CyberSecurity Terms
CYBERSECURITY: Strategy, policy, standards, and procedures for protecting information assets by identifying and responding to threats to information that is processed, stored, or transported electronically.
ATTACK: An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity. The intentional act of attempting to bypass one or more security services or controls of an information system.
BRING YOUR OWN DEVICE (BYOD): The use of personally owned mobile devices such as smartphones or tablets in the workplace.
Chief Information Security Officer (CISO) ‐ The person in charge of information security within the enterprise.
Chief Security Officer (CSO) ‐ The person usually responsible for all security matters both physical and digital in an enterprise.
Data Breach ‐ An unauthorized access, movement, or disclosure of sensitive information by an actor or to a recipient who does not have authority to access the information. Sometimes referred to as a "data spill".
Disaster Recovery Plan (DRP) ‐ A set of human, physical, technical, and procedural resources that allow the recovery of an IT system in the event of a disruption or disaster.
Disruption ‐ An event causing unplanned interruptions in operations of IT systems.
Event ‐ An observable occurrence in an information system or network, which may provide an indication that the occurrence is actually an Incident.
Hacker ‐ Anyone who attempts to or gains access to an information system without authorization. Frequently used for individuals violating security policies to access systems for malicious reasons or personal gain.
Incident ‐ An adverse Event that results in or could result in adverse consequences to an information system or the information stored on the system, and it may require a Response to mitigate the consequences.
Intrusion ‐ An unauthorized act of bypassing the security mechanisms of a network or information system.
Threat ‐ Something that could cause harm to a system or organization. A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society. Includes an individual or group of individuals, entity such as an organization or a nation), action, or occurrence.
TYPES OF THREATS
Advanced Persistent Threat (APT) ‐ A threat from a sophisticated adversary with control over sufficient resources to allow the adversary to create multiple attack vectors (cyber, physical and deception) simultaneously, where the adversary pursues the objective repeatedly or continuously over an extended period of time, adapting to a defender's efforts to block the attack and maintains the level of interaction with the system needed to execute its objectives.
Backdoor ‐ A tool installed by an attacker during or after an attack to give the attacker easier access to the compromised system in the future, by passing any security mechanisms that are in place. A means of regaining access to a compromised system by installing software or configuring existing software to enable remote access under attacker‐defined conditions
Brute Force Attack ‐ Repeatedly trying all possible combinations of passwords or encryption keys until the correct one is found.
Bot ‐ Malicious logic surreptitiously introduced into a computer or a network where the logic is under the control of a remote administrator. A larger collection of compromised computers known as a botnet. Synonym: zombie
Denial of Service ‐ An attack that prevents or impairs the authorized use of system resources or services by flooding the system with so many requests it becomes overwhelmed and may stop operating altogether or operate at a significantly reduced speed.
Dictionary Attack ‐ An attack that tries all of the phrases or words in a dictionary (or in a predefined list), to crack a password or key.
Distributed Denial of Service ‐ A denial of service technique that uses numerous systems to perform the attack simultaneously.
Exfiltration ‐ The unauthorized transfer of data out of a system.
Exploit ‐ A technique to breach the security of a system or network in violation of security policy.
Honey pot ‐ Programs simulating a network service (or services) designated on your computer's ports. The attacker assumes the system is running vulnerable services that can be used to break into the machine, and instead it allows you to log access attempts to those ports including the attacker's keystrokes. The information can help provide advanced warning of a more concerted attack.
Insider Threat ‐ One or more persons in an organization who pose a risk of violating security policies or of accessing information and exploiting the vulnerabilities of the system with the intent to cause harm.
Keylogger ‐ Software or hardware that tracks keystrokes and keyboard events, usually surreptitiously / secretly.
Malware ‐ Software that compromises the operation of a system by performing an unauthorized function or process that is most often used to cause damage to or obtain information from a computer system without the owner's consent. Common types include viruses, worms, Trojan horses, spyware, and adware.
Outside Threat ‐ A person or group of persons external to an organization who are not authorized to access its assets and pose a potential risk to the organization and its assets.
Passive Attack ‐ An attack that attempts to learn from or make use of data in the system, but does not attempt to alter the system, its resources, its data, or its operations.
Phishing ‐ A digital form of social engineering designed to deceive individuals into providing sensitive information. This is a type of e-mail attack that attempts to convince a user that the originator is genuine, but with the intention of obtaining information for use in social engineering. Alternative attacks may seek to obtain apparently innocuous business information, which may be used in another form of active attack.
Spear Phishing ‐ An attack where social engineering techniques are used to masquerade as a trusted party to obtain important information such as passwords from the victim
Spoofing ‐ Faking the sending address of a transmission to gain unauthorized and possibly illegal entry into a secure system.
Spyware ‐ Software that monitors a computer user’s actions (e.g., web sites visited) and reports these actions to a third party, without the informed consent of that machine’s owner or legitimate user.
Supply Chain Threat ‐ A threat implemented by exploiting the systems of a target's supply chain vendors.
Threat actor ‐ An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities. Synonym: threat agent
Trojan horse ‐ A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.
Virus ‐ A computer program, usually containing destructive code, that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer.
Worm ‐ A self‐replicating, self‐propagating, self‐contained program that uses networking mechanisms to spread itself.
Preventative Efforts
Acceptable Use Policy ‐ A policy that establishes the ranges and scope of use that are approved for a system and to which all users must agree before gaining access to the system.
Access rights ‐ The permission or privileges granted to users, programs or workstations to create, change, delete or view data and files within a system, as defined by rules established by data owners and the information security policy
Antispyware ‐ A program for detecting, blocking or removing forms of spyware.
Antivirus Software ‐ A program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents.
Authorization ‐ A process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource. The process or act of granting access privileges or the access privileges as granted.
Behavior Monitoring ‐ Observing activities of users, information systems, and processes and measuring the activities against organizational policies and rule, baselines of normal activity, thresholds, and trends.
Biometrics ‐ Physical characteristics such as thumbprints or hand prints used to determine authorized access.
Blue Team ‐ A group that defends an enterprise's information systems against the Red Team (attackers) in a mock attack.
Business Continuity Plan (BCP) ‐ A Business Continuity Plan is a written plan that documents the expected emergency response, backup operations, and post‐disaster recovery steps that have been selected to help ensure the availability of critical resources in an emergency situation.
Computer Emergency Response Team (CERT) ‐ A group of people with clear lines of reporting and responsibilities who act as a single point of contact for all incidents and issues related to information systems and who remain on standby to provide support in case of an information systems emergency.
Cyber Exercise or Operational Exercise or Tabletop Exercise ‐ A planned event during which an organization simulates a cyber disruption to develop or test capabilities such as preventing, detecting, mitigating, responding to, or recovering from the disruption. These tests should be designed to ensure the adequacy of an incident response plan, a business continuity plan, and a disaster recovery plan as well as the common understanding of all team members.
DISASTER RECOVERY SITE
🚀Hot site. Fully redundant hardware and software, with telecommunications, telephone and utility connectivity to continue all primary site operations within minutes or hours following a disaster. The system includes frequent (often daily) synchronization of data) The most expensive disaster recovery option.
🚀Warm site. Partially redundant hardware and software, with telecommunications, telephone and utility connectivity to continue some, but not all primary site operations, to continue all covered operations within hours or days following the disaster. Synchronization of data usually happens daily or weekly. Offsite data backup tapes must be obtained and delivered to the warm site to restore operations.
🚀Cold site. Hardware is ordered, shipped, and installed, and software is loaded. Basic telecommunications, telephone and utility connectivity exist but may need to be turned on to continue some, but not all primary site operations. After a disaster, relocation takes weeks or longer, depending on hardware arrival time. There is no synchronization of data between the sites, and significant data loss could occur. Offsite data backup tapes must be obtained and delivered to the cold site to restore operations. A cold site is the least expensive option.
FIREWALL‐ A hardware or software device that has the capability to limit network traffic between networks and/or information systems according to a set of predetermined rules.
Information Security Policy ‐ An aggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information.
Intrusion Detection System (IDS) ‐ Program or device used to detect that an attacker is attempting or has attempted unauthorized access to computer resources.
Intrusion Prevention System (IPS) ‐ Intrusion detection system that also blocks unauthorized access when detected.
Patch ‐ Fixes to software programming errors and vulnerabilities.
Patch Management ‐ Acquiring, testing, and installing multiple patches (code changes) to software or a computer system in order to maintain up‐to‐date software and often to address security risk.
Penetration Testing / Pen Test ‐ A live test of the effectiveness of security defenses through mimicking the actions of real‐life attackers
Red Team ‐ An exercise, reflecting real‐world conditions, that is conducted as a simulated attempt by an adversary to attack or exploit vulnerabilities in an enterprise's information systems.
Risk Assessments ‐ Collecting information and assigning values to identified risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making.
Security Policy ‐ An established rule or set of rules that govern the acceptable use of an organization's information and services to maintain an acceptable risk level and to protect the organization's information assets.
Supply Chain Risk Management ‐ The process of identifying, analyzing, and assessing risk introduced by the information systems of a target's supply chain risk.
Threat Analysis ‐ Evaluation of the characteristics of individual threats.
Threat Assessment ‐ Identifying or evaluating entities, actions, or occurrences, that have or indicate the potential to cause harm.
Two‐Factor Authentication ‐ Obtaining evidence of identity by two independent means, such as knowing a password and successfully completing a smartcard transaction.
White Team ‐ A group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of information systems.
INCIDENT RESPONSE
Attack Pattern ‐ Similar cyber events or behaviors that may indicate a particular type of attack has occurred or is occurring.
Attack Signature ‐ A characteristic or distinctive pattern of an attack that can be identified and used to match one attack to others.
Digital Forensics / Forensics ‐ Specialized techniques for collecting, processing, preserving, retaining, analyzing, and presenting gathering, retaining, and analyzing system‐related digital evidence for investigative purposes.
Incident Management ‐ Management and coordination of activities associated with an Event.
Incident Response or Response ‐ Activities addressing short term, direct effects of an Incident which may also help support short-term Recovery efforts.
Incident Response Plan ‐ A set of predetermined, documented procedures to detect and respond to a cyber incident.
Recovery ‐ The activities occurring after an Incident or Event that are necessary to restore essential business services and operations.
Situational Awareness ‐ Knowledge that the incident response team seeks that includes understanding the current and developing security posture and risks associated with a system and the current risk assessment, based on information gathered, observation and analysis, and knowledge or experience.
OTHER GEEKY TERMS
Air‐Gap ‐ Physical separation or isolation of a portion of the system from other parts of the system or network.
Cloud Computing ‐ A shared pool of resources available for provisioning and release through an on‐demand network with minimal management effort.
DMZ ‐ A screened or firewalled segment of a network that sits between the organization's internal network and external networks, such as the Internet. The DMZ is used for servers that need to be accessed by less trusted users or that must be accessible by external users.
Gateway ‐ A point in the network that allows entry into another network.
Payload ‐ The critical section of data in a transmission. In malware, the payload is the section of the transmitted data that contains the harmful data or code.
Proxy Server ‐ Server that acts as an intermediary between users and others servers, validating user requests.
Router ‐ Device that directs messages within or between networks Server ‐ Computer that provides data or services to other computers over a network
Virtual Private Network (VPN) ‐ Link(s) between computers or local area networks across different locations using a wide area network that cannot access or be accessed by other users of the wide area network.
Zero‐Day‐Exploit ‐ A vulnerability in software that is exploited before the software vendor is aware of the vulnerability and there are no patches yet available to address the exploit. These often occur on the day that new versions of software are made available.