The Language of Cybersecurity
Key loggers
They are software programs or devices designed to secretly monitor and log all keystrokes.
Computer Emergency Response Team (CERT)
A computer emergency response team is a historic term for an expert group that handles computer security incidents.
Security Operations Center (SOC)
A security operations center is a centralized unit that deals with security issues on an organizational and technical level.
Internet Service Provider (ISP)
An Internet Service Provider (ISP) is the industry term for the company that is able to provide you with access to the Internet, typically from a computer.
MITRE Common Vulnerabilities and Exposures
CVE is a list of entries—each containing an identification number, a description, and at least one public reference—for publicly known cybersecurity vulnerabilities.
CIA Triad
Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies for information security within an organization.
Disaster Recovery Plan
Disaster Recovery involves a set of policies, tools and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster.
Ethical hacking
Ethical hacking is a structured hacking performed to expose vulnerabilities in a system, using tools and techniques with the organization's' knowledge
Hacktivism
Hacktivism is the act of misusing a computer system or network for a socially or politically motivated reason.
Cybersecurity Framework
Identify, Protect, Detect, Respond, Recover
Proxy server
In computer networking, a proxy server is a server application or appliance that acts as an intermediary for requests from clients seeking resources from servers that provide those resources.
Vulnerability
It's a flaw in a system that can expose the system to attack.
PII and PHI
PII is personally identifiable information and PHI is personal health information
Smishing
Phishing through texting
Network segmentation
Segmentation divides a computer network into smaller parts. The purpose is to improve network performance and security.
Third parties
Threats that are created from third party systems. This could be supply chain attacks, third-party vendor errors, and regulation issues.
Hacker
a person who uses computers to gain unauthorized access to data.
Protocols
a system of rules that allow two or more entities of a communications system to transmit information via any kind of variation of a physical quantity.
Procedural control
incident response processes, management oversight, security awareness and training;
Data
unauthorized access and retrieval of sensitive information by an individual, group, or software system
Data breach
unauthorized access and retrieval of sensitive information by an individual, group, or software system
Faraday Cage - an EMP pulse-proof environment
A Faraday cage or Faraday shield is an enclosure used to block electromagnetic fields.
Botnet
A botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service attacks, steal data, send spam, and allows the attacker to access the device and its connection.
CISO
A chief information security officer (CISO) is the senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.
Worm
A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers.
Cyber insurance policies
A cyber insurance policy, also referred to as cyber risk insurance or cyber liability insurance coverage (CLIC), is designed to help an organization mitigate risk exposure by offsetting costs involved with recovery after a cyber-related security breach or similar event.
Denial of Service Attack
A denial-of-service (DoS) attack occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor.
Master boot record
A master boot record is a special type of boot sector at the very beginning of partitioned computer mass storage devices like fixed disks or removable drives intended for use with IBM PC-compatible systems and beyond.
Digital device
A physical unit of equipment that contains a computer or microcontroller. Today, myriad devices are digital including a smartphone, tablet and smartwatch.
Port scanning
A port scanner is an application designed to probe a server or host for open ports. Such an application may be used by administrators to verify security policies of their networks and by attackers to identify network services running on a host and exploit vulnerabilities.
Risk Register
A risk register is a document used as a risk management tool and to fulfill regulatory compliance acting as a repository for all risks identified and includes additional information about each risk, e.g. nature of the risk, reference and owner, mitigation measures.
Router
A router is a networking device that forwards data packets between computer networks.
Signature
A signature, or digital signature, is a protocol showing that a message is authentic.
Vulnerability assessment
A vulnerability assessment is the process of identifying, quantifying, and prioritizing the vulnerabilities in a system
Zero-day
A zero-day vulnerability is a computer-software vulnerability that is unknown to those who should be interested in mitigating the vulnerability. Until the vulnerability is mitigated, hackers can exploit it to adversely affect computer programs, data, additional computers or a network.
Advanced Persistent Threats (APTs)
An advanced persistent threat is a stealthy threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period.
Electromagnetic pulse (EMP)
An electromagnetic pulse (EMP) and a geomagnetic disturbance (GMD) can damage significant portions of the Nation's critical infrastructure.
Intrusion Detection System (IDS)
An intrusion detection system is a device, or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically reported either to an administrator or collected centrally using a security information and event management system.
Intrusion Prevention Systems (IPS)
An intrusion prevention system (IPS) is a form of network security that works to detect and prevent identified threats.
Operating system
An operating system is system software that manages computer hardware, software resources, and provides common services for computer programs.
Authentication
Authentication is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicating a person or thing's identity, authentication is the process of verifying that identity.
Business Continuity Plan
Business continuity planning is the process of creating systems of prevention and recovery to deal with potential threats to a company. In addition to prevention, the goal is to enable ongoing operations before and during execution of disaster recovery.
Cyber risk
Cyber risk commonly refers to any risk of financial loss, disruption or damage to the reputation of an organization resulting from the failure of its information technology systems.
Disruption - realized risk
Cyber-attack and disruption is a hazardous threat arising from intentional or unintentional incidents that cause a breach in security, damage to digital devices and networks, or a network outage.
Control
Cybersecurity controls are the countermeasures that companies implement to detect, prevent, reduce, or counteract to security risks.
Cybersecurity
Cybersecurity is the protection of internet-connected systems such as hardware, software and data from cyber-threats. The practice is used by individuals and enterprises to protect against unauthorized access to data centers and other computerized systems.
DMZ
In computer security, a DMZ or demilitarized zone is a physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted, usually larger, network such as the Internet.
Honeypot
In computer terminology, a honeypot is a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems.
Trojan
In computing, a Trojan horse, or trojan, is any malware which misleads users of its true intent.
Firewall
In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
Cipher
In cryptography, a cipher is an algorithm for performing encryption or decryption—a series of well-defined steps that can be followed as a procedure.
Encryption
In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext.
Buffer overflow
In information security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations.
Script Kiddies
In programming and hacking cultures, a script kiddie, skiddie, or skid is an unskilled individual who uses scripts or programs, such as a web shell, developed by others to attack computer systems and networks and deface websites.
Incident Response
Incident response is an organized approach to addressing and managing the aftermath of a security breach or cyberattack, also known as an IT incident, computer incident or security incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
Industrial Control Systems
Industrial control system is a general term that encompasses several types of control systems and associated instrumentation used for industrial process control.
Kevin Mitnick
Kevin David Mitnick is an American computer security consultant, author, and convicted hacker. He is best known for his high-profile 1995 arrest and five years in prison for various computer and communications-related crimes.
Malware
Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network.
Multi-factor authentication
Multi-factor authentication is an electronic authentication method in which a computer user is granted access to a website or application only after successfully presenting two or more pieces of evidence to an authentication mechanism: knowledge, possession, and inherence.
Operational resilience
Operational resilience is the ability of an organization to continue to provide business services in the face of adverse operational events by anticipating, preventing, recovering from, and adapting to such events.
Outsourcing
Outsourcing is an agreement in which one company hires another company to be responsible for a planned or existing activity that is or could be done internally, and sometimes involves transferring employees and assets from one firm to another.
Patches and patch management
Patch management is the process that helps acquire, test, and install multiple patches on existing applications and software tools on a computer, enabling systems to stay updated on existing patches and determining what patches are the appropriate ones
Phishing
Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication.
Polymorphic malware
Polymorphic malware is a type of malware that constantly changes its identifiable features in order to evade detection.
Privileged Account or Access Management
Privileged access is a type of administrative or super-user access that allows for the full control of critical computer systems and applications anywhere, and at any time. It is a set of policies, processes and tools that protect, manage, and monitor privileged access, users, and credentials.
Public key encryption
Public-key cryptography, or asymmetric cryptography, is a cryptographic system that uses pairs of keys: public keys, which may be disseminated widely, and private keys, which are known only to the owner.
Quantum computing
Quantum computing is the use of quantum phenomena such as superposition and entanglement to perform computation. Computers that perform quantum computations are known as quantum computers.
Ransomware
Ransomware is a type of malware from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid.
Cybersecurity Attack Stages
Reconnaissance: Hackers begin by researching you or your company online—gathering names, titles, and email addresses of people who work for the organization. Weaponization: In this phase, the hacker uses the information that they gathered in the previous phase to create the things they will need to get into the network. Delivery: Phishing e-mails are sent to the people researched, or Watering Hole web pages are posted to the Internet and the attacker waits for all the data they need to start rolling in. Exploitation: As usernames and passwords arrive, the hacker tries them against web-based e-mail systems or VPN connections to the company network. Installation: If someone were to click on a link to a phishing email, the malicious software takes root or the malware inadvertently downloads. Command & Control: Once the malicious code has been installed, the hacker now has access to the entire network or administrator accounts. Action on objective: Now that the hacker is in control, they can extract whatever information they've been targeting.
Risk Analysis
Risk analysis is the process of identifying and analyzing potential issues that could negatively impact key business initiatives or projects. This process is done in order to help organizations avoid or mitigate those risks.
Risk Management
Risk management is the identification, evaluation, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.
Secure Configuration
Secure configuration refers to security measures that are implemented when building and installing computers and network devices in order to reduce unnecessary cyber vulnerabilities.
Tailgating
Social engineering attack where hackers trick employees into giving them unauthorized access to their systems - can be online and in-person
Spear Phishing
Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business.
STRIDE threat model (Microsoft)
Spoofing (impersonating something or someone else), Tampering (modifying data or code), Repudiation (claiming to have not performed an action), Information Disclosure (exposing information to someone not authorized to see it), Denial of Service (deny or degrade service to users), Elevation of Privilege (gain capabilities without proper authorization)
Spoofing
Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source.
Spyware
Spyware describes software with malicious behavior that aims to gather information about a person or organization and send such information to another entity in a way that harms the user
Cybersecurity and Infrastructure Security Agency (CISA)
The CISA is a standalone U.S. federal agency, an operational component under Department of Homeland Security oversight. It was established recently in November 2018, when President Trump signed into law the Cybersecurity and Infrastructure Security Agency Act The CISA leads the effort to enhance the security, resiliency, and reliability of the Nation's cybersecurity and communications infrastructure. It is essentially the Nation's risk advisor, working with partners to defend against today's threats, while collaborating to build more secure and resilient infrastructure for the future.
FAIR risk management
The FAIRTM quantitative risk analysis model defines the necessary building blocks for implementing effective cyber risk management programs. Being able to quantify cyber risk is at the core of any such program.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area.
Internet protocol (IP)
The Internet Protocol (IP) is a protocol, or set of rules, for routing and addressing packets of data so that they can travel across networks and arrive at the correct destination.
Internet of Things (IOT)
The Internet of Things describes the network of physical objects—"things"—that are embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the internet.
NIST
The National Institute of Standards and Technology (NIST) is a physical sciences laboratory and a non-regulatory agency of the United States Department of Commerce. FRAMEWORK: identify, protect, detect, respond, recover
Attack surface
The attack surface of a software environment is the sum of the different points where an unauthorized user can try to enter data to or extract data from an environment.
Attack vector
The path of the threat in impacting an asset.
Perimeter test
The perimeter is the border between one network and another. A security perimeter can be defined as placing the necessary safeguards at the end of a privately owned network to secure it from hackers
Social engineering
The practice of gaining access to a secure system by tricking insiders into giving away access. Often the first step in a social-engineering-driven attack is sending fake emails that appear to be very real (phishing).
Technical controls
The security controls for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system.
Risk
The term business risks refers to the possibility of a commercial business making inadequate profits due to uncertainties
Single point of accountability
This concept is that the person who has the authority to delegate something will hold one single individual accountable for the results.
Transport Layer Security (TLS) protocol
Transport Layer Security, or TLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet. A primary use case of TLS is encrypting the communication between web applications and servers, such as web browsers loading a website.
Vishing
Voice phishing is a form of criminal phone fraud, using social engineering over the telephone system to gain access to private personal and financial information for the purpose of financial reward. It is sometimes referred to as 'vishing' - a portmanteau of "voice" and phishing.
Dark web
Websites that are not indexed by search engines like Google and can only be accessed covertly. The Dark Web is usually used by individuals who want their dealings to remain purely anonymous. Also known as the Deep Web.
Default accounts
When an organization gives a user a temporary password/login that is often very simple and unsecure.
Host-based versus Network-based defense
While Network Based Firewall filters traffic going from Internet to secured LAN and vice versa, a host based firewall is a software application or suite of applications installed on a single computer and provides protection to the host.
Virus
a computer virus is a type of malicious code or program written to alter the way a computer operates and is designed to spread from one computer to another.
Defense in depth
a series of defensive mechanisms are layered in order to protect valuable data and information. If one mechanism fails, another steps up immediately to thwart an attack.
Data loss prevention (DLP)
a set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users
Red Teams, Blue Teams, and Black and White Hats
black hat: a hacker who hacks for personal gain and engages in illegal activities in the process. Often black hats sell information about security flaws they discover to the highest bidder; white hat: a hacker who hacks with the aim of patching vulnerabilities and protecting secure systems. White hats often hand over information about week spots in companies' defenses and software to the companies themselves so they can be fixed.
Singularity
is a hypothetical point in time at which technological growth becomes uncontrollable and irreversible, resulting in unforeseeable changes to human civilization.
Threat actors
is a participant (person or group) in an action or process that is characterized by malice or hostile action (intending harm) using computers, devices, systems, or networks.
Nonrepudiation
is the assurance that someone cannot deny the validity in something. It is widely used in information security to refer to a service, which provides proof of the origin and integrity of the data.