware
  • 5
  • 13
  • access computer
  • 4
  • 13
  • program
  • 4
  • 13
  • viru
  • 4
  • 13
  • link
  • 4
  • 13
  • location
  • 4
  • 13
  • risk
  • 4
  • 13
  • computer online service
  • 3
  • 13
  • wide area network
  • 3
  • 13
  • computer online
  • 3
  • 13
  • online service
  • 3
  • 13
  • requirement met
  • 3
  • 13
  • unauthorised access
  • 3
  • 13
  • computer network
  • 3
  • 13
  • wide area
  • 3
  • 13
Result 14
TitleCybersecurity glossary. 275+ Terms. Common Terminology
Urlhttps://heimdalsecurity.com/glossary
DescriptionCyber Security Glossary. The dictionary for your a-haaa! moments in online safety. A; B; C; D ...
Date
Organic Position14
H1
H2
H3
H2WithAnchors
Body
Topics
  • Topic
  • Tf
  • Position
Result 15
TitleA Complete Glossary: 70+ Cyber Security Terms (From A to Z)
Urlhttps://www.g2.com/articles/cyber-security-terms
DescriptionFirewall: An internet traffic filter meant to stop unauthorized incoming and outgoing traffic. Firmware: Code that is embedded into the hardware ...
DateJun 17, 2019
Organic Position15
H1
H2
H3
H2WithAnchors
Body
Topics
  • Topic
  • Tf
  • Position
Result 16
TitleThe 15 Cybersecurity Terms You Must Know | American University
Urlhttps://digitalskills.american.edu/article/the-15-cybersecurity-terms-you-must-know/
DescriptionThe demand for cybersecurity specialists is growing at a rapid rate due to increased cyber attacks across every sector
Date
Organic Position16
H1The 15 Cybersecurity Terms You Must Know
H215 Cyber Terms You Should Know
Learn About Cybersecurity
Programs
Pages
H3Categories
Categories
H2WithAnchors15 Cyber Terms You Should Know
Learn About Cybersecurity
Programs
Pages
BodyThe 15 Cybersecurity Terms You Must Know The demand for cybersecurity specialists is growing at a rapid rate due to increased cyber attacks across every sector.   Cybersecurity specialists must constantly evolve to defend against the efforts of malicious hackers. As new technologies are developed for general public use, you can imagine the number of tools being developed behind the scenes that allow malicious hackers to access poorly protected devices and networks. Technology will only continue to evolve and bad actors will take advantage of vulnerabilities in them. It is up to each and every one of us to prioritize cybersecurity in our homes and offices.   It’s crucial that, as a society, we increase our cybersecurity efforts no matter if it’s our intended career path or merely an interest. Even at home, we must monitor our devices, the websites our family visit, and the software we download. Having a significant grasp of fundamental cybersecurity terminology can better protect you and your family.   15 Cyber Terms You Should Know.   If you learn 15 of the most used words or phrases in the field, you’ll have a greater understanding of information technology than the majority of the world. These terms and techniques are associated with protecting your devices, networks, and, ultimately, data from malicious hackers. It’s important you maintain the privacy of your networks to ensure your private information remains secure. User Authentication – is often used to identify and validate the identity of anyone who connects to a network resource.Encryption – is the process of encoding data, by converting the original representation of the information, known as plain text, into an alternative form known as cipher text.Antivirus – helps protect your computer against malware and cyber criminals by seeking out and removing computer viruses that have infected your computer.Malware – is any type of software designed to harm or exploit any programmable device, service or network. Examples include computer viruses, worms, and trojan horses.Firewall – is a network security system that tracks all incoming and outgoing network traffic based on security rules set up by an administrator.Phishing – is the fraudulent use of electronic communications to take advantage of users and collect personal information.Multi-Factor Authentication –  is a layered security system that requires more than one means of authentication (i.e. fingerprint and password) to grant access to an account or device.DoS / DDoS (Denial of Service) – is a cyber-attack in which the bad actor makes a device or network resource unavailable by flooding the services of a host connected to the Internet.Ethical Hacking – is an authorized, legal  practice of bypassing system security to locate potential data breaches and threats in a network.Ransomware – is a form of malware that locks the user out of their devices or accounts, then demands payment to restore accessCyber Attack – is any unauthorized attempt to access, alter, steal or block system or user information. Cloud – is a storage system that allows the access of data and programs over the Internet instead of your computer’s hard drive.Network – is a digital telecommunications network for communication between devices that use a common telecommunications technologyIoT – (Internet of Things) is a system of interrelated computing devices, mechanical and digital machines or objects used and managed over a network. Penetration Test – is an authorized simulated cyber attack on a computer system, performed to locate network vulnerabilities. Learn About Cybersecurity.   If you’re looking to dive a little deeper into the cybersecurity field, you can talk to an American University admissions advisors. Find out what the day in the life of a cybersecurity professional is all about and how they use these terms on a daily basis and call 202-888-4202.   The American University Cybersecurity Certificate Program can help you grow professionally and aid you in getting a job in cybersecurity. You will have all the training and skills you need to enter the workforce and take many of the industry’s leading certification exams in as little as 1 year. Categories. Cybersecurity Data Science & Analytics FinTech General Testimonials . . View this post on Instagram A post shared by AU Cybersecurity Program (@au_cyberprofessional) Categories. Cybersecurity Data Science & Analytics FinTech General Testimonials . . View this post on Instagram A post shared by AU Cybersecurity Program (@au_cyberprofessional) If you would like to learn more about the American University Digital Skills Professional Programs, give our advisors a call at (202) 888-4202 or fill out the form below. 4400 Massachusetts Ave. NW Washington, D.C. 20016 (202) 888-4202 Programs. Cybersecurity Professional Program Digital Marketing Professional Program Software Development Professional Program Pages. Home FAQ The Classroom Blog Career Services About Us Contact Us Powered by Privacy Policy Skip to content This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
Topics
  • Topic
  • Tf
  • Position
  • cybersecurity
  • 16
  • 16
  • network
  • 11
  • 16
  • program
  • 9
  • 16
  • device
  • 8
  • 16
  • system
  • 7
  • 16
  • computer
  • 6
  • 16
  • data
  • 6
  • 16
  • term
  • 5
  • 16
  • cyber
  • 5
  • 16
  • service
  • 5
  • 16
  • professional
  • 5
  • 16
  • professional program
  • 4
  • 16
  • authentication
  • 4
  • 16
  • attack
  • 4
  • 16
  • access
  • 4
  • 16
  • information
  • 4
  • 16
  • user
  • 4
  • 16
  • security
  • 4
  • 16
  • digital
  • 4
  • 16
  • post
  • 4
  • 16
  • 202 888 4202
  • 3
  • 16
  • cyber attack
  • 3
  • 16
  • maliciou hacker
  • 3
  • 16
  • device network
  • 3
  • 16
  • american university
  • 3
  • 16
  • 202 888
  • 3
  • 16
  • 888 4202
  • 3
  • 16
  • general
  • 3
  • 16
  • home
  • 3
  • 16
  • software
  • 3
  • 16
  • learn
  • 3
  • 16
  • privacy
  • 3
  • 16
  • form
  • 3
  • 16
  • american
  • 3
  • 16
  • university
  • 3
  • 16
  • 202
  • 3
  • 16
  • 888
  • 3
  • 16
  • 4202
  • 3
  • 16
Result 17
TitleCybersecurity Glossary | Security Terms & Definitions | ConnectWise
Urlhttps://www.connectwise.com/cybersecurity/glossary
DescriptionCheck out our new cybersecurity glossary where we review all the most important security terms and definitions in managed services
Date
Organic Position17
H1The ConnectWise Cybersecurity Glossary
H2Did you know?
Table of Terms
Additional resources
H3A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
H2WithAnchorsDid you know?
Table of Terms
Additional resources
BodyThe ConnectWise Cybersecurity Glossary Cybersecurity is a growing area of concern for many small to midsize businesses (SMBs), and it's a huge area of opportunity for managed service providers (MSPs). As more widespread and damaging attacks make the daily news, companies are turning to MSPs for cybersecurity services and support, such as security operations centers (SOC), dark web monitoring, and more. Cybersecurity is the differentiating factor for MSPs moving forward. ConnectWise enables MSPs to add cybersecurity offerings—also known as an MSP+ model—with a range of MSP-specific software products, events, certificates, educational materials, frameworks, playbooks, and more. In this cybersecurity glossary, we break down some of the most common, important terms in the industry. Click through our glossary to get up to speed on cybersecurity language and explore key terms in more depth. Did you know? 92 percent of SMBs are willing to change their MSP for the right cybersecurity offering. Learn more in the ConnectWise 2021 State of SMB Cybersecurity Report Table of Terms. A B C D E F G H I J K L M N O P Q R S T U V W X Y Z. aterms A. Antivirus / Anti-malware Threat actors—such as hackers or hacking groups—often use viruses and other harmful code to infiltrate company networks and endpoints such as computers. A standard tool in any organization’s cybersecurity toolkit, antivirus software is used to detect, alert, block, and remove these kinds of malicious programs, such as viruses, ransomware, and more. Another word for anti-virus is anti-malware, which also refers to its key function of protecting endpoints against harmful programs. Advanced Persistent Threat Instead of being an attack or a broad approach (such as a widespread phishing campaign), advanced persistent threats (APTs) are attacks where organizations are targeted over a long period of time. These types of attacks are usually perpetrated by well-organized, and well-funded groups, such as nation states. Assessment An assessment is the process by which an organization examines its cybersecurity controls. Assessments cover everything from processes, trainings, policies, and tools in place to protect the organization’s users and data. Assessments are often conducted to compare an organization’s controls and posture against a third-party framework or compliance standard.   bterms B. Bad Actor See Threat Actor. Blue Team Composed of IT professionals and other cybersecurity or technology experts, a blue team refers to a group tasked with defending an organization from cybersecurity threats. Blue teams detect threats, take actions to contain them, and then remediate the problem. They also handle prevention of future threats. Blue teams can help organizations get ahead of cybersecurity threats. They are often pitted against a red team. Business Email Compromise (BEC) A form of phishing, business email compromise (BEC) typically occurs when a threat actor poses as a legitimate business colleague—such as a co-worker, vendor, or partner—to facilitate some kind of malicious activity. Perpetrators of BEC may be trying to gain some kind of payment (such as convincing employees to send them money), exfiltrate data, or otherwise harm the business for their own gain. cterms C. Chief Information Security Officer (CISO) A CISO is an executive focused on implementing, maintaining, and continually updating an organization’s cybersecurity posture. They’re typically the most senior-level person at an organization charged with cybersecurity, and they work alongside a suite of other C-level executives. The cybersecurity buck stops with the CISO, and their team is responsible for preventing cybersecurity incidents and—if and when they occur—responding to those incidents. Depending on their organizational maturity and how far they’ve come on their cybersecurity journey, not all organizations will have a CISO in place. In some cases, this role is filled by a lower-level security professional or an IT team member. Many small businesses outsource IT and security altogether to a managed service provider (MSP) or managed security service provider (MSSP). Sometimes this is done via a virtual CISO (vCISO), a role some MSPs and MSSPs have started providing to clients who need CISO level support but do not plan to bring the role in-house. Continuous Monitoring Once organizations have adopted controls to protect their data and systems, they need to ensure that those measures continue to work. Continuous monitoring means keeping an eye on an organization’s system/environments, assessing whether controls continue to be effective, and addressing any gaps. The National Institute for Standards and Technology (NIST), includes continuous monitoring as part of a six-step risk management framework. They have released an FAQ with more details, definitions, and context around the role of continuous monitoring in managing risk. Controls In cybersecurity, controls are the processes, tools, and policies in place to prevent or limit the reach of a cybersecurity incident. Cloud Computing Cloud computing refers to software and services hosted on remote servers, rather than on local servers, machines, or endpoints. Cryptography Cryptography is a field focused on the processes, technologies, and approaches used to secure information as it moves from one party to another. Cryptography protects information—such as emails and files—from being read by people outside the sender and recipient. For example, encryption and decryption are two cryptography techniques that scramble and unscramble code according to a cipher, rendering information unreadable to outside parties. Cryptographical approaches are considered best practices in cybersecurity. Cybersecurity Cybersecurity, broadly speaking, is the field or practice of securely managing and protecting the confidentiality, integrity, and availability of devices, environments, assets, and data from bad actors. These bad actors can be external (such as hackers) or internal (such as disgruntled employees, partners, or vendors). Cybersecurity Framework A cybersecurity framework is an organized, formalized set of processes, procedures, best practices, and requirements designed to ensure a high level of security. There are numerous frameworks globally. For example, one of the most well-known is the National Institute of Standards and Technology (NIST)’s Cybersecurity Framework. dterms D. The Dark Web Many people first heard of the “dark web” via the Silk Road scandal in the mid 2000s and the site’s eventual shutdown in 2013. However, the dark web is more extensive and complex than many realize. Broadly speaking, the dark web is an entire secret internet that cannot be found via normal routes, such as search engines. It operates beneath the surface and is usually only accessible via tools like Tor. Criminals often use the dark web to conduct business. This is where stolen credentials, social security numbers, personal data, hacking tools, and other illegal information is bought and sold by cybercriminals. Dark Web Scan While the dark web is accessible only via special tools such as VPNs or browser extensions, companies can take steps to monitor for stolen information that could compromise their business. A dark web scan is a process by which an MSP or other cybersecurity team searches certain parts of the dark web for information, such as company email addresses, to catch or prevent compromises. Learn more about dark web scans >> Dark Web Assessment / Dark Web Risk Assessment Organizations should be aware of whether their information is being traded on the dark web. To do so, they may conduct a dark web assessment to uncover whether their data is being sold online. A dark web assessment can include a variety of different processes and tools, such as dark web scan. Learn more about dark risk assessment >> Data Breach A data breach is when data is unlawfully accessed and removed from an organization’s systems. Data breaches can be perpetrated by external factors, such as hackers, or by internal actors—also known as insiders—such as employees, vendors, or partners who have legitimate access to an organization’s systems. Of note: This term has a very specific meaning, and it should only be used by legal counsel or as part of business communications approved by legal counsel. Learn more about data breach >> Data Exfiltration When a data breach occurs, data exfiltration is the act of actually moving organizational data from corporate systems to another location, such as a server, computer, or cloud account, controlled by the bad actor. Data Integrity Organizations need to know that their data is correct. Data integrity encompasses processes and policies ensure that data is properly collected, stored, and accessed without compromising or altering the content. When a cybersecurity incident takes place, data integrity is an essential part of understanding the scope of the incident or compromise and managing risk. Data Loss Prevention (DLP) Organizations can take steps to prevent data exfiltration with data loss prevention, which is a combination of processes and tools designed to prevent data from being stolen. Data loss prevention tools are typically referred to as “DLPs.” Learn more about DLP >> Decryption Decryption is the process by which organizations make data readable after it has been encrypted. Decryption is only possible with access to the cipher originally used to scramble the data. Learn more about decryption >> Digital Forensics Like other forms of forensics used in criminal and other investigations, digital forensics is a field focused on the close scientific analysis of devices, endpoints, software, and IT systems. With digital forensics, investigators can understand the what, who, where, and how of an event or cybersecurity incident. Organizations may engage in digital forensics after a data incident, during a legal case, or other instances where IT systems need to be closely examined for criminal activity. Distributed Denial of Service (DDoS) Attacks During distributed denial of service attacks (DDoS), an external actor—or actors—attempt to overwhelm an organization’s system or website with the goal of making it impossible for legitimate users to gain access. These attacks earn their name of “distributed” because the attacks come from multiple sources. For example, hackers may target a corporate website by overwhelming it with fake traffic, causing it to crash and preventing others from accessing the site. DDoS Attacks are often used in multi-step and multi-tool attacks where the initial DDoS flood serves to overwhelm security controls and staff, distracting them from secondary targeted attacks. eterms E. Encryption Encryption is the process by which organizations protect data from unauthorized use or access by scrambling it to make it unreadable. Organizations encrypt data with a secret code that dictates how the data is scrambled, also called a cipher. Data can only be decrypted—or unscrambled and made readable again—with that cipher. Endpoint Protection (EPP) Endpoint protection (EPP) is a term encompassing multiple technologies and/or processes that secure an organization’s endpoints (e.g. servers, laptops and desktops, and mobile devices) and protects them against viruses, malware, and other threats. Antivirus or anti-malware software, for example, can be included in endpoint protection. Endpoint Security Technology deployed to laptops, desktops, servers, mobile devices, and other endpoints that provide organizations with one or more of the following functions: instrumentation, detection, prevention, and deception. Endpoint security technology may also enable organizations to take administrative action on a given device. Learn more about endpoint security >> Event An event is any change or activity in an organization’s IT systems that is outside of normal behavior. An event is a broad term, and it doesn’t necessarily mean something malicious has occurred. For example, an employee skirting existing processes could be an event, although no harm was intended or no incident occurred. An event can escalate into an incident, in which a cybersecurity threat, malicious or otherwise, does occur. Exploit An exploit is the method a threat actor uses to exploit—hence the name—a weakness in software, hardware, or other elements to get into an organization’s systems. Exploits are often code-based. Exposure A factor used to determine risk when assessing data and systems based on the attack surface that they present externally. fterms F. Firewall Firewall technology is one of the earliest tools created to fend off cyber attackers and is a fundamental security control. A firewall creates a barrier between an endpoint (such as a laptop) or network and the outside world by restricting access in or out of the network. gterms G. Governance Governance is the set of processes, rules, and systems of accountability that an organization uses to oversee and manage its IT infrastructure and cybersecurity. hterms H. Hacker Hacker is a broad term that refers to someone who uses technological skills to enter an organization's IT systems without authorization or permission. Hackers can be individuals or groups. They can be independent actors with malicious intent, state-sponsored individuals working for nations to perpetrate espionage, and more. Hackers can also be non-malicious, in the case of red team groups hired to help organizations uncover security holes, penetration testers, individuals participating in bug bounty programs, and more. iterms I. Impact Impact refers to the consequences and reach of a given cybersecurity incident. Impact can be measured in terms of finances (such as the cost of remediating an incident or compromise), liability, data loss, organizational reputation, and more. Incident In cybersecurity, an incident is a negative security event that occurs on an organization's servers, devices, systems, etc. An incident could be an employee clicking on a phishing email, someone trying to break into an account via a password, an application exfiltrating information outside the network, and more. Sometimes incidents are accidental and sometimes they are malicious. Information Assurance Information assurance refers to the IT and organizational practices that businesses implement to ensure their information is properly managed and accessible only to authorized users.  Information System Resilience From environmental disasters, cybersecurity threats such as distributed denials of service (DDoS) attacks, electrical grid failures, and more, IT systems need to be able to withstand any number of disruptions and threats. Information system resilience refers to the preparations organizations put in place to enable their IT systems to survive perturbations such as those listed above. One element of information system resilience could include backups and disaster recovery services and software. Incident Response Incident response (IR) is the way in which an organization reacts to and addresses a cybersecurity event, such as an incident, compromise, or ransomware attack. When organizations have a response plan in place (see more below), the processes and steps a company takes follow a specific path and have designated roles and responsibilities. When organizations do not have a plan in place, their cyber incident response may not be as coherent or organized. Learn more about incident response >> Incident Response Plan An incident response plan is a predetermined plan that organizations create as a framework for what will happen during and after a cybersecurity incident. These plans detail what needs to happen, when it needs to happen, and who will be responsible for what actions. Whether or not an organization has actually experienced a cybersecurity incident in the past, a cyber response plan is necessary to limit potential damage and address risk for the future. Learn more about incident response plan >> Insider Threat While many people may think of “hackers” as synonymous with cybersecurity threats, organizations are also at risk from the inside. Insiders are users who have typically been granted legitimate access, such as employees, partners, vendors, or anyone else the organization allowed access into corporate systems. Whether through mistakes (such as clicking a phishing email) or bad intentions (e.g. stealing data to sell externally), insiders can trigger cybersecurity incidents, such as data leaks. Data prevention programs work to limit the risk of accidental or intentional data loss. Intrusion An intrusion is any form of unauthorized access to an organization’s IT systems or accounts. jterms J. kterms K. lterms L. Log Collection As users, machines, and/or software make changes in an organization’s systems, a software program collects logs of that activity. Log collection notes important information such as the user, date and time, action taken, and more. Oftentimes used synonymously with “event collection,” although the roots of the term relate back to sys log collection. Log Management As software performs log collection, the data should be organized and managed in a way that benefits the organization’s security strategy. Log management refers to the collection, storage, and analysis of an organization’s logs. mterms M. Malware Malware is a software-based attack tool and refers to a huge range of malicious software that attackers use with the intention of harm, exploitation, theft, and other damaging activities. Examples of malware include ransomware, spyware, and viruses. Learn more about malware >> Managed Detection and Response (MDR) When cybersecurity threats arise, they need to be dealt with quickly. With a combination of a security operations center (SOC) team and cybersecurity tools, a managed detection and response (MDR) service constantly monitors an organization’s infrastructure, looks for threats, and eliminates them in real time if/when they occur. Learn more about MDR >> Mitigation When a compromise or other cybersecurity incident occurs, mitigation is the process and/or steps taken to reduce the impact of the event. Mobile Device Management (MDM) Organizations have embraced laptops, smartphones, tablets, and other mobile devices to facilitate convenient and efficient work. Mobile device management (MDM) is the practice of managing the security of these various devices through technologies, policies, and processes, including specialized solutions for MDM. MSP+ Cybersecurity Framework Established by ConnectWise, the MSP+ Cybersecurity Framework is designed as a resource to help MSPs assess and enhance their cybersecurity practices as well as the cybersecurity posture of their clients. It is a compilation of best-in-class, MSP-specific guidance from well-known frameworks including NIST CSF, CIS 20, UK Cyber Essentials, Australia’s Essential Eight, and others. Multi-Factor Authentication (MFA) Multi-factor authentication (MFA) is a process that uses two or more authenticating factors to bring a higher level of security and prevent account takeovers. These factors usually fall into one or more of the following: something only the user can answer (such as a password or personal question); something unique that only the user has access to (such as a passcode or token); or something unique to the user’s physical presence (such as a fingerprint). An example of MFA would be when a user logs into their email account, receives a code on their mobile device, and is asked to enter that code at login. 2FA (two-factor authentication) is a popular form of MFA. Learn more about MFA >> nterms N. The National Institute of Standards and Technology (NIST) One of the most well-known and well-respected technology organizations in the U.S., the National Institute of Standards and Technology (NIST) issues widely used frameworks, guidance, and best practices for cybersecurity. NIST Framework Established by the National Institute of Standards and Technology (NIST) and developed in collaboration across the private and public sectors, the NIST Cybersecurity Framework is designed to help organizations adhere to a high level of cybersecurity practices. There is no mandate to adhere to the NIST Cybersecurity Framework; organizations are free to adopt the framework on a voluntary basis. Learn more about the NIST framework >> oterms O. pterms P. Penetration Testing Penetration testing is when organizations intentionally attempt to hack into or find vulnerabilities in their systems (or hire an outside consultant or firm to do so). In other words, they try to penetrate their own defenses to proactively find problems and address them before a cyber attacker can take advantage of them. Learn more about penetration testing >> Phishing Phishing is a form of social engineering when bad actors send emails or other message types with malicious links or harmful content to an organization’s users. These emails can be quite sophisticated and mimic content from legitimate and trusted sources, such as vendors, partners, or colleagues. When a user engages with the email, they may unintentionally download malware or be asked to provide sensitive information that can then be used to hack their accounts. Learn more about phishing >> qterms Q. rterms R. Ransomware Ransomware is a form of malware that infects an organization’s devices and/or systems and locks legitimate users out of their accounts. Hackers will then demand payment—a “ransom”—in exchange for returning control of the device or system to the organization. Often even after payment is rendered, the hackers do not return access. Learn more about ransomware >> Red Team Red teams are hackers or groups of hackers specifically hired to break into an organization’s systems. While they are not malicious actors or actual threats, they test IT systems as if they were. Red teams can uncover serious vulnerabilities in an organization’s IT systems and overall cybersecurity posture before a real threat can exploit those weaknesses. Risk Risk is, simply put, the likelihood that any given negative cybersecurity event could happen to an organization. Organizations must manage and reduce risk according to their unique circumstances, IT maturity, and priority. Each organization will have differing degrees of appetite for risk, and certain industries will be more risk averse or have greater regulations to reduce risk, such as the healthcare industry. Risk Assessment Organizations conduct risk assessments to get ahead of cybersecurity threats. A risk assessment examines an organization’s security posture against cybersecurity threats and identifies areas of improvement. It is a valuable tool in any organization’s work to head off security problems before they ever occur. Learn more about risk assessment >> Risk Management Risk management is a broad term that includes an organization’s holistic program to uncover and understand their unique risk characteristics and help prioritize security threats and severity, and ultimately reduce the risk with appropriate steps. The term can also include other organizational elements such financial risk management, HR-related risk management, and more. Risk management, like the cybersecurity landscape, is constantly evolving. sterms S. Security Information and Event Management (SIEM) Security information and event management (SIEM) systems are a type of software that companies can use to collect data on activity in their systems and, through correlation of that data, receive alerts for unusual behavior. A SIEM solution generally collects data from across an organization’s systems, analyzes it, provides reports, and flags potential threats. Learn more about SIEM >> What is a SIEM? >> Security Operations Center (SOC) Defending against cybersecurity threats is a round-the-clock job, and a security operations center (SOC) is a 24-hour team of experts who proactively hunt for, triage, and respond to threats in real-time. Large organizations may have an embedded SOC, but smaller organizations often outsource them. Learn more about SOC >> Single Sign-On (SSO) Organizations today use many different tools and software platforms, and password management can be a challenge. A single sign-on (SSO) platform is a method that allows users to securely access many tools using a single set of credentials. tterms T. Threat Actor Threat actor is a broad term encompassing an individual, group of individuals, harmful organization (such as nation-state attackers) or others who present cybersecurity threats to governments, private sector companies, and others. Threat actors can include hackers. Threat Research Team / Threat Intelligence Team A threat intelligence team is a group of cybersecurity experts who monitor the Internet, conduct research, and simulate real-life scenarios in order to gather information about emerging threats. These teams leverage research in combination with automated tools, environmental knowledge, and their expertise to proactively hunt for specific types of malicious activity and share their findings with the cybersecurity community to benefit other organizations. Learn more about Threat Research Team / Threat Intelligence Team >> Third-party Risk Management Most organizations engage with third parties, such as vendors, contractors or subcontractors, and others. Each third-party introduces new risk in the supply chain, and they will have varying degrees of IT and cybersecurity maturity. Third-party risk management is how organizations understand and reduce the risk of a cybersecurity incident from a third party. It can include policies, procedures, and legal agreements that define and guide practices and responsibilities. Third-party risk management is part of a thorough risk assessment process. Learn more about third-party risk management >> uterms U. Unauthorized Access Unauthorized access occurs when a user accesses an organization’s IT systems or network without permission from the organization. This can happen through breaking into the system through weaknesses such as outdated operating systems or unpatched software. It can also happen even when the credentials used to access the system are authorized. For example, if an employee’s account credentials are stolen and used by a hacker to access corporate systems, that is still unauthorized access. vterms V. Vulnerability In cybersecurity, a vulnerability is a weak spot in a system, piece of software, or other digital asset that is not well-guarded and can be used by hackers to gain unauthorized access. wterms W. Weakness See vulnerability. xterms X. yterms Y. zterms Z. Zero Day Zero day—or a zero-day exploit—is when hackers take advantage of a vulnerability in software code before the vendor is aware. Vendors such as Microsoft issue regular hotfixes, patches, and updates to address new vulnerabilities as they become aware of them (which is why timely patch management is crucial). Have a cybersecurity term that you’d like to see defined, or that has your team baffled? Submit new terms to our team, and we’ll add them to our glossary! Submit a term Additional resources. The IT Nation Secure An annual event, the ConnectWise IT Nation Secure conference brings together TSPs and MSPs from around the world to learn from one another, explore best practices, and discuss the hottest topics in cybersecurity today. Event >> ConnectWise Cybersecurity Starter Kit If you’re looking to offer cybersecurity products and services through your MSP, check out our starter kit. We’ve included videos, co-branded information for your clients, templates, and more to give you solid footing to start your cybersecurity journey. Kit >> The Security Journey Self-Assessment Are you interested in offering cybersecurity products and services, but you’re not sure where to start? Take this self-assessment designed specifically for MSPs to see where you stand, and where you can grow your business further this year. Tool >> The SMB Cybersecurity Checklist MSPs can use this checklist to walk potential and existing customers through a 30-point cybersecurity assessment. Our checklist includes important areas such as having a privacy program, core tools such as a VPN and firewall, system hardening measures, and more. Checklist >> Three Steps to Becoming a Cybersecurity Provider Jumping into cybersecurity can be intimidating. In this blog post, a ConnectWise expert explores three core areas your MSP can explore to ramp up your cybersecurity knowledge and get on the path to offering cybersecurity services. First up? Make sure your own house is protected. Blog post >> Building your MSP Security Offerings Cybersecurity is a top area of opportunity for MSPs around the world, and the team at ConnectWise wants to help you grow your offerings. In this eBook, we walk through some core steps, topics, and considerations to help grow this area of your business. eBook >> Cybersecurity in an Era of Competing Priorities: The State of SMB Cybersecurity in 2021 SMBs are at risk from cyberattacks, and more organizations are becoming aware of the dangers. Our annual SMB report conducted by Vanson Bourne uncovered numerous insights about SMB cybersecurity, preparedness, and plans for the year. Download it today for insights into how your potential clients are viewing cybersecurity services. eBook >> Building a Risk-First Cybersecurity Culture Cybersecurity is a joint responsibility between an MSP and their customer—and it all starts with a shared cultural view of the importance of cybersecurity. Read this blog post for perspective and tips on how to build a “risk first” culture that puts security at the forefront of operations and processes. Blog post >> Cybersecurity Predictions for 2021 Experts from ConnectWise cover some of the top security trends for MSPs in 2021, including: the cybersecurity talent gap; building a tech stack; regulation; and the continued (and growing) threat of ransomware and other cyberattacks. Webinar >>
Topics
  • Topic
  • Tf
  • Position
  • organization
  • 97
  • 17
  • cybersecurity
  • 88
  • 17
  • system
  • 48
  • 17
  • data
  • 42
  • 17
  • threat
  • 38
  • 17
  • risk
  • 37
  • 17
  • security
  • 32
  • 17
  • incident
  • 30
  • 17
  • msp
  • 25
  • 17
  • learn
  • 23
  • 17
  • team
  • 23
  • 17
  • information
  • 22
  • 17
  • actor
  • 21
  • 17
  • hacker
  • 21
  • 17
  • framework
  • 20
  • 17
  • process
  • 20
  • 17
  • dark
  • 19
  • 17
  • tool
  • 19
  • 17
  • dark web
  • 18
  • 17
  • user
  • 18
  • 17
  • assessment
  • 18
  • 17
  • management
  • 18
  • 17
  • access
  • 18
  • 17
  • term
  • 17
  • 17
  • web
  • 17
  • 17
  • software
  • 17
  • 17
  • event
  • 16
  • 17
  • attack
  • 15
  • 17
  • device
  • 14
  • 17
  • service
  • 14
  • 17
  • technology
  • 13
  • 17
  • cybersecurity incident
  • 12
  • 17
  • organization system
  • 11
  • 17
  • cybersecurity threat
  • 10
  • 17
  • risk management
  • 10
  • 17
  • threat actor
  • 9
  • 17
  • cybersecurity framework
  • 9
  • 17
  • national institute
  • 7
  • 17
  • technology nist
  • 7
  • 17
  • unauthorized access
  • 7
  • 17
  • risk assessment
  • 7
  • 17
  • incident response
  • 7
  • 17
  • access organization
  • 6
  • 17
  • msp cybersecurity
  • 6
  • 17
  • bad actor
  • 6
  • 17
  • mobile device
  • 6
  • 17
  • national institute standard
  • 5
  • 17
  • institute standard technology
  • 5
  • 17
  • standard technology nist
  • 5
  • 17
  • day
  • 5
  • 17
  • log collection
  • 5
  • 17
  • party risk
  • 5
  • 17
  • red team
  • 5
  • 17
  • institute standard
  • 5
  • 17
  • standard technology
  • 5
  • 17
  • data breach
  • 5
  • 17
  • data loss
  • 5
  • 17
  • response plan
  • 5
  • 17
  • security operation center
  • 4
  • 17
  • operation center soc
  • 4
  • 17
  • dark web scan
  • 4
  • 17
  • party risk management
  • 4
  • 17
  • vendor partner
  • 4
  • 17
  • cybersecurity posture
  • 4
  • 17
  • factor authentication
  • 4
  • 17
  • penetration testing
  • 4
  • 17
  • security operation
  • 4
  • 17
  • operation center
  • 4
  • 17
  • center soc
  • 4
  • 17
  • smb cybersecurity
  • 4
  • 17
  • blue team
  • 4
  • 17
  • continuou monitoring
  • 4
  • 17
  • web scan
  • 4
  • 17
  • digital forensic
  • 4
  • 17
  • broad term
  • 4
  • 17
  • reduce risk
  • 4
  • 17
  • blog post
  • 4
  • 17
  • dark web assessment
  • 3
  • 17
  • data breach data
  • 3
  • 17
  • data loss prevention
  • 3
  • 17
  • distributed denial service
  • 3
  • 17
  • information system resilience
  • 3
  • 17
  • incident response plan
  • 3
  • 17
  • team threat intelligence
  • 3
  • 17
  • threat intelligence team
  • 3
  • 17
  • third party risk
  • 3
  • 17
  • service provider
  • 3
  • 17
  • cybersecurity service
  • 3
  • 17
  • anti malware
  • 3
  • 17
  • process organization
  • 3
  • 17
  • party
  • 3
  • 17
  • level security
  • 3
  • 17
  • process tool
  • 3
  • 17
  • practice cybersecurity
  • 3
  • 17
  • web assessment
  • 3
  • 17
  • breach data
  • 3
  • 17
  • data exfiltration
  • 3
  • 17
  • corporate system
  • 3
  • 17
  • data integrity
  • 3
  • 17
  • incident compromise
  • 3
  • 17
  • loss prevention
  • 3
  • 17
  • distributed denial
  • 3
  • 17
  • denial service
  • 3
  • 17
  • ddo attack
  • 3
  • 17
  • endpoint protection
  • 3
  • 17
  • endpoint security
  • 3
  • 17
  • information system
  • 3
  • 17
  • system resilience
  • 3
  • 17
  • team threat
  • 3
  • 17
  • threat intelligence
  • 3
  • 17
  • intelligence team
  • 3
  • 17
  • third party
  • 3
  • 17
  • offering cybersecurity
  • 3
  • 17
Result 18
TitleThe Motherlist Glossary Of Cybersecurity And Cybercrime Definitions
Urlhttps://cybersecurityventures.com/cybersecurity-glossary/
DescriptionHacking Lingo For Newbies, Students, Teachers, IT Pros And The Media
DateFeb 28, 2021
Organic Position18
H1
H228 Feb The Motherlist Glossary Of Cybersecurity And Cybercrime Definitions
H3
H2WithAnchors28 Feb The Motherlist Glossary Of Cybersecurity And Cybercrime Definitions
Bodysrc="https://www.googletagmanager.com/ns.html?id=GTM-554NTHG" height="0" width="0" style="display:none;visibility:hidden"> Cybersecurity terms and definitions. PHOTO: Cybercrime Magazine. 28 Feb The Motherlist Glossary Of Cybersecurity And Cybercrime Definitions. Posted at 01:25h in Lists by Di Freeze Hacking Lingo For Newbies, Students, Teachers, IT Pros And The Media – Steve Morgan, Editor-in-Chief Sausalito, Calif. – Jan. 2, 2020 Looking for a good source of cybersecurity terms and definitions? Look no further… The editors at Cybercrime Magazine scoured the Internet for definitions that keep you on the cutting edge of cybersecurity, cybercrime, and cyberwarfare. The Motherlist: Sophos, a leading IT security company, provides a thesaurus containing an alphabetical listing of data threats. This guide is written in plain language, not security jargon. So it’s perfect for IT managers and end users alike. And the more you know about individual threats, the better prepared you’ll be to defend against them. A PDF version is here. KnowBe4, a leader in the security awareness training and phishing simulation space, provides an extensive A-Z glossary. Each letter starts with acronyms in alphabetical order, then full words. The Security Encyclopedia from HYPR makes it easy for anybody to understand the concepts and terminology of the information security industry. Cybersecurity professionals can use this guide to refresh their knowledge and newcomers can find definitions. Cybrary’s cyber security glossary provides the cybersecurity community with knowledge of and insight on the industry’s significant terms and definitions. This list contains key terminology and is one of the most extensive cybersecurity glossary/vocabulary resources online. Start your search on the critical terms you need to know as a security professional. National Initiative for Cybersecurity Careers and Studies (NICCS), on its official website of the Department of Homeland Security (DHS), provides a glossary containing key cybersecurity terms that enable clear communication and a common understanding of cybersecurity definitions. SANS Institute, a leading information security training, certification, and research firm, provides a comprehensive alphabetical and keyword searchable directory of security and related IT terms. This is a handy reference for any security or IT pro. National Institute of Standards and Technology (NIST) provides a keyword searchable glossary of more than 6,700 security-related terms. This reference tool is especially valuable for finding cyberwarfare related definitions. Global Knowledge, an IT training company, compiled its Cybersecurity Glossary of Terms for everyone from the security professional to the general end-user. It contains definitions of terms commonly used in the security industry. From access control to zero-day, the InfoSec Glossary from Duo Security, a division of Cisco, compiles industry terms and definitions along with additional resources as a reference to demystify information security concepts. Does it seem to you like there’s always a new cybersecurity thing with an odd name that ends up on the news? Ohio State University created its Cyber Dictionary to keep track of all those terms. CyberPolicy, a marketplace that helps small businesses with cyber insurance needs, maintains a Cyber Glossary in its education center.  Whether you are a normal user or a tech-guru, being aware of computer security threats will help fortify your defense against them. Here’s a handy A-Z dictionary of cybersecurity terms from Quick Heal, antivirus researcher and developer. The Glossary of Identify and Cybersecurity Terms, compiled by the University of Texas at Austin’s Center for Identity, explores the definitions of commonly used identity and cybersecurity terms. Cybersecurity platform Defendify includes a glossary of cybersecurity terms for quick reference on its website.  Computer software company Malwarebytes has an extensive glossary of cybersecurity terms and definitions.  The Canadian Centre for Cyber Security, Canada’s authority on cyber security, provides a glossary as part of its cyber awareness campaign.  The Department of National Defense, Republic of the Philippines, updates its extensive Glossary of Cyber Security Terms regularly. The glossary is compiled by the Cyber Security Division, MISS-DND. – Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures. Go here to read all of my blogs and articles covering cybersecurity. Go here to send me story tips, feedback and suggestions. – Connor Morgan, a sophomore at St. John’s University, contributed to this post. Print page © 2022 Cybersecurity Ventures. All rights reserved. Federal copyright law prohibits unauthorized reproduction of this content by any means and imposes fines up to $150,000 for violations. Reproduction in whole or in part in any form or medium without expressed written permission of Cybersecurity Ventures is prohibited. All rights reserved Cybersecurity Ventures © 2022 Send this to a friendSendCancel
Topics
  • Topic
  • Tf
  • Position
  • cybersecurity
  • 23
  • 18
  • security
  • 21
  • 18
  • term
  • 17
  • 18
  • glossary
  • 16
  • 18
  • definition
  • 13
  • 18
  • cyber
  • 10
  • 18
  • cybersecurity term
  • 8
  • 18
  • term definition
  • 6
  • 18
  • cyber security
  • 6
  • 18
  • editor
  • 6
  • 18
  • extensive
  • 6
  • 18
  • industry
  • 5
  • 18
  • glossary cybersecurity
  • 4
  • 18
  • cybersecurity venture
  • 4
  • 18
  • morgan
  • 4
  • 18
  • university
  • 4
  • 18
  • cybercrime
  • 4
  • 18
  • reference
  • 4
  • 18
  • venture
  • 4
  • 18
  • cybersecurity term definition
  • 3
  • 18
  • information security
  • 3
  • 18
  • company
  • 3
  • 18
  • alphabetical
  • 3
  • 18
  • threat
  • 3
  • 18
  • end
  • 3
  • 18
  • user
  • 3
  • 18
  • training
  • 3
  • 18
  • information
  • 3
  • 18
  • professional
  • 3
  • 18
  • knowledge
  • 3
  • 18
  • national
  • 3
  • 18
  • related
  • 3
  • 18
  • compiled
  • 3
  • 18
Result 19
Title32 Cyber Security Terms Everyone Should Know | ITEnterpriser
Urlhttps://itenterpriser.com/knowledge-base/32-cyber-security-terms-everyone-should-know/
Description32 Cyber Security Terms Everyone Should Know · 1. Adware · 2. APT – Advanced Persistent Threats · 3. Black Hat Hacker · 4. Botnet · 5. Brute Force ...
DateOct 23, 2020
Organic Position19
H1
H2
H3
H2WithAnchors
Body
Topics
  • Topic
  • Tf
  • Position
Result 20
Title15 Must-know Cyber Terms | Loyola University New Orleans
Urlhttps://digitalskills.loyno.edu/cybersecurity/top-15-must-know-cybersecurity-terms/
DescriptionIt’s important for anyone on the Internet to familiarize themselves with basic cybersecurityterms to help protect their devices and their data from hackers
Date
Organic Position20
H1Top 15 Must-Know Cybersecurity Terms
H215 Cybersecurity Terms You Should Know
Getting Into Cybersecurity
Programs
Pages
H3Categories
Categories
H2WithAnchors15 Cybersecurity Terms You Should Know
Getting Into Cybersecurity
Programs
Pages
BodyTop 15 Must-Know Cybersecurity Terms As the world has become more digital and Internet-connected, the need to protect information and people through cybersecurity techniques has increased exponentially. Although once an area of expertise uncommon to the average person, the modern world has made it essential for every business, organization, and person to take their digital security seriously. Knowing and applying cybersecurity best practices is an essential skill for any Internet user, whether they’re the average social media user or leading a businesses’ online division. Because of that, it’s important for anyone on the Internet to familiarize themselves with basic cybersecurity techniques and terms to help protect their devices and their data from hackers and other malicious entities. 15 Cybersecurity Terms You Should Know. Cybersecurity, like other fields, has its own technical terminology. But that doesn’t mean you have to be out of the loop when it comes to practicing cybersecurity techniques yourself. Here are 15 simple cybersecurity terms that you should know to help you stay informed about threats, protect your data, and stay safer online. Virtual Private Network (VPN): A VPN is a tool that encrypts your connection over the Internet, safeguarding your data, and masking your location.Cloud: The cloud refers to data, services, or software that you access through the internet. An image stored in the cloud, for example, is on a remote server and not your computer. Cloud software refers to programs that you don’t have to download to your system.Internet of Things (IoT): Refers to an interconnected network of computers, machines, or other devices that are managed through a network. The smart home devices, like smart appliances and thermostats, are an example of IoT technology.Exploit: Refers to a method, tool or piece of code that leverages a vulnerability in a computer system to perform some malicious task.Penetration Test: Refers to a type of cyberattack authorized by an organization to test for vulnerabilities or weaknesses in a security system.Firewall: A network security mechanism that monitors the traffic going to and from your system. It can then block specific traffic based on preset security criteria, adding a degree of protection.Malware: A catchall term for any type of malicious software, including computer viruses, Trojan horses, and spyware.Ransomware: A specific type of malware that maliciously locks or encrypts a user’s data and machine, and then demands a ransom to unlock it.Phishing: Phishing is a type of attack that uses social engineering techniques to convince a user to click on a malicious link, open a malicious file, or otherwise give up more access to a machine or data. Spear phishing, a related term, refers to a phishing attack that targets one individual or group.Multi-Factor Authentication (MFA): Refers to one or more “factors” that protect an online account and a password. SMS verification texts are one type of MFA, as are authenticator apps or security keys.Encryption: A type of protocol or program that scrambles data, protecting it from prying eyes. Encrypted data can only be read or decrypted by a program or user with the proper key.Spyware: Malware that surreptitiously gathers data on a person. Spyware can include keyloggers, which capture everything you type on your keyboard, or malware that surveils a user through a device’s microphone and camera.DoS or DDoS: A denial-of-service attack snarls a service or website by overloading it with traffic. A distributed denial-of-service (DDoS) attack uses traffic from many sources, making it more difficult to stop.White Hat Hacker: A white hack hacker is a cybersecurity specialist who engages in ethical hacking to protect a system or find vulnerabilities to patch. Contrast with malicious, or black hat, hackers.Antivirus: A computer program or app that detects and stops threats or malware. Antivirus software, also sometimes known as anti-malware, can keep you from downloading malicious files and detect malware already present on your machine. Getting Into Cybersecurity. If the above terms have sparked your curiosity, you may want to dive deeper into the world of cybersecurity. Learn about our Cybersecurity Bootcamp and see how you can become a qualified professional in less than one year. Categories. Career Advice CyberSecurity Digital Marketing General . . View this post on Instagram A post shared by Loyola Digital Skills (@loyoladigitalskills) Categories. Career Advice CyberSecurity Digital Marketing General . . View this post on Instagram A post shared by Loyola Digital Skills (@loyoladigitalskills) To learn more about the Loyola University Digital Skills Bootcamps, you can call our advisors at (504) 475-1400 or by filling out the form below. 6363 St. Charles Avenue New Orleans, LA 70118 (504) 475-1400 Programs. Cybersecurity Bootcamp Digital Marketing Bootcamp Software Development Bootcamp Pages. Home FAQ The Classroom Blog Career Services About Us Contact Us Events Powered by Privacy Policy Skip to content This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Topics
  • Topic
  • Tf
  • Position
  • cybersecurity
  • 15
  • 20
  • data
  • 10
  • 20
  • service
  • 8
  • 20
  • term
  • 8
  • 20
  • digital
  • 8
  • 20
  • user
  • 7
  • 20
  • maliciou
  • 7
  • 20
  • refer
  • 7
  • 20
  • type
  • 7
  • 20
  • malware
  • 6
  • 20
  • device
  • 5
  • 20
  • internet
  • 5
  • 20
  • protect
  • 5
  • 20
  • security
  • 5
  • 20
  • software
  • 5
  • 20
  • computer
  • 5
  • 20
  • program
  • 5
  • 20
  • bootcamp
  • 5
  • 20
  • cybersecurity term
  • 4
  • 20
  • person
  • 4
  • 20
  • technique
  • 4
  • 20
  • skill
  • 4
  • 20
  • network
  • 4
  • 20
  • machine
  • 4
  • 20
  • traffic
  • 4
  • 20
  • attack
  • 4
  • 20
  • post
  • 4
  • 20
  • cybersecurity technique
  • 3
  • 20
  • digital marketing
  • 3
  • 20
  • digital skill
  • 3
  • 20
  • phishing
  • 3
  • 20
  • career
  • 3
  • 20
  • marketing
  • 3
  • 20
  • loyola
  • 3
  • 20
Result 21
Title10 Cybersecurity Terms All Security Professionals Need to Know
Urlhttps://www.northeastern.edu/graduate/blog/cybersecurity-terms/
DescriptionThinking about a career in cybersecurity? Start by understanding these cybersecurity terms to form the basis of your education in the field
DateJan 7, 2020
Organic Position21
H110 Cybersecurity Terms All Security Professionals Need to Know
H2Top Cybersecurity Terms for Security Professionals
Breaking Into Cybersecurity
H3Download Our Free Guide to Advancing Your Cybersecurity Career
1. Cryptography
2. Network Security
3. Digital Forensics
4. Cybersecurity Risk Management
5. Defense in Depth
6. Program Analysis
7. Reverse Code Engineering
8. Operating System Security
9. Wireless Security
10. Cyberlaw
Related Articles
H2WithAnchorsTop Cybersecurity Terms for Security Professionals
Breaking Into Cybersecurity
Body10 Cybersecurity Terms All Security Professionals Need to Know By Shayna Joubert  |  January 7, 2020   Industry Advice Computing and IT Share on FacebookShare on TwitterShare on Linkedin As technology advances rapidly, businesses and organizations are requiring an increasing number of cybersecurity professionals to keep nefarious attacks at bay. In fact, job growth in the field is expected to rise nearly 32 percent by 2028—more than six times the expected growth for all occupations.  For individuals considering pursuing a cybersecurity career, attaining the proper level of education and skill is a necessity. Professionals in this field work to protect the integrity of an organization’s networks, programs, and data from attack, damage, or unauthorized access. Their duties can range from helping organizations understand the software threats they face, to performing security tests and developing security strategies. If you are in the earliest stages of preparing yourself for a career in cybersecurity, it’s a good idea to familiarize yourself with the terms and vocabulary you will need to excel in the field. Below, with the help of Guevara Noubir, professor and executive director of cybersecurity programs at Northeastern University, we have compiled a list of key cybersecurity terms that all aspiring industry professionals should know. Download Our Free Guide to Advancing Your Cybersecurity Career. Learn how to meet the growing demand for skilled cybersecurity professionals. DOWNLOAD NOW Top Cybersecurity Terms for Security Professionals. 1. Cryptography. Cryptography is the science of developing the fundamental building blocks for security mechanisms, such as encryption, message integrity codes, hashing, and digital signatures. This is essential to fend off unauthorized users from accessing sensitive information. It helps ensure that data is delivered from the sender to the intended recipient, without any interference. 2. Network Security. Network security refers to the design, development, and operation of secure network protocols with ideally provable service guarantees such as authentication, confidentiality, integrity, availability, non-repudiation, auditing, and key management. It is crucial for an organization to have good network security in order to protect their data from being lost, stolen, or sabotaged. With security breaches becoming more prevalent, organizations rely on network security to safeguard them from attacks. 3. Digital Forensics. Digital forensics is an area of cybersecurity that is used in law enforcement to investigate crimes. It is also used by companies to investigate and mitigate issues surrounding intellectual property, or the inappropriate use of computing and network infrastructure. Digital forensics emphasizes practices to recover and manipulate digital evidence, guaranteeing it is authentic, reliably obtained, and its integrity preserved, to make it admissible as evidence in court. This is an important aspect of cybersecurity that seeks to achieve justice by making it possible to prosecute cybercrime. 4. Cybersecurity Risk Management. Cybersecurity risk management is the process of identifying the cybersecurity threats relevant to an organization’s cyber system, assessing their vulnerability to such threats, and determining the associated risks (probability of an attack’s occurrence and expected consequences). It also includes devising and deploying adequate mitigations. According to Noubir, cybersecurity risk management is critical because the best defense is a good offense. 5. Defense in Depth. Defense in depth (DiD) is a practical approach conceived by the NSA to secure networked systems. It advocates layered protections that consider people, technology, and operation. This approach works because it accounts for any vulnerabilities by offering additional protections as a back-up. It is also sometimes known as the Castle Approach. 6. Program Analysis. Program analysis is the process of analyzing a computer program’s behavior, in an automated way, towards determining its correctness and exposing vulnerabilities. Program analysis techniques are classified as either static (can be done offline) or dynamic (done at runtime). This is a useful tool because it allows cybersecurity professionals to see what works and what doesn’t so that necessary improvements can be made to ensure optimal cybersecurity. 7. Reverse Code Engineering. Reverse code engineering is the process of analyzing computer software when the source code is not available. It is typically pursued to create an abstract representation of the software so that a cybersecurity professional is able to make more accurate assumptions about the software’s functionality and properties. This process often involves the disassembly of machine code and decompilation to recreate the source code. By reverse code engineering, cybersecurity professionals can study the techniques used by malware developers, develop tools to combat those threats, and identify security flaws in software. 8. Operating System Security. Operating system security refers to a set of mechanisms, integral to the operating system, which is aimed at guaranteeing confidentiality, integrity, and availability services of a computer system in the presence of insider and external adversaries. OS security allows applications and programs to function properly without unauthorized interference and ensures the safety of a system from threats or attacks. 9. Wireless Security. Wireless security is a sub-area of network security that specifically considers the threats associated with wireless communications. In addition to the typical network security services, it also covers various other security and privacy guarantees such as the design of communications schemes that are robust against jamming, spoofing RF signals (e.g. base stations, or GPS), and prevention of sensitive information leakage that enable adversarial tracking. Wireless networks can be easily exploited, and are vulnerable by their very nature, so implementing wireless security is very important. 10. Cyberlaw. Sometimes referred to as IT law, cyberlaw focuses on regulations and laws that concern all aspects of information technology such as computer systems, software, and the internet. It includes contracts, intellectual property, privacy, and data protection laws. With the increasing reliance on digital devices and the amount of data stored and shared online, it is important to have legal measures in place to ensure the safety and welfare of users. Breaking Into Cybersecurity. While the terms listed and defined above form a critical part of the knowledge base that cybersecurity professionals must understand, it is important to note that a successful career in cybersecurity requires more than just memorizing definitions. It requires real, contextualized understanding and experience in those topics, which is difficult to gain without formal education in the field, says Noubir. Earning a master’s degree in cybersecurity will provide you with the knowledge, context, and understanding that you need to be successful.  At Northeastern, we educate students through a solid foundation in cybersecurity, contextualized through practical training, Noubir says. This is by far the most effective way of breaking into the field. Think you’re ready to break into a cybersecurity career? Download our free guide to Advancing Your Career in Cybersecurity or explore our master’s degree program today.    About Shayna Joubert Shayna Joubert is the Associate Director of Content Marketing for Northeastern University's Enrollment Management team. Related Articles. 5 Top Tech Events in Toronto 2021 The 11 Highest-Paying Computer Science Jobs Part-Time Computer Science Degrees: What to Expect Take the Next Step in Your Career . There will be 3.5 million unfilled cybersecurity jobs globally by 2021. (CyberVentures, 2018). Master of Science in Cybersecurity Transform your career in an industry that's transforming the world. Learn More Most Popular:. Tips for Taking Online Classes: 8 Strategies for Success Public Health Careers: What Can You Do With a Master’s Degree? 7 Business Careers You Can Pursue with a Global Studies Degree EdD vs. PhD in Education: What’s the Difference? 7 Must-Have Skills For Data Analysts In-Demand Biotechnology Careers Shaping Our Future The Benefits of Online Learning: 7 Advantages of Online Degrees How to Write a Statement of Purpose for Graduate School The best of our graduate blog—right to your inbox. Stay up to date on our latest posts and university events. Plus receive relevant career tips and grad school advice. By providing us with your email, you agree to the terms of our Privacy Policy and Terms of Service. Keep Reading:. Analytics Business Career Advice & Advancement Communications & Digital Media Computing and IT Education Engineering Faculty Insights Featured Featured Grad School Tips & Advice Healthcare Industry Advice Leadership Law & Criminology Management Online Learning Tips, Strategies & Advice Pharmaceutical Science Political Science & Security Public Health & Public Policy Regulatory Affairs Science & Mathematics Student & Alumni Stories Follow us:. Facebook Twitter LinkedIn [https://www.northeastern.edu/graduate/blog/wp-content/uploads/2019/02/data-analytics-vs-data-science-2.jpg] Data Analytics vs. Data Science: A Breakdown. December 8, 2021 - Industry Advice [data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==][https://www.northeastern.edu/graduate/blog/wp-content/uploads/2020/12/Computer-Science-Prerequisites-1.png] What are the Prerequisites for a Master’s in Computer Science? December 8, 2021 - Industry Advice [https://www.northeastern.edu/graduate/blog/wp-content/uploads/2021/11/MS-in-HMS-worth-it-1.jpg] Is an MS in Human Movement & Rehabilitation Science Worth It? October 28, 2021 - Industry Advice [data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==][https://www.northeastern.edu/graduate/blog/wp-content/uploads/2019/02/data-analytics-vs-data-science-2.jpg] Data Analytics vs. Data Science: A Breakdown. December 8, 2021 - Industry Advice [data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==][https://www.northeastern.edu/graduate/blog/wp-content/uploads/2020/12/Computer-Science-Prerequisites-1.png] What are the Prerequisites for a Master’s in Computer Science? December 8, 2021 - Industry Advice [https://www.northeastern.edu/graduate/blog/wp-content/uploads/2017/08/Project-Management-Small-1.gif] Career Guide: How to Become a Project Manager. April 16, 2021 - Featured
Topics
  • Topic
  • Tf
  • Position
  • cybersecurity
  • 30
  • 21
  • security
  • 22
  • 21
  • science
  • 16
  • 21
  • data
  • 14
  • 21
  • career
  • 14
  • 21
  • 2021
  • 12
  • 21
  • network
  • 12
  • 21
  • master
  • 11
  • 21
  • degree
  • 11
  • 21
  • program
  • 11
  • 21
  • professional
  • 11
  • 21
  • advice
  • 11
  • 21
  • computer
  • 10
  • 21
  • 2021 industry
  • 9
  • 21
  • industry
  • 9
  • 21
  • attack
  • 8
  • 21
  • organization
  • 8
  • 21
  • software
  • 8
  • 21
  • digital
  • 8
  • 21
  • system
  • 8
  • 21
  • network security
  • 7
  • 21
  • industry advice
  • 7
  • 21
  • analytic
  • 7
  • 21
  • term
  • 7
  • 21
  • code
  • 7
  • 21
  • management
  • 7
  • 21
  • computer science
  • 6
  • 21
  • data science
  • 6
  • 21
  • cybersecurity professional
  • 6
  • 21
  • wireless
  • 6
  • 21
  • threat
  • 6
  • 21
  • httpswwwnortheasternedugraduateblogwp
  • 6
  • 21
  • 2021 industry advice
  • 5
  • 21
  • wireless security
  • 5
  • 21
  • field
  • 5
  • 21
  • integrity
  • 5
  • 21
  • law
  • 5
  • 21
  • online
  • 5
  • 21
  • december 2021
  • 4
  • 21
  • digital forensic
  • 4
  • 21
  • cybersecurity risk
  • 4
  • 21
  • program analysi
  • 4
  • 21
  • reverse code
  • 4
  • 21
  • operating system
  • 4
  • 21
  • cybersecurity term
  • 4
  • 21
  • december
  • 4
  • 21
  • cybersecurity risk management
  • 3
  • 21
  • reverse code engineering
  • 3
  • 21
  • master degree
  • 3
  • 21
  • industry advice dataimagegifbase64r0lgodlhaqabaaaaach5baekaaealaaaaaabaaeaaaictaeaow
  • 3
  • 21
  • advice dataimagegifbase64r0lgodlhaqabaaaaach5baekaaealaaaaaabaaeaaaictaeaow httpswwwnortheasternedugraduateblogwp
  • 3
  • 21
  • shayna joubert
  • 3
  • 21
  • cybersecurity career
  • 3
  • 21
  • career cybersecurity
  • 3
  • 21
  • risk management
  • 3
  • 21
  • code engineering
  • 3
  • 21
  • advice dataimagegifbase64r0lgodlhaqabaaaaach5baekaaealaaaaaabaaeaaaictaeaow
  • 3
  • 21
  • dataimagegifbase64r0lgodlhaqabaaaaach5baekaaealaaaaaabaaeaaaictaeaow httpswwwnortheasternedugraduateblogwp
  • 3
  • 21
Result 22
Title12 Common Cybersecurity Terms - Smart Eye Technology
Urlhttps://getsmarteye.com/12-most-common-cyber-security-words/
DescriptionCybersecurity terms and terminology is continually evolving and it can be hard to keep up. Here are some common security terms you should know
DateOct 6, 2020
Organic Position22
H112 Common Cybersecurity Terms
H2Table of Contents
12 Common Cybersecurity Terms
H31. Phishing
2. Biometric Authentication
3. Social Engineering
4. Visual Hacking
5. Artificial Intelligence (AI)
6. Distributed Denial of Service (DDoS)
7. Hacker
8. Malware
9. Ransomware
10. Man-in-the-Middle Attacks
11. Bring Your Own Device (BYOD) Policy
12. Virtual Private Network (VPN)
8 Different Types of Fingerprints – Complete Analysis
The 4 Main Types of Iris Patterns You Should Know (With Images)
Is Cybersecurity Hard? Common Challenges and Best Practices
H2WithAnchorsTable of Contents
12 Common Cybersecurity Terms
Body12 Common Cybersecurity Terms Share on facebook Share on twitter Share on linkedin Smart Eye Technology . Smart Eye Technology has pioneered a new sector in cybersecurity – a continuous and multi-level biometric security platform that keeps private documents secure by blocking risky screen snooping and preventing unauthorized access to shared files. Table of Contents . 12 Common Cybersecurity Terms Cybersecurity affects all areas of all companies, large, medium, and small. When we talk about cybersecurity with people outside their organization’s IT department, we often use terms that can be difficult to understand. Because of this, we’re going to explain the meaning of a few commonly used cybersecurity terms. Understanding cybersecurity terms makes it easier to see how to implement the appropriate level of protection to avoid putting the company at risk.  12 Common Cybersecurity Terms. 1. Phishing. A common and effective (if not efficient) form of cyberattack, phishing involves sending emails to targeted users that use various methods to entice them to click on links or attachments containing malicious code. They often take the form of urgent messages that claim to be from different companies or government agencies. Once the user clicks on the link or attachment, malware is uploaded into their computer to either steal log-in credentials or spread throughout a company network. Although organizations advise employees not to open suspicious emails, additional forms of document security are often necessary to ensure that only authorized material is being delivered. 2. Biometric Authentication . One of the most advanced forms of identity verification, biometric technology scans a user’s unique biological signifiers (such as fingerprints, facial structure, iris patterns) to confirm that they are who they claim to be. Often incorporated into multi-factor authentication systems that require users to present more than one form of credentials, biometrics have become increasingly sophisticated and are incredibly difficult for hackers to forge. This makes them an ideal credentialing solution that is far more effective than conventional passwords. 3. Social Engineering. A particularly dangerous form of security threat, social engineering exploits human psychology instead of technical hacking or programming tricks to gain access to passwords, access credentials, and personal information. Criminals use techniques like posing as contractors or building relationships with employees over social media to trick them into divulging sensitive information. Social engineering techniques are especially good at bypassing cybersecurity defenses since they don’t rely on direct hacking efforts. Security awareness training can help employees to spot social engineering tactics, and physical security measures like continuous biometric authentication can help to protect sensitive documents from exposure. 4. Visual Hacking. Also called “shoulder surfing” or “screen snooping,” visual hacking occurs when someone steals sensitive information or credentials by physically looking at someone’s screen. This could involve glancing at a computer monitor or picking up an unattended smartphone or tablet. While there are many security measures designed to combat conventional cyberattacks, visual hacking requires innovative strategies like screen protectors or continuous biometric authentication. 5. Artificial Intelligence (AI). Often used interchangeably with “machine learning,” artificial intelligence uses sophisticated algorithms to analyze data and perform complex tasks. While most people think of AI as mimicking human intelligence, the technology is typically used to automate and manage tasks that could not be done effectively by humans. Many cybersecurity platforms use AI to constantly scan for unusual network activity and take steps to mitigate potential threats. Predictive AI models can analyze massive amounts of data to identify dangers and vulnerabilities that might escape the notice of humans. Unfortunately, that same technology can be deployed by cybercriminals, which has forced cybersecurity experts to work even harder to stay ahead of the latest attack strategies. 6. Distributed Denial of Service (DDoS). One of the most common forms of cyberattack, a DDoS attack bombards a server with access requests from multiple sources until the system is overwhelmed and shuts down. When the network goes down, data availability is compromised and an organization can be vulnerable to a data breach if key cybersecurity functions are shut down. Relatively easy to launch, DDoS attacks can inflict a high cost on organizations due to prolonged downtime. Many organizations invest in DDoS mitigation software or services to protect themselves from these attacks. 7. Hacker. A broad term used to identify any cybercriminal who uses their knowledge of computer networking systems to launch attacks that disrupt services and compromise data. They typically utilize various forms of malware and brute force hacking tactics to shut down systems, steal access credentials, and manipulate data. Due to the widespread availability of powerful software tools, hackers often don’t need to have extensive knowledge of programming or coding to cause significant damage. While they are often driven by financial incentives, some hacker-driven cyberattacks are conducted for political or ideological purposes. 8. Malware. Malware refers to a broad range of malicious software that is introduced into a computer or network to provide unauthorized users with control over key systems and processes. Many data breaches can be traced back to some form of malware, so organizations need to make sure their systems are patched and updated to account for the latest generation of malware.  9. Ransomware. A particularly damaging form of malware that completely locks a user out of their computer or network systems. Ransomware does this by encrypting key files that can only be unlocked by the attacker, who promptly demands a financial payment in exchange (the “ransom” portion of ransomware). Most cybersecurity specialists advise companies NOT to pay the ransom as there is no guarantee that the hackers will make good on their promise. Still, organizations that have no other means of recovering their data sometimes have no choice but to take their chances. 10. Man-in-the-Middle Attacks. One of the more difficult forms of cyberattack to detect, a man-in-the-middle attack allows cybercriminals to intercept data while it is in transit from one location to another. They can use this information to steal log-in credentials and personal information, sabotage and corrupt data, or simply spy on authorized users. Hackers often use a broad range of techniques to reroute traffic from legitimate networks to harvest data without anyone noticing. Today, these attacks are frequently automated with a variety of tools that look for passwords and other important data. Encryption protocol tools that protect data in transit (such as virtual private networks) are the best defense against these attacks. 11. Bring Your Own Device (BYOD) Policy. Today’s employees possess a wide range of devices that are often used for work purposes. This not only includes obvious devices like portable laptops, tablets, or mobile phones, but also wearable devices (like smart watches) and home assistants (like a Google Home or Amazon Alexa speaker). While these Internet of Things (IoT) devices are incredibly useful and effective means of collecting data, they also create a substantial risk to access security because unauthorized third parties may use them as a vector to gain access to a broader network. A BYOD policy lays out the terms and conditions under which employees can bring their own device to work with the resources of the organization, effectively applying security measures to divide the personal environment from the work environment. 12. Virtual Private Network (VPN). Virtual private networks provide an encrypted connection that allows people to connect their devices to a secure network over the internet. They are often used in remote work situations when employees need to log into a secure company network. A VPN effectively creates a “tunnel” that allows the user to transmit data without any unauthorized people monitoring the data in transit. Although zero-trust access networks are becoming more commonplace, most organizations still rely upon VPN connections when working remotely. As cyberthreats continue to evolve, organizations must make sure they’re keeping up to date on the latest cybersecurity terms and terminologies. They also need to familiarize themselves with the most effective cybersecurity tools available, especially when it comes to the challenges of the remote workplace. Staying one step ahead of these cyberthreats is essential for growing your business and avoiding the catastrophic damage of a data breach. PrevPreviousConfidentiality, Integrity, & Availability: Basics of Information Security NextHow Secure is Biometric Authentication?Next More to explorer. 8 Different Types of Fingerprints – Complete Analysis . January 5, 2022 No Comments Verifying someone’s identity is an essential component of your security policy. You need protections in place to prevent hackers from penetrating your The 4 Main Types of Iris Patterns You Should Know (With Images) . January 5, 2022 No Comments The world of security is constantly trying to stay ahead of criminals by developing technology that provides enough protection against attempts to Is Cybersecurity Hard? Common Challenges and Best Practices . January 5, 2022 No Comments Cybersecurity is a major concern for businesses of all sizes. A staggering 98% of U.S. executives say their organization has experienced at TECHNOLOGY FOR YOUR EYES ONLY® Facebook-f Twitter Youtube Linkedin Instagram SCHEDULE A DEMO Privacy Policy Terms of Use CCPA Opt Out Cookie Policy ©2022 Smart Eye Technology, Inc. Smart Eye Technology and Technology For Your Eyes Only are registered copyrights of Smart Eye Technology, Inc. All Rights Reserved. We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.Cookie SettingsAccept AllManage consent Close Privacy Overview. This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience. Necessary Necessary Always Enabled Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously. CookieDurationDescription__hssrcsessionThis cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.__hstc1 year 24 daysThis is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).__stripe_mid1 yearStripe sets this cookie cookie to process payments.__stripe_sid30 minutesStripe sets this cookie cookie to process payments._ga2 yearsThe _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors._ga_KZZHX0NKJK2 yearsThis cookie is installed by Google Analytics._gat_UA-179046652-11 minuteA variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to._gcl_au3 monthsProvided by Google Tag Manager to experiment advertisement efficiency of websites using their services._gid1 dayInstalled by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously._hjAbsoluteSessionInProgress30 minutesHotjar sets this cookie to detect the first pageview session of a user. This is a True/False flag set by the cookie._hjFirstSeen30 minutesHotjar sets this cookie to identify a new user’s first session. It stores a true/false value, indicating whether it was the first time Hotjar saw this user._hjIncludedInPageviewSample2 minutesHotjar sets this cookie to know whether a user is included in the data sampling defined by the site's pageview limit._hjIncludedInSessionSample2 minutesHotjar sets this cookie to know whether a user is included in the data sampling defined by the site's daily session limit._wc-affiliate2 years_wc-affiliate_visit2 yearsCONSENT2 yearsYouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.cookielawinfo-checkbox-advertisement1 yearSet by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".elementorneverThis cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.vuid2 yearsVimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website. Functional Functional Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features. CookieDurationDescription__cf_bm30 minutesThis cookie, set by Cloudflare, is used to support Cloudflare Bot Management.__hssc30 minutesHubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.bcookie2 yearsLinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.bscookie2 yearsLinkedIn sets this cookie to store performed actions on the website.hubspotutk1 year 24 daysHubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.langsessionLinkedIn sets this cookie to remember a user's language setting.lidc1 dayLinkedIn sets the lidc cookie to facilitate data center selection.UserMatchHistory1 monthLinkedIn sets this cookie for LinkedIn Ads ID syncing. Performance Performance Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors. Analytics Analytics Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc. Advertisement Advertisement Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads. CookieDurationDescription_fbp3 monthsThis cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.fr3 monthsFacebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.IDE1 year 24 daysGoogle DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.NID6 monthsNID cookie, set by Google, is used for advertising purposes; to limit the number of times the user sees an ad, to mute unwanted ads, and to measure the effectiveness of ads.test_cookie15 minutesThe test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.VISITOR_INFO1_LIVE5 months 27 daysA cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.YSCsessionYSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.yt-remote-connected-devicesneverYouTube sets this cookie to store the video preferences of the user using embedded YouTube video.yt-remote-device-idneverYouTube sets this cookie to store the video preferences of the user using embedded YouTube video. Others Others Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet. CookieDurationDescription_fw_crm_v1 yearNo description available._hjSession_194870330 minutesNo description_hjSessionUser_19487031 yearNo descriptionAnalyticsSyncHistory1 monthNo descriptionCookieLawInfoConsent1 yearNo descriptiondebugneverNo description available.li_gc2 yearsNo descriptionm2 yearsNo description available.pp_modal_5df3a0c7ed54e1 monthNo description SAVE & ACCEPT Powered by 30%OFF on a 2-year plan. Start the year right with this year-end special. Deadline: Dec 31, 2021 GET THE PROMO NOW!
Topics
  • Topic
  • Tf
  • Position
  • cookie
  • 56
  • 22
  • set
  • 35
  • 22
  • user
  • 34
  • 22
  • cooky
  • 27
  • 22
  • website
  • 23
  • 22
  • data
  • 22
  • 22
  • cybersecurity
  • 17
  • 22
  • cookie set
  • 16
  • 22
  • set cookie
  • 16
  • 22
  • consent
  • 16
  • 22
  • network
  • 13
  • 22
  • store
  • 13
  • 22
  • organization
  • 12
  • 22
  • security
  • 12
  • 22
  • form
  • 12
  • 22
  • information
  • 12
  • 22
  • term
  • 11
  • 22
  • technology
  • 11
  • 22
  • visitor
  • 11
  • 22
  • attack
  • 10
  • 22
  • session
  • 9
  • 22
  • cookie store
  • 8
  • 22
  • social
  • 8
  • 22
  • access
  • 8
  • 22
  • device
  • 8
  • 22
  • google
  • 8
  • 22
  • gdpr cookie consent
  • 7
  • 22
  • cybersecurity term
  • 7
  • 22
  • consent cooky
  • 7
  • 22
  • gdpr cookie
  • 7
  • 22
  • cookie consent
  • 7
  • 22
  • youtube
  • 7
  • 22
  • number
  • 7
  • 22
  • analytic
  • 7
  • 22
  • advertisement
  • 7
  • 22
  • gdpr
  • 7
  • 22
  • category
  • 7
  • 22
  • ad
  • 7
  • 22
  • cookie consent plugin
  • 6
  • 22
  • user consent cooky
  • 6
  • 22
  • cookie set gdpr
  • 6
  • 22
  • set gdpr cookie
  • 6
  • 22
  • 2022 comment
  • 6
  • 22
  • consent plugin
  • 6
  • 22
  • user consent
  • 6
  • 22
  • set gdpr
  • 6
  • 22
  • smart eye technology
  • 5
  • 22
  • monthsthi cookie set
  • 5
  • 22
  • consent cooky category
  • 5
  • 22
  • biometric authentication
  • 5
  • 22
  • social engineering
  • 5
  • 22
  • smart eye
  • 5
  • 22
  • eye technology
  • 5
  • 22
  • monthsthi cookie
  • 5
  • 22
  • store user
  • 5
  • 22
  • cooky category
  • 5
  • 22
  • minuteshotjar set cookie
  • 4
  • 22
  • consent plugin cookie
  • 4
  • 22
  • store user consent
  • 4
  • 22
  • visual hacking
  • 4
  • 22
  • data transit
  • 4
  • 22
  • website cooky
  • 4
  • 22
  • minuteshotjar set
  • 4
  • 22
  • plugin cookie
  • 4
  • 22
  • 12 common cybersecurity
  • 3
  • 22
  • common cybersecurity term
  • 3
  • 22
  • virtual private network
  • 3
  • 22
  • january 2022
  • 3
  • 22
  • plugin cookie store
  • 3
  • 22
  • cookie store user
  • 3
  • 22
  • set cookie store
  • 3
  • 22
  • 12 common
  • 3
  • 22
  • common cybersecurity
  • 3
  • 22
  • form cyberattack
  • 3
  • 22
  • security measure
  • 3
  • 22
  • data breach
  • 3
  • 22
  • form malware
  • 3
  • 22
  • virtual private
  • 3
  • 22
  • private network
  • 3
  • 22
  • january
  • 3
  • 22
  • 2022
  • 3
  • 22
  • year 24
  • 3
  • 22
  • timestamp visit
  • 3
  • 22
  • google analytic
  • 3
  • 22
  • store information
  • 3
  • 22
  • track visitor
  • 3
  • 22
  • visitor website
  • 3
  • 22
  • embedded youtube
  • 3
  • 22
  • cooky store
  • 3
  • 22
Result 23
TitleCybersecurity Glossary - NARUC
Urlhttps://www.naruc.org/cpi-1/critical-infrastructure-cybersecurity-and-resilience/cybersecurity/cybersecurity-glossary/
Description
Date
Organic Position23
H1
H2Cybersecurity
H3Quick Links
H2WithAnchorsCybersecurity
Bodycenter for partnerships & innovation Cybersecurity. NARUC Cybersecurity Glossary. This glossary contains definitions of cybersecurity terms and concepts found throughout the resources that comprise NARUC’s Cybersecurity Manual. It also contains terms that public utility commissions may encounter during engagements with utilities on the topic of cybersecurity. Definitions contained in this glossary are from authoritative sources. They are gathered here for ease of use. Many definitions are cited verbatim; however, some have been paraphrased or adapted for clarity and conciseness. Links to original sources are included. The Cybersecurity Glossary is a “living document.” This means that new cybersecurity terms and concepts will be added to reflect the advancement of cybersecurity risk management and technology over time. A list of notable cybersecurity incidents is included at the end of the glossary.  These incidents are often cited in cybersecurity literature, articles, blogs, webinars, and workshops and are included in this glossary for that reason.  Presented in chronological order, the list also reflects the increasingly targeted nature of threats to the nation's critical infrastructure.  Quick Links. NASEO-NARUC Microgrids State Working Group Meeting, Dec. 17 1 - 2 pm ET Issue Brief: Log4j Vulnerability, December 2021 Federal Funding Opportunities Guidebook, October 2021 Lessons Learned from the Ongoing Response to the COVID-19 Crisis, October 2021 Regulatory Considerations for Utility Investments in Defense Energy Resilience, October 2021 NARUC Cybersecurity Manual Cybersecurity Terms Term Definition Source Access Control   The process of granting or denying specific requests: 1) for obtaining and using information and related information processing services; and 2) to enter specific physical facilities (e.g., federal buildings, military establishments, and border crossing entrances). NIST Access Control List (ACL)   A list of permissions associated with an object (e.g., computer hardware or software or a gate that provides ingress and egress to a physical facility). The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object. CNSS Advanced Persistent Threat (APT) An adversary that possesses sophisticated levels of expertise and significant resources used to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (1) pursues its objectives repeatedly over an extended period of time; (2) adapts to defenders’ efforts to resist it; and (3) is determined to maintain the level of interaction needed to execute its objectives. NIST   After-Action Report (AAR) Summary of key post-exercise evaluation information, including the exercise overview and analysis of objectives and core capabilities. It is developed in conjunction with an improvement plan, which identifies specific corrective actions, assigns them to responsible parties, and establishes target dates for their completion. The lead evaluator and exercise planning team draft the AAR. FEMA     All-Hazards A threat or an incident, natural or manmade, that warrants action to protect life, property, the environment, and public health or safety, and to minimize disruptions of government, social, or economic activities. It includes natural disasters, cyber incidents, industrial accidents, pandemics, acts of terrorism, sabotage, and destructive criminal activity targeting critical infrastructure. Presidential Policy Directive / PPD-21   Attestation The validation of all aspects of a computer or system that relate to its safe, secure, and correct operation. NRECA / Cooperative Research Network Authentication Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources. NIST Authorization Verifying a user’s permissions (after a user has been authenticated) for accessing certain resources or functionality. NRECA / Cooperative Research Network Availability Ensuring timely and reliable access to and use of information. Resiliency objectives extend the concept to refer to point-in-time availability (i.e., the system, component, or device is usable when needed) and the continuity of availability (i.e., the system, component, or device remains usable for the duration of the time it is needed). With confidentiality and integrity, availability is considered part of the CIA Triad, which represents the three most crucial components of information security. NIST Bandwidth The amount of information that can be passed through a communication channel in a given amount of time, usually expressed in bits per second. ATIS Bitcoin An electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party. Bitcoin.org Blacklist A list of entities that are blocked or denied privileges or access. US-CERT Black Sky Hazard/Event A catastrophic event that severely disrupts the normal functioning of critical infrastructures in multiple regions for long durations. EIS Council Black Start The restoration of a power station without reliance on the external power transmission system. Black start capabilities are often provided by small co-located diesel generators used to start larger generators, which in turn start the main power station generators. Idaho National Laboratory Blockchain Tamper-resistant digital ledgers implemented in a distributed fashion (i.e., without a central repository) and usually without a central authority (i.e., a bank, company, or government). At their basic level, they enable a community of users to record transactions in a shared ledger within that community, such that under normal operation, no transaction can be changed once published. NIST Botnet A collection of computers compromised by malicious code and controlled across a network. (See Command and Control.) The word botnet is a combination of the words robot and network. US-CERT Boundary Protection Monitoring and control of digital communications at the external perimeter of an information system to prevent and detect malicious and other unauthorized communications, using devices such as proxies, gateways, routers, firewalls, guards, and encrypted tunnels. Also referred to as perimeter protection. NRECA / Cooperative Research Network Bulk Electric System (BES) Cyber Asset A Cyber Asset that, if rendered unavailable, degraded, or misused, would, within 15 minutes of its required operation, misoperation, or non-operation, adversely impact one or more facilities, systems, or equipment, which, if destroyed, degraded, or otherwise rendered unavailable when needed, would affect the reliable operation of the Bulk Electric System. Redundancy of affected facilities, systems, and equipment shall not be considered when determining adverse impact. Each BES Cyber Asset is included in one or more BES Cyber Systems. NERC Command and Control (C&C or C2) network A network of computers infected with malware that allows them to issue directives to other digital devices. C&C servers can create powerful networks of infected devices capable of carrying out distributed denial-of-service (DDoS) attacks, stealing data, deleting data or encrypting data in order to carry out an extortion scheme. A malicious network under a C&C server's control is called a botnet and the network nodes that belong to the botnet are sometimes referred to as zombies. TechTarget Compensating Control A cybersecurity control employed in lieu of a recommended control that provides equivalent or comparable control. See Cybersecurity Controls. DOE Confidentiality Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. With integrity and availability, confidentiality is considered part of the CIA Triad, which represents the three most crucial components of information security. NIST Connectivity The minimum number of nodes or links whose removal results in losing all paths that can be used to transfer information from a source to a sink. ATIS Contingency The unexpected failure or outage of a system component, such as a generator, transmission line, circuit breaker, switch, or other electrical element. NRECA / Cooperative Research Network Credential Information passed from one entity to another to establish the sender’s access rights or to establish the claimed identity of a security subjective relative to a given security domain. ATIS Critical Assets Facilities, systems, and equipment which, if destroyed, degraded, or otherwise rendered unavailable, would affect the reliability or operability of the bulk electric system. NRECA / Cooperative Research Network Critical Electric Infrastructure Information (CEII) Information related to or proposed to critical electric infrastructure, Generated by or provided to the Federal Energy Regulatory Commission or other Federal agency other than classified national security information, That is designated as critical electric infrastructure information by the Federal Energy Regulatory Commission or the Secretary of the Department of Energy pursuant to section 215A(d) of the Federal Power Act. FERC Critical Infrastructure The assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, public health or safety, or any combination thereof. DHS Cryptocurrency A digital currency used as a medium of exchange, similar to other currencies. However, unlike other currencies, cryptocurrency operates independently of a central bank and uses encryption techniques and blockchain technology to secure and verify transactions. Examples include Bitcoin, Litecoin, Monero, Ethereum, and Ripple. US-CERT Cyber Asset Programmable electronic devices, including the hardware, software, and data in those devices. NRECA / Cooperative Research Network Cyber Attack An attempt to infiltrate information technology systems, computer networks, or individual computers with a malicious intent to steal information, cause damage, or destroy specific targets within the system. Idaho National Laboratory Cyber Information Sharing and Collaboration Program (CISCP) A program of the U.S Department of Homeland Security that enables actionable, relevant, and timely unclassified information exchange through trusted public-private partnerships across all critical infrastructure sectors. DHS Cyber Kill Chain A theory developed by Lockheed Martin that identifies the various stages of a cyber attack: Reconnaissance, Weaponization, Delivery, Exploitation, Installation, C&C, and Actions on Objectives. Applying the theory helps cybersecurity professionals recognize and counteract attacks to protect their organization’s assets. SANS Institute Cyber Mutual Assistance Program A framework to provide emergency cyber assistance within the electric power and natural gas industries. The program is composed of industry cyber experts who can provide voluntary assistance to other participating entities in advance of, or in the event of, a disruption of electric or natural gas service, systems, and/or IT infrastructure due to a cyber emergency. Electricity Sector Coordinating Council Cyber Security Incident Response Teams (CSIRTs) A group of experts that assesses, documents, and responds to a cyber incident so that a network can not only recover quickly, but also avoid future incidents. DHS Cybersecurity The ability to protect or defend the use of cyberspace from cyber attacks. DOE Cybersecurity Capability Maturity Model (C2M2) A model that helps organizations—regardless of size, type, or industry—evaluate, prioritize, and improve their own cybersecurity capabilities. DOE Cybersecurity Controls The management, operational, and technical methods, policies, and procedures—manual or automated—(i.e., safeguards or countermeasures) prescribed to protect the confidentiality, integrity, and availability of a system and its information. DOE Cybersecurity Incident   An event occurring on or conducted through a computer network that actually or imminently jeopardizes the integrity, confidentiality, or availability of computers, information or communications systems or networks, physical or virtual infrastructure controlled by computers or information systems, or information resident thereon. A cyber incident may include a vulnerability in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source. Presidential Policy Directive / PPD-41 Cybersecurity Risk Information Sharing Program (CRISP) A public-private data sharing and analysis platform that facilitates the timely bi-directional sharing of unclassified and classified threat information among energy sector stakeholders. DOE Cyberspace A global domain within the information environment consisting of the interdependent network of IT and ICS infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers. DOE Darknets Private, distributed file sharing networks where connections are made only between trusted peers. Darknets are distinct from other distributed networks as sharing is anonymous (i.e., IP addresses are hidden). Cyber Risk Insurance Forum Defense-in-Depth Cybersecurity strategy that integrates people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of the organization. DOE Denial of Service (DoS) A cyber attack that occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor. A denial-of-service floods the targeted host or network with traffic until the target cannot respond or simply crashes, preventing access for legitimate users. DoS attacks can cost an organization both time and money while their resources and services are inaccessible. DHS Distributed control system (DCS) Control achieved by intelligence that is distributed about the process to be controlled, rather than by a centrally located single unit. NIST Electronic Security Perimeter (ESP) The logical border surrounding a network to which systems are connected. NERC Energy Assurance An array of activities that support a robust, secure, reliable, and resilient energy infrastructure. These include energy emergency planning, preparedness, mitigation, and response NASEO Encryption Cryptographic transformation of data (called “plaintext”) into a form (called “ciphertext”) that conceals the data’s original meaning to prevent it from being known or used. If the transformation is reversible, the corresponding reversal process is called “decryption,” which is a transformation that restores encrypted data to its original state. Idaho National Laboratory Endpoint Protection/Security A security approach that focuses on locking down endpoints—individual computers, phones, tablets, and other network-enabled devices—in order to keep networks safe. CSO Online Exploit A piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic. Idaho National Laboratory Firewall A network security device that monitors incoming and outgoing network traffic and helps screen out hackers, viruses, and worms that try to reach a computer over the Internet. A firewall can be hardware, software, or both. Cisco Firmware A software program or set of instructions programmed on a hardware device. It provides the necessary instructions for how the device communicates with the other computer hardware. TechTerms Fusion Centers Primary focal points within the state and local environment for the receipt, analysis, gathering, and sharing of threat-related information among Federal, State, Local, Tribal, and Territorial (SLTT) partners. They provide interdisciplinary expertise and situational awareness to inform decision-making at all levels of government. Fusion centers are owned and operated by State and Local entities with support from federal partners.  DHS Gateway An intermediate system (interface, relay) that attaches to two (or more) computer networks that have similar functions but dissimilar implementations and that enables either one-way or two-way communication between the networks. CNSS Homeland Security Information Network (HSIN) A trusted network for homeland security mission operations to share sensitive but unclassified information. Federal, state, local, territorial, tribal, international and private sector homeland security partners use HSIN to manage operations, analyze data, send alerts and notices, and share the information they need to do their jobs and help keep their communities safe. DHS Honeypot   A trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers. Cyber Risk Insurance Forum Human-Machine Interface (HMI) The hardware or software through which an operator interacts with a controller. An HMI can range from a physical control panel with buttons and indicator lights to an industrial PC with a color graphics display running dedicated HMI software. NIST Identity-Based Access Control Access control based on the identity of the user (typically relayed as a characteristic of the process acting on behalf of that user), where access authorizations to specific objects are assigned based on user identity. NRECA / Cooperative Research Network Impact Damage to an organization’s mission and goals due to the loss of confidentiality, integrity, or availability of system information or operations. NRECA / Cooperative Research Network Indicators of Compromise (IOC) Forensic artifacts of an intrusion. SANS Institute Industrial Control System (ICS) A general term that includes several types of control systems, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), Programmable Logic Controllers (PLC) and others often found in industrial and critical infrastructure sectors. An ICS consists of combinations of control components that act together to achieve an industrial objective. Idaho National Laboratory Industrial Control Cyber Emergency Response Team (ICS-CERT) Operates within the Department of Homeland Security's (DHS) National Cybersecurity and Communications Integration Center (NCCIC) to reduce risks to industrial control systems used within and across all critical infrastructure sectors. ISC-CERT collaborates law enforcement agencies and the intelligence community and coordinates efforts among Federal, State, local, and tribal governments and control systems owners, operators, and vendors. Additionally, ICS-CERT collaborates with international and private sector Computer Emergency Response Teams (CERTs) to share control systems-related security incidents and mitigation measures. DHS Information Security The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction to provide confidentiality, integrity, and availability. NRECA / Cooperative Research Network Information Sharing and Analysis Center (ISAC) Sector-specific, member-driven organizations formed by critical infrastructure owners and operators to share information between government and industry. DHS Information System (IS)   A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. (Note: information systems also include specialized systems such as industrial/process controls systems, telephone switching and private branch exchange (PBX) systems, and environmental control systems.) NRECA / Cooperative Research Network Information Technology (IT) The technology involving the development, maintenance, and use of computer systems, software, and networks for the processing and distribution of data. Merriam Webster Dictionary InfraGard A partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure. Infragard Integrity Guarding against improper information modification or destruction; includes ensuring the non-repudiation and authenticity of information. With confidentiality and availability, integrity is considered part of the CIA Triad, which represents the three most crucial components of information security. NRECA / Cooperative Research Network Intelligent electronic device (IED) Any device incorporating one or more processors with the capability to receive or send data/control from or to an external source (e.g., electronic multifunction meters, digital relays, controllers). NIST International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) Standards Standards that represent global consensus on a solution to a particular issue. They provide requirements, specifications, guidelines or characteristics to ensure that materials, products, processes and services are safe to use and fit for their purpose. Whenever possible, requirements are expressed in terms of performance rather than design or descriptive characteristics. ISO Internet Protocol (IP)   Standard method for transmission of data from source to destinations in packet-switched communications networks and interconnected systems of such networks. NIST Interoperability   The ability of systems, units, or forces to provide services to and accept services from other systems, units, or forces, and to use the services so exchanged to enable them to operate effectively together. Rand Corporation Joint Information Center (JIC) A central location to facilitate operation of the Joint Information System (JIS) during and after an incident. The JIC enhances information coordination, reduces misinformation, and maximizes resources by co-locating Public Information Officers (PIOs) as much as possible. FEMA Joint Information System (JIS) An incident response structure that can be leveraged for developing and delivering coordinated interagency messages, executing public information plans and strategies, advising an Incident Commander concerning public affairs issues, and controlling rumors and inaccurate information. FEMA Key Logger A program designed to record the sequence of keys pressed on a computer keyboard. Such programs can be used to obtain passwords or encryption keys and thus bypass other security measures. NIST Least Privilege The principle that users and programs should only have the necessary privileges to complete their tasks. NIST Malware Software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system. Examples include viruses, worms, and Trojan horses, spyware and some forms of adware. NIST   Management Controls The security controls for IT and ICS that focus on the management of risk and security. DOE Man-In-The-Middle (MitM) A type of cyber attack where an interloper inserts him- or herself between two communicating devices, without either side knowing. US-CERT National Cybersecurity and Communications Integration Center (NCCIC) The cyber defense, incident response, and operational integration center of the U.S. Department of Homeland Security. The NCCIC’s mission is to reduce the risk of systemic cybersecurity and communications challenges by serving as a national hub for cyber and communications information, technical expertise, and operational integration, and by operating a 24/7 situational awareness, analysis, and incident response center. DHS National Institutes of Standards and Technology (NIST) A federal agency within the U.S. Department of Commerce. NIST's mission is to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life. NIST is also responsible for establishing computer- and information technology-related standards and guidelines for federal agencies to use. NIST NIST Cybersecurity Framework (NIST CSF) A voluntary framework consisting of standards, guidelines, and best practices to manage cybersecurity risk. NIST Need to Know Decision made by an authorized holder of official information that a prospective recipient requires access to specific official information to carry out official duties. NIST Network (computer network) A network of data processing nodes interconnected for the purpose of data communication. ATIS North American Electric Reliability Corporation A not-for-profit international regulatory authority whose mission is to assure the effective and efficient reduction of risks to the reliability and security of the bulk electric grid in North America. NERC NERC Critical Infrastructure Protection (NERC CIP) A set of requirements designed to secure cyber assets required for operating North America's bulk electric system.  TechTarget Operational Controls The security controls for IT and ICS, implemented and executed primarily by people (as opposed to systems). DOE Operational Technology (OT) Programmable systems or devices that interact with the physical environment (or manage devices that interact with the physical environment). Examples include industrial control systems, building management systems, fire control systems, and physical access control mechanisms. DOE Packet The sequence of binary digits transmitted and switched as a composite whole. ATIS Phishing An attempt to trick people into divulging sensitive information such as usernames, passwords, or credit card numbers. Phishing is carried out by email, over the phone, or using a website. The motives are generally to steal money or a user’s identity. Symantec Physical Security Perimeter (PSP) The physical border surrounding locations in which BES cyber assets, BES cyber systems, or electronic access control or monitoring systems reside, and for which access is controlled. NERC Personally Identifiable Information (PII) Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. Further, PII is defined as information: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) or (ii) by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., indirect identification. (These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors). Additionally, information permitting the physical or online contacting of a specific individual is the same as personally identifiable information. This information can be maintained in either paper, electronic or other media. DOL Potential Impact The loss of confidentiality, integrity or availability that might have: 1) a limited adverse effect; 2) a serious adverse effect; or 3) a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. NRECA / Cooperative Research Network Privileged User A user that is authorized (and therefore trusted) to perform security-relevant functions that ordinary users are not authorized to perform. NRECA / Cooperative Research Network Programmable Logic Controller (PLC) A solid-state control system that has a user-programmable memory for storing instructions for the purpose of implementing specific functions such as input/output control, logic, timing, counting, communication, and data and file processing. Idaho National Laboratory Protected Critical Infrastructure Information Program (PCII) A DHS-specific information protection program that enhances voluntary information sharing between infrastructure owners and operators and the government. PCII protections mean that homeland security partners can be confident that sharing their information with the government will not expose sensitive or proprietary data. DHS Ransomware A malicious form of software that locks a computer or files and requires money be paid to get the decryption code to unlock the device or the file. Microsoft Red Team/Blue Team A group of people authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s security posture (i.e., the Red Team). The objective is to improve enterprise Information Assurance by demonstrating the impacts of successful attacks and by demonstrating what works for the defenders (i.e., the Blue Team) in an operational environment NIST Remote Access Access to an organizational system by a user (or a process acting on behalf of a user) communicating through an external network (e.g., the Internet) NIST Remote Access Trojan (RAT) A malicious program that runs invisibly on host computers and permits an intruder to gain access and control from afar. Many RATs mimic legitimate functionality but are designed specifically for stealth installation and operation. Microsoft Resilience The ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents. Presidential Policy Directive / PPD-21   Risk The potential for an unwanted outcome resulting from an incident, event, or occurrence, as determined by its likelihood and the associated consequences. US-CERT Risk Management The process of controlling risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system, and includes: (i) the conduct of a risk assessment; (ii) the implementation of a risk mitigation strategy; and (iii) employment of techniques and procedures for the continuous monitoring of the security and privacy state of the information system. NIST Risk severity A combination of the likelihood of a damaging event actually occurring and the assessed potential impact on the organization’s mission and goals if it does occur. NRECA / Cooperative Research Network Role-based access control Access permission based on users’ roles and typically reflect the need to perform defined functions within an organization. A given role may apply to a single individual or to several individuals. NRECA / Cooperative Research Network Sandbox A system that allows an untrusted software application to run in a highly controlled environment where the application’s permissions are restricted. In particular, an application in a sandbox is usually restricted from accessing the file system or the network. NIST Sensitive Information Information of which the loss, misuse, unauthorized access or modification could adversely affect the organization, its employees or its customers. NRECA / Cooperative Research Network Significant Cyber Incident A cyber incident that is (or group of related cyber incidents that together are) likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people. Presidential Policy Directive / PPD-41 Social Engineering Psychological manipulation of people into divulging sensitive information or performing certain actions. Symantec Sunshine Laws   Open government laws that foster an informed citizenry by providing the public access to government documents and meetings. NCSL Supervisory Control and Data Acquisition (SCADA) A generic name for a computerized system that is capable of gathering and processing data and applying operational controls over long distances. Typical uses include power transmission and distribution and pipeline systems. SCADA was designed for the unique communication challenges (e.g., delays, data integrity) posed by the various media that must be used, such as phone lines, microwave, and satellite. Usually shared rather than dedicated. NIST Supply Chain Linked set of resources and processes between multiple tiers of developers that begins with the sourcing of products and services and extends through the design, development, manufacturing, processing, handling, and delivery of products and services to the acquirer. NIST Technical Controls Security controls for IT and ICS implemented and executed primarily through mechanisms contained in hardware, software, or firmware. DOE Threat Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), resources, and other organizations through an IT and ICS via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. DOE Threat Actor/Agent An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities. US-CERT Traffic Light Protocol (TLP) A set of designations used to ensure that sensitive information is shared appropriately. It employs four colors to indicate expected sharing boundaries by the recipient(s). RED: information cannot be effectively acted upon by additional parties, and could lead to impacts on a party's privacy, reputation, or operations if misused. AMBER: information requires support to be effectively acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved.  GREEN: information is useful for the awareness of all participating organizations as well as with peers within the broader community or sector. WHITE: information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. US-CERT United States Computer Emergency Readiness Team (US-CERT) A partnership between the U.S. Department of Homeland Security and the public and private sectors, established to protect the nation's internet infrastructure. US-CERT coordinates defenses against and responses to cyber attacks across the nation. NIST Virus A computer program that can copy itself and infect a computer without permission or knowledge of the user. A virus might corrupt or delete data on a computer, use e-mail programs to spread itself to other computers, or even erase everything on a hard disk. CNSS Vulnerability A specific weakness in an information system, system security procedures, internal controls, or implementation that a threat source could exploit. NIST Watering Hole Attack A security exploit where the attacker infects websites frequently visited by members of a targeted group being attacked, with a goal of infecting a computer used by one or more of the targeted group members when they visit the infected website. NIST Whitelist A list of entities considered trustworthy and granted access or privileges. US-CERT Worm A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself. CNSS Zero-Day Attack/Exploit An attack that exploits a previously unknown hardware, firmware, or software vulnerability. NIST Zero Trust A security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access. CSO Online     Notable Cybersecurity Incidents Timeline of Significant Cybersecurity Related Events and Incidents Date Event/Incident Description March 2007 Aurora Aurora was the demonstration of a control system software vulnerability that could be exploited to physically destroy power grid equipment. Specifically, researchers at Idaho National Labs used a virus to manipulate systems that controlled a diesel generator. The test involved opening and closing circuit breakers in a manner that resulted in an out-of-synchronism or out-of-phase condition. This condition placed stress upon the mechanical components of rotating equipment in the generator, causing that equipment to fail before protection relays could respond. [1] Comprehensive mitigation techniques include protection and control, electronic and physical security, monitoring, training, risk assessment, and information protection. [2] June 2010 Stuxnet Stuxnet is a sophisticated computer worm that exploited multiple zero-day software vulnerabilities to infect computers and spread. Its purpose was to cause real-world physical effects. Specifically, Stuxnet targeted centrifuges used to produce enriched uranium, which powers nuclear weapons and reactors. [3] April 2013 Metcalf Incident The Metcalf incident refers to a physical attack on a 500kV electric substation in Metcalf, Calif. During the attack, multiple individuals outside the substation reportedly shot at the HV transformer radiators with .30 caliber rounds, causing them to leak cooling oil, overheat, and become inoperative. [4] June 2014 Havex Havex is a remote access trojan (RAT) that was part of a widespread espionage campaign targeting ICS across numerous critical infrastructure industries, including energy. Researchers attributed the campaign to a hacking group referred to as “Dragonfly” and “Energetic Bear,” since linked to Russian Intelligence Services. [5] Users were infected with Havex via watering hole attacks. Once installed, the malware collected data about the ICS environment and reported back to the attackers via C&C servers. This attack suggests that the attackers had direct interest in controlling ICS environments. [6],[7] December 2015 Cyber Attack on the Ukrainian Power Distribution Grid On December 23, 2015, a coordinated cyber attack was launched on three electricity distribution companies (oblenergos) in Ukraine, during which attackers remotely controlled SCADA distribution management systems, causing power outages to approximately 225,000 customers for three hours.>[8] The attacks required the companies to move to manual operations in response.[9] This attack was the first known instance of using malware to generate a real-world power outage.[10] The attacks were linked to a Russian group known as Sandworm. [11] December 2016 CRASHOVERRIDE/ Industroyer CRASHOVERRIDE/Industroyer is a first-of-its-kind, ICS-tailored malware framework designed and deployed to attack electric grids. It leverages knowledge of grid operations and ICS network communications to cause impact.[12] CRASHOVERIDE/Industroyer was used in a cyber attack that de-energized a transmission-level substation in Kiev, Ukraine, on December 17, 2016. The attack was similar to one against three Ukrainian electric distribution companies in 2015, which rendered substation devices inoperable and prevented engineers from remotely restoring power. Researchers suggests that components in the CRASHOVERIDE/ Industroyer malware are far more advanced than the malware used in the 2015 attack. [13],[14],[15] ICS security firm Dragos, Inc. tracked the adversary behind CRASHOVERRIDE/Industroyer to Electrum, a hacker group with direct ties to the Russian Sandworm team.[16] November 2017 TRITON/TRISIS Triton/TRISIS is malware that targets Schneider Electric Triconex Safety Instrumented System (SIS) controllers. A SIS is an autonomous control system that monitors industrial processes and detects and prevents dangerous physical events. For example, a SIS will safely shut down rotating machinery when a dangerous condition is detected. Each SIS in unique. [17],[18] Triton/TRISIS is the first ever publicly known ICS-tailored malware to target safety instrumented systems. [19] It was discovered when cybersecurity firm Mandiant responded to a cyber incident at a critical infrastructure organization in the Middle East. The malware appears to have been deployed manually after a threat actor familiar with the proprietary Triconex system gained remote access to a SIS engineering workstation and attempted to reprogram the SIS controllers, inadvertently causing the automatic shutdown of the associated industrial process. The attacker may have been attempting to develop the capability to cause physical damage to the organization's equipment. [20] This activity has not been attributed to any particular threat actor, although nation state sponsorship is suspected.[21] December 2020 Solarwinds Solarwinds, an IT management and monitoring firm, was compromised by a highly skilled threat actor who gained access to its network and planted malware into a component of SolarWind’s Orion software.The compromised software was distributed to SolarWinds customers via an automatic update platform used to push out new software updates.The malware allowed access to victims’ networks, permitting the attackers to harvest information and perform other malicious activity. FireEye, a leading cybersecurity firm, discovered the Solarwinds supply chain hacking campaign on December 8, 2020, when it found it had been attacked and security monitoring tools stolen. Evidence suggests the compromise took place earlier, likely March 2020. More than 18,000 public and private sector companies were victims of the Solarwinds supply chain attack. The attack has been linked to Russian state actors.22,23,24 [1] http://www.thepresidency.org/sites/default/files/pdf/Final%20Grid%20Report_1.pdf. [2] https://cdn.selinc.com/assets/Literature/Publications/Technical%20Papers/6452_MythReality_MZ_20110217_Web2.pdf?v=20181015-210359. [3] https://www.csoonline.com/article/3218104/malware/what-is-stuxnet-who-created-it-and-how-does-it-work.html. [4] https://fas.org/sgp/crs/homesec/R43604.pdf. [5] https://www.cyber.nj.gov/threat-profiles/ics-malware-variants/havex. [6] https://ics-cert.us-cert.gov/advisories/ICSA-14-178-01. [7] https://www.f-secure.com/weblog/archives/00002718.html. [8] https://www.nerc.com/pa/CI/ESISAC/Documents/E-ISAC_SANS_Ukraine_DUC_18Mar2016.pdf. [9] https://ics-cert.us-cert.gov/alerts/IR-ALERT-H-16-056-01. [10] https://arstechnica.com/information-technology/2017/01/the-new-normal-yet-another-hacker-caused-power-outage-hits-ukraine/. [11] https://www.fireeye.com/blog/threat-research/2016/01/ukraine-and-sandworm-team.html. [12] https://dragos.com/wp-content/uploads/CrashOverride-01.pdf. [13] https://dragos.com/wp-content/uploads/CrashOverride-01.pdf. [14] https://arstechnica.com/information-technology/2017/06/crash-override-malware-may-sabotage-electric-grids-but-its-no-stuxnet. [15] https://www.eset.com/int/industroyer/. [16] https://dragos.com/wp-content/uploads/CrashOverride-01.pdf. [17] https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html. [18] https://dragos.com/wp-content/uploads/TRISIS-01.pdf. [19] https://dragos.com/wp-content/uploads/TRISIS-01.pdf. [20] https://www.fireeye.com/blog/threat-research/2017/12/attackers-deploy-new-ics-attack-framework-triton.html. [21] https://www.cyber.nj.gov/threat-profiles/ics-malware-variants/triton?rq=Trisis. [22]https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html. [23]https://www.cisa.gov/supply-chain-compromise. [24]https://www.bleepingcomputer.com/news/security/the-solarwinds-cyberattack-the-hack-the-victims-and-what-we-know/.
Topics
  • Topic
  • Tf
  • Position
  • information
  • 91
  • 23
  • system
  • 77
  • 23
  • network
  • 58
  • 23
  • control
  • 49
  • 23
  • security
  • 42
  • 23
  • cyber
  • 38
  • 23
  • access
  • 34
  • 23
  • attack
  • 33
  • 23
  • cybersecurity
  • 32
  • 23
  • computer
  • 32
  • 23
  • nist
  • 31
  • 23
  • data
  • 26
  • 23
  • incident
  • 25
  • 23
  • organization
  • 24
  • 23
  • user
  • 23
  • 23
  • infrastructure
  • 23
  • 23
  • operation
  • 21
  • 23
  • device
  • 21
  • 23
  • ic
  • 20
  • 23
  • risk
  • 18
  • 23
  • critical
  • 18
  • 23
  • software
  • 18
  • 23
  • malware
  • 17
  • 23
  • physical
  • 17
  • 23
  • program
  • 17
  • 23
  • nreca cooperative research
  • 16
  • 23
  • cooperative research network
  • 16
  • 23
  • nreca cooperative
  • 16
  • 23
  • cooperative research
  • 16
  • 23
  • research network
  • 16
  • 23
  • nreca
  • 16
  • 23
  • cooperative
  • 16
  • 23
  • research
  • 16
  • 23
  • electric
  • 16
  • 23
  • include
  • 15
  • 23
  • information system
  • 14
  • 23
  • control system
  • 14
  • 23
  • critical infrastructure
  • 13
  • 23
  • u cert
  • 10
  • 23
  • cyber attack
  • 9
  • 23
  • integrity availability
  • 8
  • 23
  • access control
  • 8
  • 23
  • homeland security
  • 8
  • 23
  • cyber incident
  • 7
  • 23
  • idaho national
  • 7
  • 23
  • confidentiality integrity availability
  • 6
  • 23
  • idaho national laboratory
  • 6
  • 23
  • adverse effect
  • 6
  • 23
  • confidentiality integrity
  • 6
  • 23
  • national laboratory
  • 6
  • 23
  • cyber asset
  • 6
  • 23
  • stuxnet
  • 5
  • 23
  • hardware software
  • 5
  • 23
  • bulk electric
  • 5
  • 23
  • be cyber
  • 5
  • 23
  • public private
  • 5
  • 23
  • state local
  • 5
  • 23
  • private sector
  • 5
  • 23
  • presidential policy directive
  • 4
  • 23
  • policy directive ppd
  • 4
  • 23
  • bulk electric system
  • 4
  • 23
  • department homeland security
  • 4
  • 23
  • electric grid
  • 4
  • 23
  • service
  • 4
  • 23
  • information technology
  • 4
  • 23
  • presidential policy
  • 4
  • 23
  • policy directive
  • 4
  • 23
  • directive ppd
  • 4
  • 23
  • availability system
  • 4
  • 23
  • information security
  • 4
  • 23
  • electric system
  • 4
  • 23
  • system network
  • 4
  • 23
  • computer network
  • 4
  • 23
  • information sharing
  • 4
  • 23
  • department homeland
  • 4
  • 23
  • incident response
  • 4
  • 23
  • threat actor
  • 4
  • 23
  • industrial control
  • 4
  • 23
  • sensitive information
  • 4
  • 23
  • remote access
  • 4
  • 23
  • supply chain
  • 4
  • 23
  • public health safety
  • 3
  • 23
  • considered part cia
  • 3
  • 23
  • part cia triad
  • 3
  • 23
  • cia triad represent
  • 3
  • 23
  • triad represent crucial
  • 3
  • 23
  • represent crucial component
  • 3
  • 23
  • crucial component information
  • 3
  • 23
  • component information security
  • 3
  • 23
  • be cyber asset
  • 3
  • 23
  • facility system equipment
  • 3
  • 23
  • critical electric infrastructure
  • 3
  • 23
  • critical infrastructure sector
  • 3
  • 23
  • federal state local
  • 3
  • 23
  • industrial control system
  • 3
  • 23
  • control security control
  • 3
  • 23
  • security control ic
  • 3
  • 23
  • synchronism
  • 3
  • 23
  • solarwind supply chain
  • 3
  • 23
  • httpsdragoscomwp contentuploadscrashoverride 01pdf
  • 3
  • 23
  • cybersecurity term
  • 3
  • 23
  • cybersecurity risk
  • 3
  • 23
  • cybersecurity incident
  • 3
  • 23
  • october 2021
  • 3
  • 23
  • public health
  • 3
  • 23
  • health safety
  • 3
  • 23
  • computer system
  • 3
  • 23
  • system component
  • 3
  • 23
  • considered part
  • 3
  • 23
  • part cia
  • 3
  • 23
  • cia triad
  • 3
  • 23
  • triad represent
  • 3
  • 23
  • represent crucial
  • 3
  • 23
  • crucial component
  • 3
  • 23
  • component information
  • 3
  • 23
  • rendered unavailable
  • 3
  • 23
  • facility system
  • 3
  • 23
  • system equipment
  • 3
  • 23
  • network computer
  • 3
  • 23
  • cc server
  • 3
  • 23
  • cybersecurity control
  • 3
  • 23
  • critical electric
  • 3
  • 23
  • electric infrastructure
  • 3
  • 23
  • infrastructure information
  • 3
  • 23
  • federal agency
  • 3
  • 23
  • information federal
  • 3
  • 23
  • united state
  • 3
  • 23
  • example include
  • 3
  • 23
  • infrastructure sector
  • 3
  • 23
  • response team
  • 3
  • 23
  • doe cybersecurity
  • 3
  • 23
  • system information
  • 3
  • 23
  • computer information
  • 3
  • 23
  • federal state
  • 3
  • 23
  • mission
  • 3
  • 23
  • cybersecurity communication
  • 3
  • 23
  • integration center
  • 3
  • 23
  • owner operator
  • 3
  • 23
  • information information
  • 3
  • 23
  • unauthorized access
  • 3
  • 23
  • joint information
  • 3
  • 23
  • control security
  • 3
  • 23
  • security control
  • 3
  • 23
  • control ic
  • 3
  • 23
  • organizational operation
  • 3
  • 23
  • software vulnerability
  • 3
  • 23
  • linked russian
  • 3
  • 23
  • solarwind supply
  • 3
  • 23
  • httpsdragoscomwp contentuploadscrashoverride
  • 3
  • 23
  • contentuploadscrashoverride 01pdf
  • 3
  • 23
Result 24
TitleGlossary - Canadian Centre for Cyber Security
Urlhttps://cyber.gc.ca/en/glossary
DescriptionGlossary
Date
Organic Position24
H1Glossary
H2Language selection
Search and menus
Search
H3
H2WithAnchorsLanguage selection
Search and menus
Search
BodyGlossary A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Return to topA. Access controlCertifying that only authorized access is given to assets (both physical and electronic). For physical assets, access control may be required for a facility or restricted area (e.g. screening visitors and materials at entry points, escorting visitors). For IT assets, access controls may be required for networks, systems, and information (e.g. restricting users on specific systems, limiting account privileges).Accountable COMSEC materialCOMSEC material requiring control and accountability within the National COMSEC Material Control System (NCMCS) as directed by its Accounting Legend Code (ALC). Control and accountability is required because transfer or disclosure of this material could be detrimental to Canada's national interest. Also known as ACM.Administrative privilegesThe permissions that allow a user to perform certain functions on a system or network, such as installing software and changing configuration settings.Allow listAn access control list that identifies who or what is allowed access, in order to provide protection from harm.Anti-virus softwareSoftware that defends against viruses, Trojans, worms, and spyware. Anti-virus software uses a scanner to identify programs that may be malicious. Scanners can detect known viruses, previously unknown viruses, and suspicious files.Artificial intelligenceA subfield of computer science that develops intelligent computer programs to behave in a way that would be considered intelligent if observed in a human (e.g. solve problems, learn from experience, understand language, interpret visual scenes).Asymmetric keyTwo related keys (a public key and a private key) that perform complementary operations, such as encrypt and decrypt or generate signatures.AuthenticationA process or measure used to verify a users identity.AuthorizationAccess privileges granted to a user, program, or process.AvailabilityThe ability for the right people to access the right information or systems when needed. Availability is applied to information assets, software, and hardware (infrastructure and its components). Implied in its definition is that availability includes the protection of assets from unauthorized access and compromise.B. BackdoorAn undocumented, private, or less-detectible way of gaining remote access to a computer, bypassing authenticiation measures, and obtaining access to plaintext.Baseline security controlsThe minimum mandatory protective mechanisms outlined by Treasury Board of Canada Secretariat (TBS) policy instruments to be used in interdepartmental IT security functions and information systems.BeaconingA common technique in which a threat actor uses malware to connect infrastructure to another system or network, bypassing firewall restrictions on incoming traffic.BlockchainA blockchain is a write-only database, dispersed over a network of interconnected computers, that uses cryptography to create a tamperproof public record of transactions. Because blockchain technology is transparent, secure and decentralized, a central actor cannot alter the public record.Boundary interfaceA network-layer interface between two zone interface points (ZIPs).Browser-based exploitationA misuse of legitimate browser components to execute malicious code. Simply visiting a website with hidden malicious code can result in exploitation.C. CiphertextA cryptography term for encrypted information.Classified InformationA Government of Canada label for specific types of sensitive data that, if compromised, could cause harm to the national interest (e.g. national defence, relationships with other countries, economic interests).ClearingApplying logical techniques to sanitize data in all user-addressable storage locations to protect against simple ways of recovering data. This is done by overwriting data with a new value, or if overwriting is not supported, by using a menu option to reset the device to factory settings.Cloud computingThe use of remote servers hosted on the Internet. Cloud computing allows users to access a shared pool of computing resources (such as networks, servers, applications, or services) on demand and from anywhere. Users access these resources via a computer network instead of storing and maintaining all resources on their local computer.Code InjectionIntroducing malicious code into a computer program by taking advantage of a flaw in the program, or in the way it interprets data input by users.CompromiseThe intentional or unintentional disclosure of information, which adversely impacts its confidentiality, integrity, or availability.Compromising emanationsUnintentional signals that, if intercepted and analyzed, would disclose the information emanating from any information processing system or equipment.COMSECCommunications security (COMSEC) is the discipline of preventing unauthorized access to telecommunications information in readable form, while still delivering the information to the intended recipients. COMSEC is comprised of multiple disciplines such as Cryptographic Security, EMSEC (Emission Security), Transmission Security, and Physical Security.COMSEC account custodianThe person responsible for the receipt, storage, access, distribution, accounting, disposal, and destruction of all COMSEC material charged to the COMSEC account. The custodian is appointed by the organization's COMSEC authority.COMSEC incidentAn occurrence that threatens, or potentially threatens, the security of classified or protected Government of Canada information as it is being stored, processed, transmitted, or received.COMSEC materialAn item designed to secure or authenticate telecommunications information (e.g. cryptographic keys, equipment, modules, devices, documents, hardware, firmware, or software the includes or describe cryptographic logic and other items that perform COMSEC functions).ConfidentialityThe ability to protect sensitive information from being accessed by unauthorized people.Controlled cryptographic itemAn unclassified secure telecommunications or information system, or any associated cryptographic component, governed by a set of control requirements in the National COMSEC Material Control System (NCMCS). The type of item is labelled in the NCMCS as a "controlled cryptographic item" or "CCI".Critical InfrastructureProcesses, systems, facilities, technologies, networks, assets, and services essential to the health, safety, security, or economic well-being of Canadians and the effective functioning of government. Critical infrastructure can be stand-alone or interconnected and interdependent within and across provinces, territories, and national borders. Disruptions of critical infrastructure could result in catastrophic loss of life, adverse economic effects, and significant harm to public confidence.Cryptographic keyA numerical value used in cryptographic processes, such as encryption, decryption, signature generation, and signature verification.Cryptographic materialAll material, including documents, devices, and equipment, that contains cryptographic information and is essential to encrypting, decrypting, or authenticating communications.Cryptographic materialAll material, including documents, devices, and equipment, that contains cryptographic information and is essential to encrypting, decrypting, or authenticating communications.CryptographyThe study of techniques used to make plain information unreadable, as well as to convert it back to a readable form.Cyber attackThe use of electronic means to interrupt, manipulate, destroy, or gain unauthorized access to a computer system, network, or device. Cyber IncidentAny unauthorized attempt, whether successful or not, to gain access to, modify, destroy, delete, or render unavailable any computer network or system resource.Cyber threatA threat actor, using the Internet, who takes advantage of a known vulnerability in a product for the purposes of exploiting a network and the information the network carries.D. DDOSSee distributed denial-of-service attack .DeclassifyAn administrative process to remove classification markings, security designations, and handling conditions when information is no longer considered to be sensitive.Defence-in-depthAn IT security concept (also known as the Castle Approach) in which multiple layers of security are used to protect the integrity of information. These layers can include antivirus and antispyware software, firewalls, hierarchical passwords, intrusion detection, and biometric identification.Demilitarized zoneAlso refered to as a perimeter network, the (Demilitarized Zone) DMZ is a less-secure portion of a network, which is located between any two policy-enforcing components of the network (e.g. between the Internet and internal networks). An organization uses a DMZ to host its own Internet services without risking unauthorized access to its private network.Denial-of-Service attackAny activity that makes a service unavailable for use by legitimate users, or that delays system operations and functions.Deny listAn access control list used to deny specific items (e.g. applications, email addresses, domain names, IP addresses) known to be harmful.Departmental security control profileA set of security controls that establishes an organization's minimum mandatory IT security requirements.Departmental Security OfficerThe individual responsible for a department’s or organization’s security program.Departmental security requirementAny security requirements prescribed by senior officials of a department that applies generally to its information systems.DetectionThe monitoring and analyzing of system events in order to identify unauthorized attempts to access system resources.Digital signatureA cryptologic mechanism used to validate an item's (e.g. document, software) authenticity and integrity.Distributed Denial-of-Service attackAn attack in which multiple compromised systems are used to attack a single target. The flood of incoming messages to the target system forces it to shut down and denies service to legitimate users.DMZSee demilitarized zone .DOSSee denial-of-service attack .E. Edge interfaceA network-layer service interface point that attaches an end system, internal boundary system, or zone interface point to a zone internetwork.Emission securityThe measures taken to reduce the risk of unauthorized interception of unintentional emissions from information technology equipment that processes classified data.EMSECSee emission security .EncryptionConverting information from one form to another to hide its content and prevent unauthorized access.End-SystemA network connected computer that, for a communication, is the end source or destination of a communication.End-to-end encryptionA confidentiality service provided by encrypting data at the source End-System, with corresponding decryption occurring only at the destination End-System.End-user systemsEnd systems for human use, such as a desktop with a personal computer (display, keyboard, mouse, and operating system).Equipment emanationAn electric field radiation that comes from the equipment as a result of processing or generating information.ExfiltrationThe unauthorized removal of data or files from a system by an intruder.F. FirewallA security barrier placed between two networks that controls the amount and kinds of traffic that may pass between the two. This protects local system resources from being accessed from the outside.G. GatewayAn intermediate system that is the interface between two computer networks. A gateway can be a server, firewall, router, or other device that enables data to flow through a network.GuardA gateway that is placed between two networks, computers, or other information systems that operate at different security levels. The guard mediates all information transfers between the two levels so that no sensitive information from the higher security level is disclosed to the lower level.It also protects the integrity of data on the higher level.  H. HackerSomeone who uses computers and the Internet to access computers and servers without permission.I. InjuryThe damage to the national interests and non-national interests that business activities serve resulting from the compromise of IT assets.Injury levelThe severity of an injury, which is defined in five levels: very low, low, medium, high, very high.IntegrityThe ability to protect information from being modified or deleted unintentionally or when it’s not supposed to be. Integrity helps determine that information is what it claims to be. Integrity also applies to business processes, software application logic, hardware, and personnel.Intellectual propertyLegal rights that result from intellectual activity in the industrial, scientific, literary, and artistic fields. Examples of types of intellectual property include an author's copyright, trademark, and patents.InterfaceA boundary across which two systems communicate. An interface might be a hardware connector used to link to other devices, or it might be a convention used to allow communication between two software systems.Internet-of-thingsThe network of everyday web-enabled devices that are capable of connecting and exchanging information between each other.Intrusion detectionA security service that monitors and analyzes network or system events to warn of unauthorized access attempts. The findings are provided in real-time (or near real-time).IT assetThe components of an information system, including business applications, data, hardware, and software.IT threatAny potential event or act (deliberate or accidental) or natural hazard that could compromise IT assets.J. K. Key managementThe procedures and mechanisms for generating, disseminating, replacing, storing, archiving, and destroying cryptographic key.Keystroke loggerSoftware or hardware designed to capture a user's keystrokes on a compromised system.  The keystrokes are stored or transmitted so that they may be used to collect valued information.L. Least privilegeThe principle of giving an individual only the set of privileges that are essential to performing authorized tasks. This principle limits the damage that can result from the accidental, incorrect, or unauthorized use of an information system.M. MalwareMalicious software designed to infiltrate or damage a computer system, without the owner's consent. Common forms of malware include computer viruses, worms, Trojans, spyware, and adware.Management security controlA security control that focuses on the management of IT security and IT security risks.N. Network Security ZoneA networking environment with a well-defined boundary, a Network Security Zone Authority, and a standard level of weakness to network threats. Types of Zones are distinguished by security requirements for interfaces, traffic control, data protection, host configuration control, and network configuration control.NodeA connection point that can receive, create, store, or send data along distributed network routes. Each network node, whether it's an endpoint for data transmissions or a redistribution point, has either a programmed or engineered capability to recognize, process, and forward transmissions to other network nodes.O. Operational security controlA security control primarily implemented and executed by people and typically supported by the use of technology (e.g. supporting software).OverwriteTo write or copy new data over existing data. The data that was overwritten cannot be retrieved.P. PerimeterThe boundary between two network security zones through which traffic is routed.PhishingAn attempt by a third party to solicit confidential information from an individual, group, or organization by mimicking or spoofing, a specific, usually well-known brand, usually for financial gain. Phishers attempt to trick users into disclosing personal data, such as credit card numbers, online banking credentials, and other sensitive information, which they may then use to commit fraudulent acts.PlaintextUnencrypted information.Point of PresenceAn access point, location, or facility at which two or more different networks or communication devices connect with each other and the Internet. Also referred to as PoP.Q. Quantum computingA quantum computer can process a vast number of calculations simultaneously. Whereas a classical computer works with ones and zeros, a quantum computer will have the advantage of using ones, zeros and “superpositions” of ones and zeros. Certain difficult tasks that have long been thought impossible for classical computers will be achieved quickly and efficiently by a quantum computer.R. RansomwareA type of malware that denies a user's access to a system or data until a sum of money is paid.ReconnaissanceActivity conducted by a threat actor to obtain information and identify vulnerabilities to facilitate future compromise(s).RedactionA form of data sanitization for selected data-file elements (not to be confused with media sanitization, which addresses all data on media).Remote exploitationExploitation of a victim machine by sending specially crafted commands from a remote network to a service running on that machine to manipulate it for the purpose of gaining access or information.Residual riskThe likelihood and impact of a threat that remains after security controls are implemented.Residual risk assessmentAn assessment, which is performed at the end of the system development lifecycle, to determine the remaining likelihood and impact of a threat.Residual risk levelThe degree of residual risk (e.g. high, medium, low).Risk levelThe degree of risk (e.g. high, medium, low).S. SanitizeSanitization is a process through which data is irreversibly removed from media. The storage media is left in a re-usable condition in accordance with IT security policy, but the data that was previously on it cannot be recovered or accessed.Secure destructionThe destruction of information assets through one or more approved methods, carried out alone or in combination with erasing, to ensure that information cannot be retrieved.Secure erasureA digital sanitization process that uses tools and industry-standard commands (e.g. ATA security erase) to erase all accessible memory locations of a data storage device.Security controlA management, operational, or technical high-level security requirement  needed for an information system to protect the confidentiality, integrity, and availability of its IT assets. Security controls can be applied by using a variety of security solutions that can include security products, security policies, security practices, and security procedures.Separation of dutiesA security principle stating that sensitive or critical responsibilities should be shared by multiple entities (e.g. staff or processes), rather than a single entity, to prevent a security breach.Spear phishingThe use of spoofed emails to persuade people within an organization to reveal their usernames or passwords. Unlike phishing, which involves mass mailing, spear phishing is small-scale and well targeted.Symmetric keyA cryptographic key used to perform the cryptographic operation and its inverse operation (e.g. encrypt and decrypt, create a message authentication code and verify the code).T. TEMPESTThe name for specifications and standards for limiting the strength of electromagnetic emanations from electrical and electronic equipment which lead to reduced vulnerability to eavesdropping. This term originated in the U.S. Department of Defense.Threat and risk assessmentA process of identifying system assets and how these assets can be compromised, assessing the level of risk that threats pose to assets, and recommending security measures to mitigate threats.Threat eventAn actual incident in which a threat agent exploits a vulnerability of an IT asset of value.TRASee threat and risk assessment.TrojanA malicious program that is disguised as or embedded within legitimate software.Two-factor authenticationA type of multi-factor authentication used to confirm the identity of a user. Authentication is validated by using a combination of two different factors including: something you know (e.g. a password), something you have (e.g. a physical token), or something you are (a biometric).Two-step verificationA process requiring two different authentication methods, which are applied one after the other, to access a specific device or system. Unlike two-factor authentication, two-step verification can be of the same type (e.g. two passwords, two physical keys, or two biometrics). Also known as Two-step authentication.U. Unpatched applicationA supported application that does not have the latest security updates and/or patches installed.V. Virtual Private NetworkA private communications network usually used within a company, or by several different companies or organisations to communicate over a wider network. VPN communications are typically encrypted or encoded to protect the traffic from other users on the public network carrying the VPN.VirusA computer program that can spread by making copies of itself. Computer viruses spread from one computer to another, usually without the knowledge of the user. Viruses can have harmful effects, ranging from displaying irritating messages to stealing data or giving other users control over the infected computer.VPNSee virtual private network .VulnerabilityA flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations.Vulnerability assessmentA process to determine existing weaknesses or gaps in an information system's protection efforts.W. WormA malicious program that executes independently and self-replicates,  usually through network connections, to cause damage (e.g. deleting files, sending documents via email, or taking up bandwidth).X. Y. Z. Zero dayA zero-day vulnerability is a software vulnerability that is not yet known by the vendor, and therefore has not been mitigated. A zero-day exploit is an attack directed at a zero-day vulnerability.
Topics
  • Topic
  • Tf
  • Position
  • security
  • 48
  • 24
  • network
  • 38
  • 24
  • information
  • 38
  • 24
  • system
  • 37
  • 24
  • access
  • 25
  • 24
  • data
  • 25
  • 24
  • computer
  • 23
  • 24
  • control
  • 19
  • 24
  • service
  • 17
  • 24
  • user
  • 16
  • 24
  • asset
  • 13
  • 24
  • process
  • 13
  • 24
  • unauthorized
  • 12
  • 24
  • cryptographic
  • 12
  • 24
  • organization
  • 10
  • 24
  • software
  • 10
  • 24
  • device
  • 10
  • 24
  • national
  • 9
  • 24
  • level
  • 9
  • 24
  • comsec
  • 9
  • 24
  • key
  • 8
  • 24
  • material
  • 8
  • 24
  • program
  • 8
  • 24
  • threat
  • 8
  • 24
  • zone
  • 8
  • 24
  • protect
  • 8
  • 24
  • risk
  • 8
  • 24
  • information system
  • 7
  • 24
  • interface
  • 7
  • 24
  • type
  • 7
  • 24
  • vulnerability
  • 7
  • 24
  • national interest
  • 6
  • 24
  • security control
  • 6
  • 24
  • unauthorized access
  • 5
  • 24
  • access control
  • 4
  • 24
  • denial service
  • 3
  • 24
  • service attack
  • 3
  • 24
  • network system
  • 3
  • 24
  • comsec material
  • 3
  • 24
  • system network
  • 3
  • 24
  • computer program
  • 3
  • 24
  • access computer
  • 3
  • 24
  • threat actor
  • 3
  • 24
  • interface point
  • 3
  • 24
  • maliciou code
  • 3
  • 24
  • user access
  • 3
  • 24
  • computer network
  • 3
  • 24
  • telecommunication information
  • 3
  • 24
  • sensitive information
  • 3
  • 24
  • denial
  • 3
  • 24
  • security requirement
  • 3
  • 24
  • end system
  • 3
  • 24
  • network security
  • 3
  • 24
  • day
  • 3
  • 24
Result 25
TitleCybersecurity Glossary For - Inter-American Committee on ...
Urlhttps://portalcip.org/wp-content/uploads/2019/07/HA-CIP-Cybersecurity-Glossary.pdf
DescriptionREFERENCE: Glossary on Cybersecurity Terms. Dear CIP Member: HudsonAnalytix – Cyber (HA-Cyber), as an Associate member of the CIP, and as an active member ...
Date
Organic Position25
H1
H2
H3
H2WithAnchors
Body
Topics
  • Topic
  • Tf
  • Position
Result 26
TitleBasic Cybersecurity Terms Everyone Should Know - TECHLINQ
Urlhttps://www.techlinq.com/basic-cybersecurity-terms-everyone-should-know/
DescriptionIf the only cybersecurity terms you know are “virus” and “hacking,” now is the time to expand your cybersecurity vocabulary.
DateJan 3, 2022
Organic Position26
H1
H2
H3
H2WithAnchors
Body
Topics
  • Topic
  • Tf
  • Position
Result 27
Title15 Cybersecurity Terms You Need to Know
Urlhttps://digitalskills.cpie.csulb.edu/cybersecurity/15-cybersecurity-terms-you-need-to-know/
DescriptionTo best implement safe cyber practices in your life, it's important you know fundamental cybersecurity terminology to better protect you and your family's ...
Date
Organic Position27
H1
H2
H3
H2WithAnchors
Body
Topics
  • Topic
  • Tf
  • Position
Result 28
Title10 Cybersecurity Terms Every Business Leader Should Know | Inc.com
Urlhttps://www.inc.com/neill-feather/10-cybersecurity-terms-every-business-leader-should-know.html
DescriptionIn cybersecurity, education is your best defense
DateOct 28, 2019
Organic Position28
H110 Cybersecurity Terms Every Business Leader Should Know
H21. Botnet
2. CMS (Content Management System)
3. Data Breach
4. DDoS (Distributed Denial of Service)
5. Malware
6. Phishing
7. Ransomware
8. SQLi
9. VPN (Virtual Private Network)
10. XSS (Cross-Site Scripting)
H3In cybersecurity, education is your best defense
H2WithAnchors1. Botnet
2. CMS (Content Management System)
3. Data Breach
4. DDoS (Distributed Denial of Service)
5. Malware
6. Phishing
7. Ransomware
8. SQLi
9. VPN (Virtual Private Network)
10. XSS (Cross-Site Scripting)
Body10 Cybersecurity Terms Every Business Leader Should KnowIn cybersecurity, education is your best defense.ShapeBy Neill Feather, Chief innovation officer, [email protected] ImagesSmall business owners wear a lot of hats, from CEO to CFO to CIO. However, as business moves increasingly online and cybercriminals up their game, the cybersecurity role is shifting to the forefront for business owners, catching many off guard.Unfortunately, bad actors take advantage of the fact that small businesses don't have the same means as large enterprises to protect themselves from cyberattacks. Forty-three percent of data breaches target small- and medium-sized businesses, and 80 percent of those organizations don't have the resources to recover should they fall victim to a cyberattack.A basic knowledge of cybersecurity best practices goes a long way for owners looking to protect their companies from cyberattacks. Although learning about cybersecurity can seem daunting, you don't need to be an expert to help protect your business from security breaches. Even learning the basics of cybersecurity can help you keep your business secure in the digital age. To jump-start your cyber education, here are the top 10 cybersecurity terms that all small business owners should know.1. Botnet . A botnet is a network of connected devices that have been infected with malware and are under the control of a malicious third party. The third party then uses this group of breached devices to commit crimes and carry out cyberattacks, including DDoS attacks (see term below).2. CMS (Content Management System). A content management system (CMS) is software that helps users build a website without advanced technical knowledge. Some of the most popular CMSs are WordPress, Joomla! and Drupal. The downside is that websites built on CMSs are more vulnerable to bad actors. This is largely because CMSs work in conjunction with additional features that may require separate security updates that a novice website builder may not be aware of or know to keep updated. 3. Data Breach. A data breach is a security incident where information such as passwords, email addresses, social security numbers and credit card details are accessed without authorization and often used to commit crimes such as identity theft and fraud.4. DDoS (Distributed Denial of Service). A DDoS attack takes place when cybercriminals use a botnet to target and overwhelm a website with requests, which slows or crashes the site so users can't access it. Recovering from a DDoS attack can be extremely expensive for small businesses. In fact, a single DDoS attack costs a small business $120,000 on average.5. Malware. Malware is malicious software that infects users' computers or devices to take advantage of their data. Once the user's computer is infected, the malware can inflict severe damage, such as stealing sensitive data, logging keystrokes, and corrupting files. Users are often unaware when malware gets downloaded onto their computer or attacks their website which is why installing antivirus software and a web application firewall (WAF) is a must for preventing and detecting malware. 6. Phishing. Phishing emails appear in users' inboxes and often appear legitimate, but are actually designed to trick people into handing over sensitive information. This often includes payment details such as credit card and bank account information. Always be wary of unexpected emails that ask you to send payment information electronically.7. Ransomware. Ransomware is a type of malware that's most commonly delivered by email attachment. When a user downloads the attachment, the ransomware gets activated and prevents the user from accessing their systems and data. The user is then informed their data will remain encrypted unless they pay their attackers.8. SQLi. An SQL injection (SQLi) inserts malicious code into a web application, often a contact form or other type of input field. Attackers can then breach the application's data contents, sneak into your website's database, or even take control of your website.9. VPN (Virtual Private Network). A virtual private network (VPN) is a service that allows users to securely connect to the internet. It encrypts a user's data and transmits it through remote servers so malicious third parties can't intercept browsing data. By using a VPN, you can evade bad actors snooping on public Wi-Fi networks looking to steal your private information. 10. XSS (Cross-Site Scripting). A cross-site scripting (XSS) attack takes advantage of a website's security vulnerabilities to embed malicious code into one of the site's applications or webpages. In many cases, this code directs visitors to webpages that appear normal but were really set up by bad actors to steal their personal information.As a small business owner, you need to be a jack of all trades just to keep your business afloat. But the cybersecurity role can be extremely intimidating due to the growing sophistication of cybercriminals.When it comes to cybersecurity, education is your best defense. If you make an effort to improve your own security knowledge, you can gain the upper hand over bad actors targeting your small business. Oct 28, 2019Sponsored Business Content
Topics
  • Topic
  • Tf
  • Position
  • business
  • 15
  • 28
  • data
  • 11
  • 28
  • user
  • 11
  • 28
  • cybersecurity
  • 9
  • 28
  • malware
  • 8
  • 28
  • small
  • 7
  • 28
  • website
  • 7
  • 28
  • small business
  • 6
  • 28
  • ddo
  • 6
  • 28
  • security
  • 6
  • 28
  • attack
  • 6
  • 28
  • ddo attack
  • 5
  • 28
  • bad actor
  • 5
  • 28
  • owner
  • 5
  • 28
  • bad
  • 5
  • 28
  • actor
  • 5
  • 28
  • breach
  • 5
  • 28
  • maliciou
  • 5
  • 28
  • information
  • 5
  • 28
  • data breach
  • 4
  • 28
  • business owner
  • 4
  • 28
  • network
  • 4
  • 28
  • content
  • 4
  • 28
  • email
  • 4
  • 28
  • site
  • 4
  • 28
  • application
  • 4
  • 28
  • party
  • 3
  • 28
  • system
  • 3
  • 28
  • software
  • 3
  • 28
  • cmss
  • 3
  • 28
  • computer
  • 3
  • 28
  • ransomware
  • 3
  • 28
  • code
  • 3
  • 28
  • vpn
  • 3
  • 28
  • private
  • 3
  • 28
Result 29
TitleCybersecurity Terms and Definitions - CyberPolicy®
Urlhttps://www.cyberpolicy.com/glossary
DescriptionLearn more about cybersecurity and the technology behind it with our cyber glossary
Date
Organic Position29
H1Cyber Glossary
H2
H3insurance
insurance tools
cyber security
ABOUT
H2WithAnchors
BodyCyber GlossaryLearn more about common and not so common cybersecurity terminology.ABCDEFGHIJKLMNOPQRSTUVWXYZ Acceptable Interruption Window Sometimes, an organization's critical systems or applications are interrupted. An acceptable interruption window is the maximum amount of time allowed for restoration of critical systems and applications such that the business goals are not negatively affected. Acceptable Use Policy An acceptable use policy establishes the rules that one must agree to in order to be provided access to a network or internet. The policy also sets guidelines on how the network should be used. Access Control List An access control list (ACL) is a list of permissions attached to an object in a computer file. Each ACL contains a list of access control entries (ACE) that specifies which users or system processes are granted access, denied access or are audited for a securable object. Access Path An access path is a process where a specified quantity of material moves as a unit between work stations, while maintaining its unique identity. In database management system (RDBMS) terminology, access path refers to the path chosen by the system to retrieve data after a SQL request is executed. Access Point An access point is a computer networking device which allows a Wi-Fi compliant device to connect to a wired network wirelessly. It usually connects via a router. It is frequently referred to as a WAP (wireless access point). Access Profile An access profile is accessibility information about a user that is stored on a computer. A profile includes the user's password, name and what information/systems they are allowed or denied access to. Access Rights Access rights are permissions that are granted to a user, or an application, to view, modify or delete files in the network. These rights can be assigned to a particular client, server, folder, specific programs or data files. Access Type Access type is used to specify attributes. It is applied to an entity class, mapped superclass or embeddable class. Account Manager An account manager in an organization is responsible for the management of sales and relationships with particular customers, so that they will continue to use the company for business. Accountability Accountability in the cyber security space entails ensuring that activities on supported systems can be traced to an individual who is held responsible for the integrity of the data. Accounting Legend Code Accounting legend code (ALC) is the numeric code assigned to communications security (COMSEC) material. It indicates the degree of accounting and minimum accounting controls required for items to be accountable within the control systems. Active Defense Active defense refers to a process, whereby an individual or organization takes an active role to identify and mitigate threats to the network and its systems. Active Security Testing Active security testing is security testing which involves directly interacting with a target, such as sending packets. Ad Hoc Network An ad hoc network is a local area network (LAN) that spontaneously builds as devices connect. An ad hoc network does not rely on a base station to coordinate different points, rather the individual base nodes forward packets to and from each other. Administrative Safeguards Administrative safeguards are a special set of the HIPPA security rules. Administrative safeguards focus on internal organization, policies and procedures, and the maintenance of security managers which are in place to protect sensitive patient information. Advanced Encryption Standard The advanced encryption standard (AES), also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST). The algorithm described by AES is a symmetric-key algorithm, where the same key is used for both encrypting and decrypting the data. Advanced Penetration Testing Advanced penetration testing is the process where a network is penetrated intentionally to discover vulnerabilities which make it open to harmful intruders. These vulnerabilities are then addressed and remedied early. Advanced Persistent Threat An advanced persistent threat (APT) is a type of network attack. An unauthorized person gains access to a network and stays there undetected for a long period of time, with an intention to steal data rather than to cause direct damage to the network. Adversary In cryptography, an adversary has malicious intent to prevent the users of the cryptosystem from achieving their goal by threatening the privacy, integrity and availability of data. This could be done by discovering secret data, corrupting some of the data, spoofing the identity of a message sender, or forcing system downtime. Adware Adware is a type of software that displays or downloads unwanted advertisements on your system. Some adware which are designed to be malicious act at a speed and frequency that slows down the system and ties up resources. Adware often includes code that tracks a user's personal information and passes it on to a third party. Having multiple adware slows down your computer significantly. Alert Situation An alert situation is when the interruption in an enterprise is not resolved even after the competition of the threshold stage, an alert situation requires the enterprise to start escalation procedure. Alternate Facilities Alternate facilities are secondary backup facilities where high-priority emergency tasks can be performed when primary facilities are interrupted and made unavailable. These facilities include offices and data processing centers. Alternate Process An alternate process is a back-up process devised to help continue business critical processes without any interruption, from the time the primary enterprise system breaks down to the time of its restoration. Analog An analog is a transmission signal that varies in signal strength (amplitude) or frequency (time). While the higher and lower points of the wave denote the value of signal strength, the physical length of the wave indicates the value of time. Anti Malware Anti-malware refers to a software program that prevents, detects and remediates malicious programming on computing devices or IT systems. Anti Virus Software A program that is designed to detect and destroy computer viruses. App Attack An app attack describes the scenario when a user unknowingly installs a malicious app on a device, which in turn steals their personal data. Application Layer An application layer is an abstraction layer that specifies the shared protocols and interface methods used by hosts in a communications network. It is one of the seven layers in both of the standard models of computer networking: the Internet Protocol Suite (TCP/IP) and the Open Systems Interconnection model (OSI model) Architecture Architecture refers to a structure that defines the fundamentals of a system or an organization, its components, and the relationship across components. Ultimately, it aims to guide the system or organization towards its goals. Asset An asset is a resource. In accounting, the assets of an organization include all the equity a business has (what the business owns), minus its liabilties (what the business owes). Assurance Assurance in cybersecurity refers to the the level of confidence that the information system architecture meditates and enforces the organization's security policy. Asymmetric Key Asymmetric Key Cryptography, also known as Public key cryptography, is an cryptographic system that uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner. Attack An attack is a malicious intent to gain unauthorized access to a system , or compromise system integrity or confidentiality. It interrupts the operations of a network. Attack Mechanism An Attack Mechanism is a system or strategy by which a target is hit; the attacker may use different attack mechanisms such as a container or payload to hit the intended target. Attack Vector An Attack Vector is a means a cracker enters the targetted system through exploiting vulnerabilities in the system. Attenuation Attenuation happens when signal strengths become weak after transmitting over long distances. Audit trail Audit trail is a documented record of events or transactions. It allows the auditor to trace a piece of information to its origin and to reconstruct past system activities. This helps to maintain security and recover any lost data. Authentication Authentication is the proces of confirming the correctedness of the claimed identity of an individual user, machines or software component, to allow access to the system. Authenticity Authenticity is the proof that a claimed identity is legitimate. Authorization Authorization is the right, permission or empowerment that is granted to a system entity to access the system resource and do something. Availability Availability is the time duration a system or resource is ready for use. Backdoor A backdoor bypasses normal security authentications to enter a system. Backdoors are created by developers to speed access through security during the development phase. When they are not properly removed during final implementation, hackers can use backdoors to bypass security implementations and threaten the security of the system. Badware Malware, Adware and Spyware. Bandwidth Bandwidth is the volume of information that can pass through a network for a given period. It specifies the capacity of the communciation channel, and is usually measured in bits per second. Banner A banner is a display on an information system that sets the parameters for system or data use. Banner Grabbing Banner grabbing is the process of grabbing banner information such as the application type and version. This information is then transmitted by a remote port when a connection is initiated. Baseline Security Baseline security is the minimum set of security controls required for safeguarding an IT system. Baseline security is based upon a system's identified needs for confidentiality, integrity and availability protection. Bastion A Bastion is a system of high level of security protection that offers very strong protection against attacks. Bastion Host A bastion host is a special services computer on a network that is designed to withstand attacks. Behavioral Outcome A Behavioral outcome is what an individual who has completed a specific training module is expected to accomplish on regular IT security job performance. Biometrics Biometrics is a type of security system, which uses unique physiological characteristics of a person such as fingerprints, DNA, hair for identification purposes. Bit Error Rate A bit error rate is the ratio between the number of bits incorrectly received and the total number of bits transmitted in a telecommunications system. Black Core A black core is a communication network architecture in which user data traversing a global internet protocol (IP) is end-to-end encrypted at the IP layer. Black Hat A Black Hat Hacker is the “bad guy” who violates computer security for little reasons beyond maliciousness or personal gain. Black Hat Hackers may share information about the hack with other black hats so that the same vulnerabilities can be exploited before the victim becomes aware and takes appropriate measures. Blacklisting Software A form of filtering that blocks only websites specified as harmful. Parents and employers sometimes use such software to prevent children and employees from visiting certain blacklisted websites." Blended Attack A blended attack is a hostile action with the intent of spreading malicious code. Blended Threat A blended threat is a computer network attack that tries to maximize the severity of damage by combining various attack methods. combine the characteristics of viruses, worms, trojan horses, and malicious code with system and internet vulnerabilities to initiate, transmit and spread an attack. Block Cipher A Block Cipher algorithm is a family of functions and their inverses parameterized by a cryptographic key in which the function map bit strings of a fixed length to bit strings of the same length.  It is a method used to cipher text, information by encrypting data in blocks, strings, or group at a time rather encrypting individual bits. Block Cipher Algorithm A Block cipher algorithm is a family of functions parameterized by a cryptographic key. The function map bit strings of a fixed length to bit strings of the same length. Bot A bot is a software “robot” that performs an extensive set of automated tasks on its own. Search engines like Google use bots, also known as spiders, to crawl through websites in order to scan and rank pages.When black hats use a bot, they can perform an extensive set of destructive tasks, as well as introduce many forms of malware to your system or network. They can also be used by black hats to coordinate attacks by controlling botnets. Botnet A botnet is a remote network of zombie drones under the control of a black hat. Attackers use various malware and viruses to take control of computers to form a botnet (robotic network), which will send further attacks such as spam and viruses to target computers or networks. Most often, the users of the systems will not even know they are involved. Bridge A bridge is an electronic device that connects two networks such as LAN that uses the same protocol such as Ethernet or Token Ring, and creates two distinct LAN's or Wide Area Networks. Operating at the Data Link Layer of the Open System Interconnect model, bridges have the ability to filter the information and can pass such information to the right nodes, or decide not to pass any information. They also help in streamlining or reducing the volume of traffic on a LAN by dividing the data into two segments. Broadcast A Broadcast is a process of transmitting the same message to multiple users simultaneously without the need for acknowledgement from users. Brute Force Brute Force is a computing method that relies on strong algorithms and computing techniques to find the ultimate solution to a given issue. Brute Force Attack A Brute Force Attack is the process of finding the solution by trying many probable variants of information such as passwords, deciphered keys, randomly. Buffer Overflow A Buffer Overflow is a type of programmatic flaw, when a program tries to store excess overload of data to a buffer than it can hold. Since there is a limit on how much data a buffer can hold, any surplus data overflows to the adjoining buffers. This causes data stored in those buffers to be overwritten, and triggering unpredictable consequences. Business continuity management Business Continuity Management refers to preparing for and maintaining continued business operations following disruption or crisis. Business Continuity Plan A Business Continuity Plan, also known as business emergency plan, offers safeguards against a disaster, and outlines the strategies, action plan on how to continue business as usual in the event of any disaster. Business Impact Analysis/Assessment A Business Impact Analysis is the process of evaluating and identifying risks and threats that a business might face in the event of an accident, disaster, or an emergency. It evaluates the possible risk to tangible and intangible assets such as personal, infrastructure, data and goodwill. In addition, it offers steps needed to recover from any such disasters. C2 C2 is a computer security class defined in the Trusted Computer System Evaluation Criteria. C2 Infrastructure Data C2 Infrastructure Data consists of domains, IP addresses, protocol signatures, email addresses, payment card data, etc. Central Services Node A Central Services Node is the Key Management Infrastructure core node that provides central security management and data management services. Certificate Authority In cryptography, a certificate authority is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. Certificate Management Certificate Management is the process in which certificates are generated, used, transmitted, loaded and destroyed. Certification Revocation List A Certificate Revocation List is an independent third party that verifies the online identity of an entity. They issue digital certificates that contains information about the owner of the certificate and details of the certificates, thus verifying the identity of the owner. Chain of Custody A Chain of Custody is a chronological documentation of how electronic evidence is handled and collected. It also contains information on how has access to it. Chain of Evidence The chain of evidence shows who obtained the evidence, where the evidence came from, also who secured, had control and possession of the evidence. The chain of evidence goes in the following order: collection and identification; analysis; storage; preservation; presentation in court; return to owner. Challenge Response Protocol Challenge Response Protocol is a authentication protocol, where the verifier sends the user a challenge. When the challenge is solved with a private key operation, access is then allowed. Chargeback A payment card transaction where the supplier initially receives payment but the transaction is later rejected by the cardholder or the card issuing company. The supplier's account is then debited with the disputed amount. Checksum A Numerical value that helps to check if the data transmitted is the same as the data stored and that the recipient has error free data. It is often the sum of the numerical values of bits of digital data stored, this value should match with the value at the recipients end, and a mismatch in the value indicates an error. Chief Information Security Officer A Chief Information Security Officer is a senior level executive of an organization entrusted with the responsibilities of protecting the information assets of the businesses and making sure that the information policies of the organization align with the objectives of the organization. Chief Security Officer A Chief Security Officer is an executive of the company with assigned responsibility to protect assets such as the infrastructure, personnel, including information in digital and physical form. Cipher In cryptography, a cipher is an algorithm for performing encryption or decryption of code. This process encrypts data into code, or decipher the code to a required key. Cipher Text Cipher Text is data converted from plain text into code using algorithm, making it unreadable without the key. Ciphony Ciphony is the process of enciphering audio information with the result of encrypted speech. Claimant A claimant is the party who needs to be identified via an authentication protocol. Clear Desk Policy A policy that directs all personnel to clear their desks at the end of each working day, and file everything appropriately. Desks should be cleared of all documents and papers, to ensure that sensitive papers and documents are not exposed to unauthorized persons outside of working hours. Clear Screen Policy Clear Screen Policy is a policy that directs all computer users to ensure that the contents on screen are protected from prying eyes. The easiest way is to use a screen saver that engages either on request or after a specified short period of time. Cleartext Cleartext is data in ASCII format or data that is not coded or encrypted. All applications and machines support plain text. Clinger Cohen Act of 1996 The Clinger–Cohen Act (CCA), formerly the Information Technology Management Reform Act of 1996 (ITMRA), is a 1996 United States federal law, designed to improve the way the federal government acquires, uses and disposes information technology (IT). Cloud Computing Cloud Computing is a platform that utilizes shared resources rather than a local server to access information. Information is stored on, and can be retrieved form the cloud or internet. Cloud computing allows remote sharing of files, data and facilitates remote working, as long as users are connected to the internet. Cold Site A cold site is a backup site that can became operational fairly quickly, usually in one or two days. A cold site might have all the standard office things such as furniture and telephones, however there is unlikely to be any computer equipment in a cold site. Basically, a cold site is a backup facility ready to receive computer equipment should it need to move to an alternate location. Collision A collision is a situation where two or more devices try sending requests or transmit data to the same device at the same time. Common text Common text is a series of requirements defined by the International Organization for Standardization, that are being incorporated in all management system International Standards as they are revised. Compartmentalization Compartmentalization is a technique of protecting confidential information by revealing it only to a few people, to those who actually need to know the details to perform their job. Thus, by restricting access to information, data the risk to business objectives is limited. Compliance Compliance is the act of adhering to the set standards, rules, and laws of regulatory bodies and authorities. For example, in software, installation process abides by the vendor license agreement. Compliance Documents A Compliance Document is a document detailing the actions required to comply or adhere to the set standards by regulatory bodies. Any violations of the said rules attract punitive actions from the regulatory bodies. Compromise A compromise is the violation of the company's system security policy by an attacker. It can result in the modification, destruction or theft of data. Computer crime Computer crime refers to form of illegal act involving electronic information and computer equipment. Computer Forensics Computer Forensics is the process of analyzing computer devices which are suspected for crime, with the aim of gathering evidence for presentation in a court of law. Computer forensics offer many tools for investigation and analysis to find out such evidence. Computer fraud Computer fraud is a computer crime that an intruder commits to obtain money or something of value from a company. Computer fraud can involve the modification, destruction, theft or disclosure of data. Often, all traces of the crime are covered up. Confidentiality Confidentiality ensures that rules are set that places restrictions on access to, or sharing of information with the aim of preserving and protecting the privacy of the information. Configuration Control Configuration control is a process for controlling modifications to hardware, firmware, software, and documentation to ensure the information system is protected against improper modifications before, during, and after system implementation. Configuration Management Configuration management (CM) is a systems engineering process for ensuring consistency of a product's performance, functional, and physical attributes with its requirements, design, and operational information. Conflict-of-interest Escalation Conflict of interest Escalation is a present procedure for escalating a security incident if any members of the support or security teams are suspect. Consumerization Consumerization refers to new trends or changes in enterprise technology as more and more consumers embrace such technology. Employees use devices for personal use and as they gain wide acceptance, even organizations start using such technologies. Containment Containment is steps taken to control any further risks when identifying a threat. Content Filtering Content Filtering is a process by which access to certain content, information, data is restricted or completely blocked based on organization's rules, by using either software or hardware based tools. Continuous Process Continuous Process is a process that operates on the basis of continuous flow, as opposed to batch, intermittent, or sequenced operations. Control Control is the regulations taken to prevent unauthorized use of any company's system resources by external intruders or unauthorized employees. Control Algorithm A control algorithm is a mathematical representation of the control action to be performed. Control Center The control centre is an equipment structure from which a process is measured, controlled, and/or monitored. Control Loop A control loop is a combination of field devices and control functions arranged so that a control variable is compared to a set point and returns to the process in the form of a manipulated variable. Control Network Control network of an enterprise is typically connected to equipment that controls physical processes and that is time or safety critical. The control network can be subdivided into zones, and there can be multiple separate control networks within one enterprise and site. Control Server Control Server is a server that hosts the supervisory control system, typically a commercially available application for DCS or Scada system. Control System A control system is a system in which deliberate guidance or manipulation is used to achieve a prescribed value for a variable. control systems include scada, dcs, plcs and other types of industrial measurement and control systems. Controlled Variable A controlled variable is the variable that the control system attempts to keep at the set point value. The set point may be constant or variable. Cookie A cookie is a small packet of information which your computer’s browser stores when you visit a web server. The stored information(e.g. A set of forms) is used to customize your next visit to the same web server. Countermeasure A Countermeasure is a defensive mechanism that helps mitigate risk, threat, to a network or computers, using a process, system or a device. Cracker A cracker, also known as a black hat hacker, is an individual with extensive computer knowledge whose purpose is to breach or bypass internet security or gain access to software without paying royalties. As opposed to hackers who can be internet security internet experts to hire vulnerabilities in systems, crackers has the malicious intent to do damage for criminal gain. CRC   CRC refers to a cyclic redundancy check. The CRC is an error-detecting code commonly used to detect accidental changes to raw data. It identifies the error so that corrective action can be taken against corrupted data. Crimeware  Crimeware refers to any malware that's used to compromise systems such as servers and desktops - the majority of these incidents start through web activity, not links or attachments in email. Critical Infrastructure Critical Infrastructure is the fundamental system of an organization that is important for its survival. Any threat to such basic systems would push the entire organization in to jeopardy. Criticality Criticality is the level of importance assigned to an asset or information. The organization may not function effectively and efficiently in the absence of an asset or information that is highly critical. Criticality Analysis Criticality Analysis is evaluating the importance of an asset or information to an organization; and the effects its failure would have on the overall performance of the organization. CRITs  CRITs (Collaborative Research Into Threats) is an open source malware and threat repository. It work by leveraging open source software to create a unified tool for security experts engaged in threat defense. Cross-Site Scripting Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Cryptography Cryptography is a method to of protect the privacy of information by encrypting it into a secret code, so no one but the authorized person with an encryption key can read or view the information. Cryptosystem A system or an algorithm to encrypt plain text to secret code or cipher text to protect the privacy of information stored. A key helps convert plain text to cipher text and vice-versa. Cyber Relating to, or characteristic of, the culture of computers, information technology and virtual reality (OED) Cyber espionage Cyber Espionage is the use of computer networks to gain illicit access to confidential information. Cybersecurity Cybersecurity are the processes employed to safeguard and secure crucial information of an organization. Identity management, risk management and incident management form the crux of cyber security strategies of an organization. Cybersecurity Architecture Cybersecurity Architecture is the information security layout that describes the overall structure, including its various components, and their relationships in an organization. It displays how strong the data security, controls and preventive mechanisms implemented in the organization. Cybercop A Cybercop is a law enforcement officer entrusted with the responsibilities of monitoring online activities to control criminal activities online or cybercrimes. CybOX  CybOX (cyber observable expression) is standard language for cyber observables (i.e. a schema). Cyber Observables is " a measurable event or stateful property in the cyber domain". Cycle Time Cycle time is the time for a controller to complete one control loop where sensor signals are read into memory, control algorithms are executed, and corresponding control signals are transmitted to actuators that create changes the process resulting in new sensor signals. DarknetA darknet is a private file sharing network where connections are made only between trusted peers using non-standard protocols and ports. Darknets networks are anonymous, and therefore users can communicate with little fear of governmental or corporate interference. Data AssetA data asset is any entity that is comprised of data; for example, a database is an example of a data asset. A system or application output file, database, document, or Web page are also considered data assets. Data assets can also be a service that may be provided to access data from an application. Data ClassificationData Classification is a data management process that involves of categorizing and organizing data into different classes based on their forms, types, importance, sensitivity, and usage in an organization. Data CustodianA Data Custodian is an executive of an organization entrusted with the responsibilities of data administration, as such protecting and safeguarding data is the primary responsibility of Data custodian. Data DisclosureData disclosure is a breach where where it is confirmed that data is disclosed to an unauthorized party. Data ElementA data element is a basic unit of information that has a unique meaning and subcategories (data items) of distinct value. Gender, race, and geographic location are all examples of data elements. Data Encryption StandardA Data Encryption Standard is a form of algorithm to convert plain text to a cipher text. Data Encryption Standard uses the same key to encrypt and decrypt the data, and hence it is a symmetric key algorithm. Data Flow ControlData flow control is another term for information flow control. Data HistorianA data historian is centralized database supporting data analysis using statistical process control techniques. Data LeakageData Leakage is the accidental or intentional transfer and distribution of private and confidential information of an organization without its knowledge or the permission. Data OwnerA Data Owner is an executive entrusted with the data accuracy and integrity in an organization. Such an individual has complete control over data, and can limit the access of data to people and assign permissions. Data RetentionData Retention is the process of storing and protecting data for historical reasons and for data back up when needed. Every organization has its own rules governing data retention within the organization. Data serverData Server is a computer or program that provides other computers with access to shared files over a network. Data Transfer DeviceThe Data Transfer Device (DTD) is an electronic fill device designed to replace the existing family of common electronic fill devices. DatabaseA database is a systematic collection and organization of information so that information can be easily stored, retrieved, and edited for future use. DC Servo DriveDC Servo Drive is a type of drive that works specifically with servo motors. It transmits commands to the motor and receives feedback from the servo motor resolver or encoder. DDoSDistributed denial of service is a type of DOS attack where multiple compromised systems, which are often infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) attack. It is analogous to a group of people crowding the entry door or gate to a shop or business, and not letting legitimate parties enter into the shop or business, disrupting normal operations. DecentralizationDecentralization is the process of distributing functions, authorities among different people or to different locations. Declaration of conformityA declaration of conformity is a confirmation issued by the supplier of a product that specified requirements have been met. DecryptionDecryption is the process of decoding cipher text to plain text, so it is readable by the user. It is the opposite of encryption, the process of converting plain text to cipher text. Decryption KeyA decryption key is a piece of code that is required to decipher or convert encrypted text or information into plain text or information. Defense-in-DepthDefense in Depth is the process of creating multiple layers of security to protect electronics and information resources against attackers. Also called as Castle approach, it is based on the principle that in the event of an attack, even if one layer fails to protect the information resource other layers can offer defense against the attack. Demilitarized ZoneA Demilitarized Zone is a firewall setting that separates the LAN of an organization from the outside world or the internet. Demilitarized Zone (DMZ) makes certain resources servers, etc., available to everyone, yet keeping the internal LAN access private, safe and secure offering access only to authorized personnel. Denial of Service AttackA Denial of Service attack is an attack designed to make a targeted site inaccessible, through overwhelming the targeted website. A successful Denial of Service attack can cripple any entity that relies on its online presence by rendering their site virtually useless. Diamond ModelDeveloped by one of ThreatConnect’s founders, and the primary methodology used by ThreatConnect, the Diamond Model breaks each cyber event into four vertices or nodes. These vertices represent an Adversary, Capability, Infrastructure, and Victim. The connections between the vertices form a baseball diamond shape. Through this system analysts are able to derive a multidimensional picture of the underlying relationships between threat actors and their tools, techniques and processes. Dictionary AttackA dictionary attack is a password-cracking attack that tries all of the words in a dictionary. Digital CertificateA Digital Certificate is a piece of information that guarantees that the sender is verified. The digital certificate is the electronic equivalent of an ID card that establishes your credentials when doing business or other transactions on the Web. Otherwise known as Public Key Information, Digital certificate is issued by Certificate Authority, and helps exchange information over the internet in a safe and secure manner. Digital EvidenceDigital evidence is electronic information stored or transferred in digital form. Digital ForensicsDigital Forensics is the process of procuring, analyzing and interpreting electronic data to present it in as an acceptable evidence in a legal proceedings in a court of law. Digital SignatureA Digital Signature is an electronic code that guarantees the authenticity of the sender of information as who he claims to be. Digital signatures use the private key information of the sender and cannot be imitated or forged, easily. DisasterA disaster is a sudden catastrophe that result in serious damages to the nature, society, human life, and property. Disaster in business or commercial sense disable an enterprise from delivering the essential tasks for a specified period; for organisations disasters may result in loss of resources, assets, including data. Disaster Recovery PlanA Disaster Recovery Plan (DRP) prescribes steps required to carry on the business as usual in the event of a disaster. Disaster recovery plan aims to bring business activities back to normalcy in the shortest possible time. An in-depth understanding of a business's critical processes and their continuity needs is required to create the plan. Discrete ProcessA discrete process is a type of process where a specified quantity of material moves as a unit between work stations and each unit maintains its unique identity. Discretionary Access ControlDiscretionary Access Control is a security measure, by which the owner can restrict the access of the resources such as files, devices, directories to specific subjects or users or user groups based on their identity. It is the discretion of owner to grant permit or restrict users from accessing the resources completely or partially. Disk ImagingDisk imaging is the process of generating a bit-for-bit copy of the original media, including free space and slack space. DisruptionA disruption is unplanned event that causes the general system or major application to be inoperable for an unacceptable length of time (e.g., minor or extended power outage, extended unavailable network, or equipment or facility damage or destruction). Distributed Control SystemA distributed control system (DCS) is a computerised control system for a process or plant, in which autonomous controllers are distributed throughout the system, but there is central operator supervisory control. Distributed Denial of Service Attack (DDoS)A Distributed Denial of Service attack is a DoS Attack that is carried out using a master programme that send information and data packets to the targeted webserver from multiple systems under control. The DDOS is more devastating than a Denial of Service attack launched from a single system, flooding the target server with a speed and volume that is exponentially magnified. Distributed PlantDistributed Plant is a geographically distributed factory that is accessible through the internet by an enterprise. DisturbanceDisturbance is an undesired change in a variable being applied to a system that tends to adversely affect the value of a controlled variable. DMZThe DMZ is a segment of a network where servers accessed by less trusted users are isolated. The name is derived from the term demilitarised zone. Domain ControllerThe domain controller is a server responsible for managing domain information, such as login identification and passwords. Domain HijackingAn attack in which an attacker takes over a domain by first blocking access to the domain's DNS server and then putting his own server up in its place. Domain Name System (DNS)Domain name system is the system by which Internet domain names and addresses are tracked and regulated. Dual-Use CertificateA dual-use certificate is a certificate that is intended for use with both digital signature and data encryption services. Due CareDue Care is the degree of care a rational person would exercise in similar situations as the one at hand. It is also known as ordinary care or reasonable care is a test of a person's preparedness to act, be responsible or neglectful of responsibility. Due DiligenceDue Diligence is the process of conducting a thorough and detailed investigation, to verify the truthfulness of the information provided in the statements for analysis and review before committing to a transaction. Dumpster DivingDumpster Diving refers to the act of rummaging the trash of others to obtain useful information to access a system. Duplicate Digital EvidenceDuplicate digital evidence is a duplicate that an accurate digital reproduction of all data objects contained on the original physical item and associated media. Dynamic PortsDynamic Ports are otherwise known as private ports, these ports ranging from port number 49,152 to 65, 535 do not need any registration; these ports help any computer application communicate with any other application or program that uses transmission control protocol (TCP) or the User Datagram Protocol (UDP). E CommerceElectronic commerce or ecommerce is any type of business, or commercial transaction, that involves the transfer of information across the Internet. Easter EggA non-malicious surprise contained in a program or media, that is installed by the developer. An easter egg is undocumented, non malicious, accessible to anyone, and entertaining. Easy AccessEarly access refers to the circumstance where one breaks into a system with minimal effort by exploiting a well-familiarised vulnerability, and gaining super user access in a short time. EavesdroppingEavesdropping is when one secretly listens to a conversation. Egress"In computer networking, egress filtering is the practice of monitoring and restricting the flow of information between networks. Typically, information from a private TCP/IP computer network to the Internet is controlled. Egress FilteringEgress filtering is the filtering of outgoing network traffic. Electronic InfectionsOften called ""viruses"" these malicious programs and codes harm your computer and compromise your privacy. In addition to the traditional viruses, other common types include worms and Trojan horses. They sometimes work in tandem to do maximum damage (Blended Threat). Electronic Key EntryElectronic Key Entry is the entry of cryptographic keys into a cryptographic module using electronic methods such as a smart card or a key-loading device. Electronic Key Management SystemAn electronic key management system is an Interoperable collection of systems being developed by services and agencies of the U.S. government to automate the planning, ordering, generating, distributing, storing, filling, using, and destroying of electronic key and management of other types of COMSEC material. Electronic SignatureAn Electronic signature is the process of applying any mark in electronic form with the intent to sign a data object and is used interchangeably with digital signature. Electronically Generated KeyAn electronically generated key is a key generated in a COMSEC device by mechanically or electronically introducing a seed key into the device and then using the seed in conjunction with a software algorithm stored in the device to produce the desired key. Email IngestAutomated Email Ingest feature allows users to create structured, actionable threat intelligence with ease from emails originating from trusted sources and sharing partners or from suspected spearphishing emails. Embedded Cryptographic SystemAn embedded cryptosystem is a system performing or controlling a function as an integral element of a larger system or subsystem. Embedded CryptographyEmbedded cryptography is cryptography engineered into an equipment or system whose basic function is not cryptographic. Encapsulation Security PayloadAn Encapsulation Security Payload is an IPSec protocol that offers mixed security in the areas of authentication, confidentiality, and integrity for Ipv4 and ipv6 Network packets. Encapsulation Security Payload offers data integrity and protection services by encrypting data, anti-replay, and preserving it in its assigned IP. EncipherTo encipher is to convert plain text to cipher text via a cryptographic system. EncryptionEncryption is a data security technique, which uses an algorithm to maintain data integrity by converting plain data into a secret code. Information is encoded so that it appears as a meaningless string of letters and symbols during delivery or transmission. Only authorized users with a key can access encrypted Data. Encryption AlgorithmAn encryption algorithm is a set of mathematically expressed rules for rendering data unintelligible by executing a series of conversions controlled by a key. Encryption CertificateAn encryption certificate is a certificate containing a public key that is used to encrypt electronic messages, files, documents, or data transmissions, or to establish or exchange a session key for these same purposes. Encryption KeyAn Encryption Key is a code of variable value developed with the help of encryption algorithm to encrypt and decrypt information. End Cryptographic UnitAn end cryptographic unit is a device that (1) performs cryptographic functions, (2) typically is part of a larger system for which the device provides security services, and (3) from the viewpoint of a supporting security infrastructure (e.g., a key management system), is the lowest level of identifiable component with which a management transaction can be conducted. End-to-End EncryptionEnd-to-end encryption describes communications encryption in which data is encrypted when passing through a network with the routing information still visible. Endpoint SecurityIn network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats. EnterpriseAn enterprise in it's most basic form is a business or company, and has a responsibility to manage its own risks and performance. Enterprise ArchitectureThe enterprise architecture is the description of an enterprise's entire set of information systems: A configuration, integration and how they interface. Enterprise architecture also describes how they are operated to support the enterprise mission, and how they contribute to the enterprise's overall security posture. Enterprise Risk ManagementEnterprise Risk Management is the processes used by an enterprise to manage risks to its mission. It involves the identification and prioritization of risks due to defined threats, the implementation of countermeasures respond to threats, and assesses enterprise performance against threats and adjusts countermeasures as necessary. EntrapmentEntrapment is the deliberate planting of flaws in an information system to detect attempted penetrations. EPP EPP stands for endpoint protection platform. It is a solution that converges endpoint device security functionality into a single product that delivers antivirus, anti-spyware and security. ETDREndpoint threat detection and response EthernetEthernet is the most popular Local Area Network (LAN) technology that specifies cabling and signalling system for home or organization networks. Ethernet uses BUS topology to support data transfers and the CSMA/CD system to process requests at the same time. EVCEndpoint Visibility and Control EventAn Event is an action that a program can detect. Examples of some events are clicking of a mouse button or pressing the key. EvidenceEvidence is documents, records or any such objects or information that helps prove the facts in a case. Evil TwinsA fake wireless Internet hot spot that looks like a legitimate service. When victims connect to the wireless network, a hacker can launch a spying attack on their transactions on the Internet, or just ask for credit card information in the standard pay-for-access deal. Exercise KeyAn exercise key is cryptographic key material used exclusively to safeguard communications transmitted over-the-air during military or organized civil training exercises. ExploitAn exploit is a taking advantage of a vulnerability, weakness or flaw in the sytem to intrude and attack the system. Exploit CodeAn exploit code is a program that allows attackers to automatically break into a system. Exploitable ChannelAn exploitable channel is a channel that allows the violation of the security policy governing an information system and is usable or detectable by subjects external to the trusted computing base. External escalationExternal Escalation is the process of reporting a security breach to an individual or group outside the department, division or company in which it occurred. when a problem is escalated, responsibility for resolving that problem is either accepted or shared with the party to whom the problem is escalated. External NetworkAn external network is a network not controlled by the organization. External Security TestingExternal security testing is security testing conducted from outside the organization's security perimeter. ExtranetAn extranet is an extension of a company's intranet to include systems outside the company. It is used to facilitate easy access to databases and other sources of information between the company and its customers or suppliers. Fail SafeA Fail Safe is the automatic protection of programs and processing systems when hardware or software failure is detected. Fail SoftFail soft are systems that terminate any nonessential processing when there are hardware or software failures. FailoverFailover is a method of protecting computer systems from failure, in which standby equipment automatically takes over when the main system fails without warning or huamn intervention. False PositiveA false positive is an alert that incorrectly indicates that malicious activity is occurring. False PositivesA false positive is normal behavior that is marked as ‘different’, or possibly malicious. Too many false positives can drown out true alerts. In ThreatConnect, you can easily mark an indicator as a ‘false positive’ when viewing the details for that indicator. This allows you and your team to focus your time and effort on real threats. Fault TolerantFault Tolerant refers to the ability of a system to have built in capability to provide continued, correct execution of its assigned function in the presence of a hardware and/or software fault. Federal Information SystemThe Federal Information System is an information system used or operated by an executive agency, a contractor of an executive agency, or by another organization on behalf of an executive agency. Field DeviceA field device is an equipment that is connected to the field side on an ICS. Types of field devices include rtus, plcs, actuators, sensors, hmis, and associated communications. Field SiteA field site is a subsystem that is identified by physical, geographical, or logical segmentation within the ICS. A field site may contain RTUs, PLCs, actuators, sensors, HMIs, and associated communications. FieldbusFieldbus is a digital, serial, multi-drop, two-way data bus or communication path or link between low-level industrial field equipment such as sensors, transducers, actuators, local controllers, and control room devices. Use of fieldbus technologies eliminates the need of point-to-point wiring between the controller and each device. A protocol is used to define messages over the fieldbus network with each message identifying a particular sensor on the network. File EncryptionFile encryption is the process of encrypting individual files on a storage and permitting access to the encrypted data only after proper verification. File Name AnomalyFile name anomaly is a mismatch between the internal file header and its external extension. A File name anomaly is also a file name inconsistent with the content of the file (e.g., renaming a graphics file with a non-graphical extension). File ProtectionFile protection is the aggregate of processes and procedures designed to inhibit unauthorized access, contamination, elimination, modification, or destruction of a file or any of its contents. File SecurityFile security is the method in which access to computer files is limited to authorized users only. File Transfer ProtocolThe File Transfer Protocol (FTP) is a standard network protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client-server model architecture and uses separate control and data connections between the client and the server. FIMFile integrity monitoring (FIM) is an internal control that validates the integrity of operating system and application software files using a verification method between the current file state and the known baseline. FirewallA firewall is a security barrier that monitors and controls incoming and outgoing network traffic based on predetermined security rules, designed to keep unwanted intruders “outside” a computer system or network. A firewall should be regularly checked and updated to ensure continued function, as malicious hackers learn new tricks to breach the firewall. FloodingFlooding is an attack that attempts to cause a failure in a system by providing more input than the system can process properly. See also Denial of Service Attack. Forensic CopyForensic copy is an accurate bit-for-bit reproduction of the information contained on an electronic device or associated media, whose validity and integrity has been verified using an accepted algorithm. Forensic DiscoveryForensic discovery is the search and analysis of electronic documents. Electronic records can be found on a wide variety of devices such as desktop and laptop computers, network servers, personal digital assistants and digital phone, and exist in a medium that can only be read by using computers such as cache memory, magnetic disks, optical disks, and magnetic tapes. Forensically CleanForensically clean describes digital media that is completely wiped of all data, including nonessential and residual data, scanned for malware, and verified before use. Forward CipherA forward cipher is one of the two functions of the block cipher algorithm that is determined by the choice of a cryptographic key. FreewareFreeware is an application, program, or software available for use at no cost. Gap analysisThe comparison of actual performance against expected performance. GatewayGateways act as an entrance to another network. A node or stopping point can be either a gateway node or a host (end-point) node. Get Nearest ServerGet Nearest Server is a request packet sent by a client on an IPX network to locate the nearest active server of a particular type. GIT/GithubGitHub is a a web based graphical interface for website and mobile collaboration. It also provides access control and several collaboration features such as bug tracking, feature requests, task management, and wikis for every project. Global Information GridThe Global Information Grid (GIG) is an all-encompassing communications project of the United States Department of Defense. GNUGNU is an operating system and an extensive collection of computer software. GnutellaGnutella is a large peer-to-peer network. It was the first decentralized peer-to-peer network of its kind. GovernanceGovernance is a system for directing an organization. It includes set of rules and practices established to evaluate the conditions of the stakeholders (e.g. Management, Suppliers, financiers, customers). It also includes framework for attaining the established goals of an organization, alongside achieving a balance between the goals of organization and interests of the stakeholders. It aims to protect the interests of the organization by protecting assets of the organization, and the interests of the creditors, customers. Graduated SecurityGraduated security is a security system that provides several levels (e.g., low, moderate, high) of protection based on threats, risks, available technology, support services, time, human concerns, and economics. Gray hatA gray hat is a white hat/ black hat hybrid. A gray hat is a hacker with no intention to do damage to a system or network, but to expose flaws in the system security. However, they may use illegal means to gain access to the net work to expose the security weakness. GRCGRC stands for governance, risk and compliance GroomingGrooming is the act of cyber criminals who use the Internet to manipulate and gain trust of a minor as a first step towards the future sexual abuse, production or exposure of that minor. Sometimes, this may involve days, weeks, months or in some cases years to manipulate the minor. Group AuthenticatorA group authenticator is used sometimes in addition to a sign-on authenticator, to allow access to specific data or functions that may be shared by all members of a particular group. Guard SystemA guard system is a mechanism limiting the exchange of information between information systems or subsystems. Guessing EntropyA guessing entropy is a measure of the difficulty that an Attacker has to guess the average password used in a system. In this document, entropy is stated in bits. When a password has n-bits of guessing entropy then an attacker has as much difficulty guessing the average password as in guessing an n-bit random quantity. The attacker is assumed to know the actual password frequency distribution. HackerA hacker is a expert programmer who uses computer systems to gain unauthorized access to a computer system. The mainstream usage of "hacker" mostly refers to computer criminals who gathers information on computer security flaws and breaks into computers without authorization. Handshaking ProceduresHandshaking procedures are the dialogue between two information systems for synchronizing, identifying, and authenticating themselves to one another. Hard Copy KeyA hard copy key is physical keying material, such as printed key lists, punched or printed key tapes, or programmable, read-only memories. Hard diskThe permanent storage medium within a computer that uses magnetic storage to store and retrieve digital information, programs and data. HardwareHardware is the physical components of an information system. Hardwired KeyA hardwired key is a permanently installed key. Hash FunctionA Hash Function is a function that i