The following cyber security industry definitions and terminologies are part of a growing list of references used across multiple documents, product solutions, and discussion points.
access: The ability and means to communicate with or otherwise interact with a system, to use system resources to handle information, to gain knowledge of the information the system contains, or to control system components and functions.
access control: The process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities.
Access Point: An access point is a computer networking device which allows a Wi-Fi compliant device to connect to a wired network wireless. It usually connects via a router. It is frequently referred to as a WAP (wireless access point).
active attack: An actual assault perpetrated by an intentional threat source that attempts to alter a system, its resources, its data, or its operations.
alert: A notification that a specific attack has been detected or directed at an organization’s information systems.
antivirus: A program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents. Sometimes by removing or neutralizing the malicious code
APT (Advanced Persistent Threat): A security breach that enables an attacker to gain access or control over a system for an extended period of time usually without the owner of the system being aware of the violation. Often an APT takes advantage of numerous unknown vulnerabilities or zero day attacks, which allow the attacker to maintain access to the target even as some attack vectors are blocked.
attack: An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity.
attack signature: A characteristic or distinctive pattern that can be searched for or that can be used in matching to previously identified attacks.
authenticator/authenticity: A property achieved through cryptographic methods of being genuine and being able to be verified and trusted, resulting in confidence in the validity of a transmission, information or a message, or sender of information or a message./The way in which the identity of a user is confirmed.
authorization: A process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource.
availability: The property of being accessible and usable upon demand.
Backdoor: An alternative way to access software or hardware, typically unauthorized and implanted by intelligence agencies.
behavior monitoring: Observing activities of users, information systems, and processes and measuring the activities against organizational policies and rule, baselines of normal activity, thresholds, and trends.
blacklist: A list of entities that are blocked or denied privileges or access.
Blue Team: A group that defends an enterprise’s information systems when mock attackers (i.e., the Red Team) attack, typically as part of an operational exercise conducted according to rules established and monitored by a neutral group (i.e., the White Team).
Black hat: Hacking with malicious intent. Typically to gain access to a computer and steal as much data as possible.
Bot: A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under remote the command and control of a remote administrator.
bot master: The controller of a botnet that, from a remote location, provides direction to the compromised computers in the botnet.
Botnet: A collection of computers compromised by malicious code and controlled across a network.
Breach: The moment a hacker successfully exploits a vulnerability in a computer or device, and gains access to its files and network.
Brute force: When an attacker inputs many passwords in the hope that it is eventually guessed correctly.
Bug: An unexpected and relatively small defect, fault, flaw, or imperfection in an information system or device.
Build In Security: A set of principles, practices, and tools to design, develop, and evolve information systems and software that enhance resistance to vulnerabilities, flaws, and attacks.
Captcha: A test that distinguishes between robots and humans using a website where you have to “prove you’re human”.
Catfishing: Creating a fake identity on a social network account, usually a dating website, to target a specific victim for deception.
Ciphertext: Data or information in its encrypted form.
Clickjacking: A malicious technique by which a victim is tricked into clicking on a URL, button or other screen object other than that intended by or perceived by the user
cloud computing: A model for enabling on-demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
Cloud Security: The strategies and policies used to protect data applications and cloud system apps.
CND (Computer Network Defense): The actions taken to defend against unauthorized activity within computer networks.
confidentiality: A property that information is not disclosed to users, processes, or devices unless they have been authorized to access the information.
Cookie: A segment of data sent by an Internet server to the browser that is returned to the browser every time it accesses the server. This is used to identify the user or track their access to the server
Cracker: The proper term to refer to an unauthorized attacker of computers, networks and technology instead of the misused term “hacker.”
CVE (Common Vulnerabilities and Exposures): An online database of attacks, exploits and compromises operated by the MITRE organization for the benefit of the public
Cryptanalysis: The operations performed in defeating or circumventing cryptographic protection of information by applying mathematical techniques and without an initial knowledge of the key employed in providing the protection.
Cryptography: The use of mathematical techniques to provide security services, such as confidentiality, data integrity, entity authentication, and data origin authentication.
Crypto jacking: A hacking attack that makes the device mine cryptocurrency, in addition to its normal use.
cyberespionage: The unethical act of violating the privacy and security of an organization in order to leak data or disclose internal/private/confidential information
Cybersecurity: The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation.
Data Administration: Develops and administers databases and/or data management systems that allow for the storage, query, and utilization of data.
data breach: The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information.
Data Encryption: Transforming data in such a way that only approved parties can decrypt and access it.
data loss: The result of unintentionally or accidentally deleting data, forgetting where it is stored, or exposure to an unauthorized party.
data loss prevention: A set of procedures and mechanisms to stop sensitive data from leaving a security boundary.
decipher: To convert enciphered text to plain text by means of a cryptographic system.
denial of service DOS: An attack that prevents or impairs the authorized use of information system resources or services.
digital forensics: The processes and specialized techniques for gathering, retaining, and analyzing system-related data (digital evidence) for investigative purposes.
digital signature: A value computed with a cryptographic process using a private key and then appended to a data object, thereby digitally signing the data.
distributed denial of service DDOS: A denial of service technique that uses numerous systems to perform the attack simultaneously
Domain: A group of computers, printers and devices that are interconnected and governed as a whole
DMZ (Demilitarized Zone): A segment or subnet of a private network where resources are hosted and accessed by the general public from the Internet
electronic signature: Any mark in electronic form associated with an electronic document, applied with the intent to sign the document.
Ethical Hacking: The practice of locating vulnerabilities and weaknesses in information systems and computers by duplicating the actions and intent of malicious hackers who seek to bypass security and search for gaps in systems that can be exploited.
event: An observable occurrence in an information system or network.
Exploit: A technique to breach the security of a network or information system in violation of security policy.
Failure: The inability of a system or component to perform its required functions within specified performance requirements.
firewall: A capability to limit network traffic between networks and/or information systems.
Firmware: Code that is embedded into the hardware of a computer.
Hacker: A cyber attacker who uses software and social engineering methods to steal data and information.
hash value: A numeric value resulting from applying a mathematical algorithm against a set of data such as a file.
hashing: A process of applying a mathematical algorithm against a set of data to produce a numeric value (a ‘hash value’) that represents the data.
honeypot: A trap or decoy for attackers. A honeypot is used to distract attackers in order to prevent them from attacking actual production systems
ICT supply chain threat: A man-made threat achieved through exploitation of the information and communications technology (ICT) system’s supply chain, including acquisition processes.
identity and access management: The methods and processes used to manage subjects and their authentication and authorizations to access specific objects.
Identity check: Confirmation of someone’s identity, either using a password or a fingerprint.
Identity Theft: The deliberate use of someone else’s identity, typically for financial gain.
impact: consequence
incident: An occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences.
incident response: The activities that address the short-term, direct effects of an incident and may also support short-term recovery.
indicator: An occurrence or sign that an incident may have occurred or may be in progress.
information assurance: The measures that protect and defend information and information systems by ensuring their availability, integrity, and confidentiality.
information security policy: An aggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information.
Information Technology: Also referred to as IT, the study or use of computers and telecommunications to store, retrieve, transmit, or send data.
inside(r) threat: A person or group of persons within an organization who pose a potential risk through violating security policies.
integrity: The property whereby information, an information system, or a component of a system has not been modified or destroyed in an unauthorized manner.
Intrusion: An unauthorized act of bypassing the security mechanisms of a network or information system.
IDS (Intrusion Detection System): A security tool that attempts to detect the presence of intruders or the occurrence of security violations in order to notify administrators, enable more detailed or focused logging or even trigger a response such as disconnecting a session or blocking an IP address.
IPS (Intrusion Prevention System): A security tool that attempts to detect the attempt to compromise the security of a target and then prevent that attack from becoming successful
IP address: Also known as an Internet Protocol address, is the string of numbers used to identify each computer using the internet on a network.
Kernel: The core of a computer’s operating system that houses the most essential functions of the computer
key: The numerical value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification.
keylogger: Software or hardware that tracks keystrokes and keyboard events, usually surreptitiously / secretly, to monitor actions by the user of an information system.
Least Privilege: Least Privilege is the security principle of allowing users the least amount of permissions necessary to perform their intended function.
Link State: Link-state routing protocols are one of the two main classes of routing protocols for computer communications.
macro virus: A type of malicious code that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute, replicate, and spread or propagate itself.
malicious code: Program code intended to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system.
malware: Software that compromises the operation of a system by performing an unauthorized function or process.
Metadata: Seemingly harmless impersonal data, like how many times a user clicked or refreshed the page when visiting a website.
mitigation: The application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences.
moving target defense: The presentation of a dynamic attack surface, increasing an adversary’s work factor necessary to probe, attack, or maintain presence in a cyber target.
network resilience: The ability of a network to: (1) provide continuous operation (i.e., highly resistant to disruption and able to operate in a degraded mode if damaged); (2) recover effectively if failure does occur; and (3) scale to meet rapid or unpredictable demands.
non-repudiation: A property achieved through cryptographic methods to protect against an individual or entity falsely denying having performed a particular action related to data.
NSA: Stands for the National Security Agency and is the official United States cryptologic organization under the Department of Justice. Responsible for global monitoring, collection, and processing of information and data for both foreign and domestic intelligence.
object: A passive information system-related entity containing or receiving information.
Open source: Software that has their code listed as free to use, share, and modify.
outside(r) threat: A person or group of persons external to an organization who are not authorized to access its assets and pose a potential risk to the organization and its assets.
OWASP (Open Web Application Security Project): An Internet community focused on understanding web technologies and exploitations
packet sniffing: The act of collecting frames or packets off of a data network communication. This activity allows the evaluation of the header contents as well as the payload of network communications.
passive attack: An actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations.
password: A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization.
Patch: An update or change or an operating system or application
penetration testing: An evaluation methodology whereby assessors search for vulnerabilities and attempt to circumvent the security features of a network and/or information system.
Personal Identifying Information / Personally Identifiable Information: The information that permits the identity of an individual to be directly or indirectly inferred.
phishing: A digital form of social engineering to deceive individuals into providing sensitive information.
Plugins: Customizable additions to software for extra functionality.
Port Scan: A port scan is a sequence of messages sent by an attacker attempting to break into a computer. Port scanning provides the attacker an idea where to probe for weaknesses. A port scan consists of sending a message to each port, one at a time.
privacy: The assurance that the confidentiality of, and access to, certain information about an entity is protected.
private key: A cryptographic key that must be kept confidential and is used to enable the operation of an asymmetric (public key) cryptographic algorithm.
PKI (Public Key Infrastructure): A security framework (i.e. a recipe) for using cryptographic concepts in support of secure communications, storage and job tasks. A PKI solution is a combination of symmetric encryption, asymmetric encryption, hashing and digital certificate-based authentication.
Private data: Data that is used to identify you, like your name, address, phone number, or Social Security Number.
public key: A cryptographic key that may be widely published and is used to enable the operation of an asymmetric (public key) cryptographic algorithm.
Ransomware: A form of malware used to threaten victims by blocking, publishing, or corrupting their data unless the ransom is paid.
Recovery: The activities after an incident or event to restore essential services and operations in the short and medium term and fully restore all capabilities in the longer term.
redundancy: Additional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process.
resilience: The ability to adapt to changing conditions and prepare for, withstand, and rapidly recover from disruption.
response: The activities that address the short-term, direct effects of an incident and may also support short-term recovery.
risk: The potential for an unwanted or adverse outcome resulting from an incident, event, or occurrence, as determined by the likelihood that a particular threat will exploit a particular vulnerability, with the associated consequences.
Role Based Access Control: Role based access control (RBAC) assigns users to roles based on their organizational functions and determines authorization based on those roles. It is used by enterprises with more than 5 employees and can implement mandatory access control (MAC) or discretionary access control (DAC).
rootkit: A set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges, and conceal the activities conducted by the tools.
Sandboxing: An effort to increase security by isolating processes and browser tabs from one another and the rest of the computer.
SCADA (Supervisory Control and Data Acquisition): A complex mechanism used to gather data and physical world metrics as well as perform measurement or management actions of the monitored systems for the purposes of automatic large complex real-world processes such as oil refining, nuclear power generation or water filtration
Script: A simple form of code for software that can be written in word editors.
secret key: A cryptographic key that is used for both encryption and decryption, enabling the operation of a symmetric key cryptography scheme.
security automation: The use of information technology in place of manual processes for cyber incident response and management.
security perimeter: The boundary of a network or private environment where specific security policies and rules are enforced. The systems and users within the security boundary are forced into compliance with local security rules while anything outside is not under such restrictions.
security policy: A rule or set of rules that govern the acceptable use of an organization’s information and services to a level of acceptable risk and the means for protecting the organization’s information assets.
SHA1: “Secure Hash Algorithm 1 (SHA-1) is a cryptographic hash function designed by the United States National Security Agency and is a U.S. Federal Information Processing Standard published by the United States NIST.
Shell: Shell is a Unix term for the interactive user interface with an operating system. The shell is the layer of programming that recognizes and executes the commands that a user enters.
Social Engineering: The act of taking advantage of human trust to gain access to private information. This can be done as easily as calling a number and asking for it.
software assurance: The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner.
spam: The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.
Spoofing: Faking the sending address of a transmission to gain illegal [unauthorized] entry into a secure system.
spyware: Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.
SSL Certificate: Standing for Secure Sockets Layer certificate, this authenticates the identity of a website and encrypts the information sent to the server using secure technology.
threat: A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society.
threat assessment: The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations, and/or property.
ticket: In access control, data that authenticates the identity of a client or a service and, together with a temporary encryption key (a session key), forms a credential.
Traceroute (tracert.exe): Traceroute is a tool the maps the route a packet takes from the local machine to a remote destination.
Transport Layer Security (TLS): It is a protocol that ensures privacy between communicating applications and the users on the Internet. When a server and client communicate, TLS ensures that no third party may overhear or tamper with any message.
Triple DES Triple DES (3DES): is the common name for the Triple Data Encryption Algorithm (TDEA or Triple DEA) symmetric-key block cipher, which applies the Data Encryption Standard (DES) cipher algorithm three times to each data block.
Trojan horse: A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.
Trusted Certificate: A Trusted Certificate is any digital certificate that a certificate user accepts as being valid without testing the certificate to validate it as the final certificate on a certification path; especially a certificate that is used as a trust anchor certificate.
Tunnel: A Tunnel is a communication channel that is created in a computer network by encapsulating a protocol’s data packets in a different type of protocol. The purpose is to move data between computers that use a protocol not supported by the network connecting them.
Two Factor Authentication: Attaching a phone number or email address to an account for heightened security.
unauthorized access: Any access that violates the stated security policy
UTM/USM: Unified Threat Management/Unified Security Management is a solution in the network security industry, and since 2 4 it has become established as a primary network gateway defense solution for organizations. In theory, UTM is the evolution of the traditional firewall into an all appliance reporting
Virtual Private Network: Also known as a VPN it allows you to create a secure connection to another network using the internet.
virus: A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer.
vulnerability: A characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard.
Vulnerability Assessment: A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in the information technology system.
whitelist: A list of entities that are considered trustworthy and are granted access or privileges.
worm: A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.
Zero-day exploit: A previously unknown, bug, flaw, or backdoor in software. An attack happens once this flaw is exploited and attackers release malware before the flaw can be patched.
Zombie: A term related to the malicious concept of a botnet. The term zombie can be used to refer to the system that is host to the malware agent of the botnet or to the malware agent itself
