A backdoor bypasses normal security authentications to enter a system. Backdoors are created by developers to speed access through security during the development phase. When they are not properly removed during final implementation, hackers can use backdoors to bypass security implementations and threaten the security of the system.

Malware, Adware and Spyware.

Bandwidth is the volume of information that can pass through a network for a given period. It specifies the capacity of the communciation channel, and is usually measured in bits per second.

A banner is a display on an information system that sets the parameters for system or data use.

Banner grabbing is the process of grabbing banner information such as the application type and version. This information is then transmitted by a remote port when a connection is initiated.

Baseline security is the minimum set of security controls required for safeguarding an IT system. Baseline security is based upon a system's identified needs for confidentiality, integrity and availability protection.

A Bastion is a system of high level of security protection that offers very strong protection against attacks.

A bastion host is a special services computer on a network that is designed to withstand attacks.

A Behavioral outcome is what an individual who has completed a specific training module is expected to accomplish on regular IT security job performance.

Biometrics is a type of security system, which uses unique physiological characteristics of a person such as fingerprints, DNA, hair for identification purposes.

A bit error rate is the ratio between the number of bits incorrectly received and the total number of bits transmitted in a telecommunications system.

A black core is a communication network architecture in which user data traversing a global internet protocol (IP) is end-to-end encrypted at the IP layer.

A Black Hat Hacker is the “bad guy” who violates computer security for little reasons beyond maliciousness or personal gain. Black Hat Hackers may share information about the hack with other black hats so that the same vulnerabilities can be exploited before the victim becomes aware and takes appropriate measures.

A form of filtering that blocks only websites specified as harmful. Parents and employers sometimes use such software to prevent children and employees from visiting certain blacklisted websites."

A blended attack is a hostile action with the intent of spreading malicious code.

A blended threat is a computer network attack that tries to maximize the severity of damage by combining various attack methods. combine the characteristics of viruses, worms, trojan horses, and malicious code with system and internet vulnerabilities to initiate, transmit and spread an attack.

A Block Cipher algorithm is a family of functions and their inverses parameterized by a cryptographic key in which the function map bit strings of a fixed length to bit strings of the same length.  It is a method used to cipher text, information by encrypting data in blocks, strings, or group at a time rather encrypting individual bits.

A Block cipher algorithm is a family of functions parameterized by a cryptographic key. The function map bit strings of a fixed length to bit strings of the same length.

A bot is a software “robot” that performs an extensive set of automated tasks on its own. Search engines like Google use bots, also known as spiders, to crawl through websites in order to scan and rank pages.When black hats use a bot, they can perform an extensive set of destructive tasks, as well as introduce many forms of malware to your system or network. They can also be used by black hats to coordinate attacks by controlling botnets.

A botnet is a remote network of zombie drones under the control of a black hat. Attackers use various malware and viruses to take control of computers to form a botnet (robotic network), which will send further attacks such as spam and viruses to target computers or networks. Most often, the users of the systems will not even know they are involved.

A bridge is an electronic device that connects two networks such as LAN that uses the same protocol such as Ethernet or Token Ring, and creates two distinct LAN's or Wide Area Networks. Operating at the Data Link Layer of the Open System Interconnect model, bridges have the ability to filter the information and can pass such information to the right nodes, or decide not to pass any information. They also help in streamlining or reducing the volume of traffic on a LAN by dividing the data into two segments.

A Broadcast is a process of transmitting the same message to multiple users simultaneously without the need for acknowledgement from users.

Brute Force is a computing method that relies on strong algorithms and computing techniques to find the ultimate solution to a given issue.

A Brute Force Attack is the process of finding the solution by trying many probable variants of information such as passwords, deciphered keys, randomly.

A Buffer Overflow is a type of programmatic flaw, when a program tries to store excess overload of data to a buffer than it can hold. Since there is a limit on how much data a buffer can hold, any surplus data overflows to the adjoining buffers. This causes data stored in those buffers to be overwritten, and triggering unpredictable consequences.

Business Continuity Management refers to preparing for and maintaining continued business operations following disruption or crisis.

A Business Continuity Plan, also known as business emergency plan, offers safeguards against a disaster, and outlines the strategies, action plan on how to continue business as usual in the event of any disaster.

A Business Impact Analysis is the process of evaluating and identifying risks and threats that a business might face in the event of an accident, disaster, or an emergency. It evaluates the possible risk to tangible and intangible assets such as personal, infrastructure, data and goodwill. In addition, it offers steps needed to recover from any such disasters.

C2 is a computer security class defined in the Trusted Computer System Evaluation Criteria.

C2 Infrastructure Data consists of domains, IP addresses, protocol signatures, email addresses, payment card data, etc.

A Central Services Node is the Key Management Infrastructure core node that provides central security management and data management services.

In cryptography, a certificate authority is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate.

Certificate Management is the process in which certificates are generated, used, transmitted, loaded and destroyed.

A Certificate Revocation List is an independent third party that verifies the online identity of an entity. They issue digital certificates that contains information about the owner of the certificate and details of the certificates, thus verifying the identity of the owner.

A Chain of Custody is a chronological documentation of how electronic evidence is handled and collected. It also contains information on how has access to it.

The chain of evidence shows who obtained the evidence, where the evidence came from, also who secured, had control and possession of the evidence. The chain of evidence goes in the following order: collection and identification; analysis; storage; preservation; presentation in court; return to owner.

Challenge Response Protocol is a authentication protocol, where the verifier sends the user a challenge. When the challenge is solved with a private key operation, access is then allowed.

A payment card transaction where the supplier initially receives payment but the transaction is later rejected by the cardholder or the card issuing company. The supplier's account is then debited with the disputed amount.

A Numerical value that helps to check if the data transmitted is the same as the data stored and that the recipient has error free data. It is often the sum of the numerical values of bits of digital data stored, this value should match with the value at the recipients end, and a mismatch in the value indicates an error.

A Chief Information Security Officer is a senior level executive of an organization entrusted with the responsibilities of protecting the information assets of the businesses and making sure that the information policies of the organization align with the objectives of the organization.

A Chief Security Officer is an executive of the company with assigned responsibility to protect assets such as the infrastructure, personnel, including information in digital and physical form.

In cryptography, a cipher is an algorithm for performing encryption or decryption of code. This process encrypts data into code, or decipher the code to a required key.

Cipher Text is data converted from plain text into code using algorithm, making it unreadable without the key.

Ciphony is the process of enciphering audio information with the result of encrypted speech.

A claimant is the party who needs to be identified via an authentication protocol.

A policy that directs all personnel to clear their desks at the end of each working day, and file everything appropriately. Desks should be cleared of all documents and papers, to ensure that sensitive papers and documents are not exposed to unauthorized persons outside of working hours.

Clear Screen Policy is a policy that directs all computer users to ensure that the contents on screen are protected from prying eyes. The easiest way is to use a screen saver that engages either on request or after a specified short period of time.

Cleartext is data in ASCII format or data that is not coded or encrypted. All applications and machines support plain text.

The Clinger–Cohen Act (CCA), formerly the Information Technology Management Reform Act of 1996 (ITMRA), is a 1996 United States federal law, designed to improve the way the federal government acquires, uses and disposes information technology (IT).

Cloud Computing is a platform that utilizes shared resources rather than a local server to access information. Information is stored on, and can be retrieved form the cloud or internet. Cloud computing allows remote sharing of files, data and facilitates remote working, as long as users are connected to the internet.

A cold site is a backup site that can became operational fairly quickly, usually in one or two days. A cold site might have all the standard office things such as furniture and telephones, however there is unlikely to be any computer equipment in a cold site. Basically, a cold site is a backup facility ready to receive computer equipment should it need to move to an alternate location.

A collision is a situation where two or more devices try sending requests or transmit data to the same device at the same time.

Common text is a series of requirements defined by the International Organization for Standardization, that are being incorporated in all management system International Standards as they are revised.

Compartmentalization is a technique of protecting confidential information by revealing it only to a few people, to those who actually need to know the details to perform their job. Thus, by restricting access to information, data the risk to business objectives is limited.

Compliance is the act of adhering to the set standards, rules, and laws of regulatory bodies and authorities. For example, in software, installation process abides by the vendor license agreement.

A Compliance Document is a document detailing the actions required to comply or adhere to the set standards by regulatory bodies. Any violations of the said rules attract punitive actions from the regulatory bodies.

A compromise is the violation of the company's system security policy by an attacker. It can result in the modification, destruction or theft of data.

Computer crime refers to form of illegal act involving electronic information and computer equipment.

Computer Forensics is the process of analyzing computer devices which are suspected for crime, with the aim of gathering evidence for presentation in a court of law. Computer forensics offer many tools for investigation and analysis to find out such evidence.

Computer fraud is a computer crime that an intruder commits to obtain money or something of value from a company. Computer fraud can involve the modification, destruction, theft or disclosure of data. Often, all traces of the crime are covered up.

Confidentiality ensures that rules are set that places restrictions on access to, or sharing of information with the aim of preserving and protecting the privacy of the information.

A darknet is a private file sharing network where connections are made only between trusted peers using non-standard protocols and ports. Darknets networks are anonymous, and therefore users can communicate with little fear of governmental or corporate interference.

A data asset is any entity that is comprised of data; for example, a database is an example of a data asset. A system or application output file, database, document, or Web page are also considered data assets. Data assets can also be a service that may be provided to access data from an application.

Data Classification is a data management process that involves of categorizing and organizing data into different classes based on their forms, types, importance, sensitivity, and usage in an organization.

A Data Custodian is an executive of an organization entrusted with the responsibilities of data administration, as such protecting and safeguarding data is the primary responsibility of Data custodian.

Data disclosure is a breach where where it is confirmed that data is disclosed to an unauthorized party.

A data element is a basic unit of information that has a unique meaning and subcategories (data items) of distinct value. Gender, race, and geographic location are all examples of data elements.

A Data Encryption Standard is a form of algorithm to convert plain text to a cipher text. Data Encryption Standard uses the same key to encrypt and decrypt the data, and hence it is a symmetric key algorithm.

Data flow control is another term for information flow control.

A data historian is centralized database supporting data analysis using statistical process control techniques.

Data Leakage is the accidental or intentional transfer and distribution of private and confidential information of an organization without its knowledge or the permission.

A Data Owner is an executive entrusted with the data accuracy and integrity in an organization. Such an individual has complete control over data, and can limit the access of data to people and assign permissions.

Data Retention is the process of storing and protecting data for historical reasons and for data back up when needed. Every organization has its own rules governing data retention within the organization.

Data Server is a computer or program that provides other computers with access to shared files over a network.

The Data Transfer Device (DTD) is an electronic fill device designed to replace the existing family of common electronic fill devices.

A database is a systematic collection and organization of information so that information can be easily stored, retrieved, and edited for future use.

DC Servo Drive is a type of drive that works specifically with servo motors. It transmits commands to the motor and receives feedback from the servo motor resolver or encoder.

Distributed denial of service is a type of DOS attack where multiple compromised systems, which are often infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) attack. It is analogous to a group of people crowding the entry door or gate to a shop or business, and not letting legitimate parties enter into the shop or business, disrupting normal operations.

Decentralization is the process of distributing functions, authorities among different people or to different locations.

A declaration of conformity is a confirmation issued by the supplier of a product that specified requirements have been met.

Decryption is the process of decoding cipher text to plain text, so it is readable by the user. It is the opposite of encryption, the process of converting plain text to cipher text.

A decryption key is a piece of code that is required to decipher or convert encrypted text or information into plain text or information.

Defense in Depth is the process of creating multiple layers of security to protect electronics and information resources against attackers. Also called as Castle approach, it is based on the principle that in the event of an attack, even if one layer fails to protect the information resource other layers can offer defense against the attack.

A Demilitarized Zone is a firewall setting that separates the LAN of an organization from the outside world or the internet. Demilitarized Zone (DMZ) makes certain resources servers, etc., available to everyone, yet keeping the internal LAN access private, safe and secure offering access only to authorized personnel.

A Denial of Service attack is an attack designed to make a targeted site inaccessible, through overwhelming the targeted website. A successful Denial of Service attack can cripple any entity that relies on its online presence by rendering their site virtually useless.

Developed by one of ThreatConnect’s founders, and the primary methodology used by ThreatConnect, the Diamond Model breaks each cyber event into four vertices or nodes. These vertices represent an Adversary, Capability, Infrastructure, and Victim. The connections between the vertices form a baseball diamond shape. Through this system analysts are able to derive a multidimensional picture of the underlying relationships between threat actors and their tools, techniques and processes.

A dictionary attack is a password-cracking attack that tries all of the words in a dictionary.

A Digital Certificate is a piece of information that guarantees that the sender is verified. The digital certificate is the electronic equivalent of an ID card that establishes your credentials when doing business or other transactions on the Web. Otherwise known as Public Key Information, Digital certificate is issued by Certificate Authority, and helps exchange information over the internet in a safe and secure manner.

Digital evidence is electronic information stored or transferred in digital form.

Digital Forensics is the process of procuring, analyzing and interpreting electronic data to present it in as an acceptable evidence in a legal proceedings in a court of law.

A Digital Signature is an electronic code that guarantees the authenticity of the sender of information as who he claims to be. Digital signatures use the private key information of the sender and cannot be imitated or forged, easily.

A disaster is a sudden catastrophe that result in serious damages to the nature, society, human life, and property. Disaster in business or commercial sense disable an enterprise from delivering the essential tasks for a specified period; for organisations disasters may result in loss of resources, assets, including data.

A Disaster Recovery Plan (DRP) prescribes steps required to carry on the business as usual in the event of a disaster. Disaster recovery plan aims to bring business activities back to normalcy in the shortest possible time. An in-depth understanding of a business's critical processes and their continuity needs is required to create the plan.

Electronic commerce or ecommerce is any type of business, or commercial transaction, that involves the transfer of information across the Internet.

A non-malicious surprise contained in a program or media, that is installed by the developer. An easter egg is undocumented, non malicious, accessible to anyone, and entertaining.

Early access refers to the circumstance where one breaks into a system with minimal effort by exploiting a well-familiarised vulnerability, and gaining super user access in a short time.

Eavesdropping is when one secretly listens to a conversation.

"In computer networking, egress filtering is the practice of monitoring and restricting the flow of information between networks. Typically, information from a private TCP/IP computer network to the Internet is controlled.

Egress filtering is the filtering of outgoing network traffic.

Often called ""viruses"" these malicious programs and codes harm your computer and compromise your privacy. In addition to the traditional viruses, other common types include worms and Trojan horses. They sometimes work in tandem to do maximum damage (Blended Threat).

Electronic Key Entry is the entry of cryptographic keys into a cryptographic module using electronic methods such as a smart card or a key-loading device.

An electronic key management system is an Interoperable collection of systems being developed by services and agencies of the U.S. government to automate the planning, ordering, generating, distributing, storing, filling, using, and destroying of electronic key and management of other types of COMSEC material.

An Electronic signature is the process of applying any mark in electronic form with the intent to sign a data object and is used interchangeably with digital signature.

An electronically generated key is a key generated in a COMSEC device by mechanically or electronically introducing a seed key into the device and then using the seed in conjunction with a software algorithm stored in the device to produce the desired key.

Automated Email Ingest feature allows users to create structured, actionable threat intelligence with ease from emails originating from trusted sources and sharing partners or from suspected spearphishing emails.

An embedded cryptosystem is a system performing or controlling a function as an integral element of a larger system or subsystem.

Embedded cryptography is cryptography engineered into an equipment or system whose basic function is not cryptographic.

An Encapsulation Security Payload is an IPSec protocol that offers mixed security in the areas of authentication, confidentiality, and integrity for Ipv4 and ipv6 Network packets. Encapsulation Security Payload offers data integrity and protection services by encrypting data, anti-replay, and preserving it in its assigned IP.

To encipher is to convert plain text to cipher text via a cryptographic system.

Encryption is a data security technique, which uses an algorithm to maintain data integrity by converting plain data into a secret code. Information is encoded so that it appears as a meaningless string of letters and symbols during delivery or transmission. Only authorized users with a key can access encrypted Data.

An encryption algorithm is a set of mathematically expressed rules for rendering data unintelligible by executing a series of conversions controlled by a key.

An encryption certificate is a certificate containing a public key that is used to encrypt electronic messages, files, documents, or data transmissions, or to establish or exchange a session key for these same purposes.

An Encryption Key is a code of variable value developed with the help of encryption algorithm to encrypt and decrypt information.

An end cryptographic unit is a device that (1) performs cryptographic functions, (2) typically is part of a larger system for which the device provides security services, and (3) from the viewpoint of a supporting security infrastructure (e.g., a key management system), is the lowest level of identifiable component with which a management transaction can be conducted.

End-to-end encryption describes communications encryption in which data is encrypted when passing through a network with the routing information still visible.

In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats.

An enterprise in it's most basic form is a business or company, and has a responsibility to manage its own risks and performance.

The enterprise architecture is the description of an enterprise's entire set of information systems: A configuration, integration and how they interface. Enterprise architecture also describes how they are operated to support the enterprise mission, and how they contribute to the enterprise's overall security posture.

Enterprise Risk Management is the processes used by an enterprise to manage risks to its mission. It involves the identification and prioritization of risks due to defined threats, the implementation of countermeasures respond to threats, and assesses enterprise performance against threats and adjusts countermeasures as necessary.

Entrapment is the deliberate planting of flaws in an information system to detect attempted penetrations.

EPP stands for endpoint protection platform. It is a solution that converges endpoint device security functionality into a single product that delivers antivirus, anti-spyware and security.

A Fail Safe is the automatic protection of programs and processing systems when hardware or software failure is detected.

Fail soft are systems that terminate any nonessential processing when there are hardware or software failures.

Failover is a method of protecting computer systems from failure, in which standby equipment automatically takes over when the main system fails without warning or huamn intervention.

A false positive is an alert that incorrectly indicates that malicious activity is occurring.

A false positive is normal behavior that is marked as ‘different’, or possibly malicious. Too many false positives can drown out true alerts. In ThreatConnect, you can easily mark an indicator as a ‘false positive’ when viewing the details for that indicator. This allows you and your team to focus your time and effort on real threats.

Fault Tolerant refers to the ability of a system to have built in capability to provide continued, correct execution of its assigned function in the presence of a hardware and/or software fault.

The Federal Information System is an information system used or operated by an executive agency, a contractor of an executive agency, or by another organization on behalf of an executive agency.

A field device is an equipment that is connected to the field side on an ICS. Types of field devices include rtus, plcs, actuators, sensors, hmis, and associated communications.

A field site is a subsystem that is identified by physical, geographical, or logical segmentation within the ICS. A field site may contain RTUs, PLCs, actuators, sensors, HMIs, and associated communications.

Fieldbus is a digital, serial, multi-drop, two-way data bus or communication path or link between low-level industrial field equipment such as sensors, transducers, actuators, local controllers, and control room devices. Use of fieldbus technologies eliminates the need of point-to-point wiring between the controller and each device. A protocol is used to define messages over the fieldbus network with each message identifying a particular sensor on the network.

File encryption is the process of encrypting individual files on a storage and permitting access to the encrypted data only after proper verification.

File name anomaly is a mismatch between the internal file header and its external extension. A File name anomaly is also a file name inconsistent with the content of the file (e.g., renaming a graphics file with a non-graphical extension).

File protection is the aggregate of processes and procedures designed to inhibit unauthorized access, contamination, elimination, modification, or destruction of a file or any of its contents.

File security is the method in which access to computer files is limited to authorized users only.

The File Transfer Protocol (FTP) is a standard network protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client-server model architecture and uses separate control and data connections between the client and the server.

File integrity monitoring (FIM) is an internal control that validates the integrity of operating system and application software files using a verification method between the current file state and the known baseline.

A firewall is a security barrier that monitors and controls incoming and outgoing network traffic based on predetermined security rules, designed to keep unwanted intruders “outside” a computer system or network. A firewall should be regularly checked and updated to ensure continued function, as malicious hackers learn new tricks to breach the firewall.

Flooding is an attack that attempts to cause a failure in a system by providing more input than the system can process properly. See also Denial of Service Attack.

Forensic copy is an accurate bit-for-bit reproduction of the information contained on an electronic device or associated media, whose validity and integrity has been verified using an accepted algorithm.

Forensic discovery is the search and analysis of electronic documents. Electronic records can be found on a wide variety of devices such as desktop and laptop computers, network servers, personal digital assistants and digital phone, and exist in a medium that can only be read by using computers such as cache memory, magnetic disks, optical disks, and magnetic tapes.

Forensically clean describes digital media that is completely wiped of all data, including nonessential and residual data, scanned for malware, and verified before use.

A forward cipher is one of the two functions of the block cipher algorithm that is determined by the choice of a cryptographic key.

Freeware is an application, program, or software available for use at no cost.

The comparison of actual performance against expected performance.

Gateways act as an entrance to another network. A node or stopping point can be either a gateway node or a host (end-point) node.

Get Nearest Server is a request packet sent by a client on an IPX network to locate the nearest active server of a particular type.

GitHub is a a web based graphical interface for website and mobile collaboration. It also provides access control and several collaboration features such as bug tracking, feature requests, task management, and wikis for every project.

The Global Information Grid (GIG) is an all-encompassing communications project of the United States Department of Defense.

GNU is an operating system and an extensive collection of computer software.

Gnutella is a large peer-to-peer network. It was the first decentralized peer-to-peer network of its kind.

Governance is a system for directing an organization. It includes set of rules and practices established to evaluate the conditions of the stakeholders (e.g. Management, Suppliers, financiers, customers). It also includes framework for attaining the established goals of an organization, alongside achieving a balance between the goals of organization and interests of the stakeholders. It aims to protect the interests of the organization by protecting assets of the organization, and the interests of the creditors, customers.

Graduated security is a security system that provides several levels (e.g., low, moderate, high) of protection based on threats, risks, available technology, support services, time, human concerns, and economics.

A gray hat is a white hat/ black hat hybrid. A gray hat is a hacker with no intention to do damage to a system or network, but to expose flaws in the system security. However, they may use illegal means to gain access to the net work to expose the security weakness.

GRC stands for governance, risk and compliance

Grooming is the act of cyber criminals who use the Internet to manipulate and gain trust of a minor as a first step towards the future sexual abuse, production or exposure of that minor. Sometimes, this may involve days, weeks, months or in some cases years to manipulate the minor.

A group authenticator is used sometimes in addition to a sign-on authenticator, to allow access to specific data or functions that may be shared by all members of a particular group.

A guard system is a mechanism limiting the exchange of information between information systems or subsystems.

A guessing entropy is a measure of the difficulty that an Attacker has to guess the average password used in a system. In this document, entropy is stated in bits. When a password has n-bits of guessing entropy then an attacker has as much difficulty guessing the average password as in guessing an n-bit random quantity. The attacker is assumed to know the actual password frequency distribution.

A hacker is a expert programmer who uses computer systems to gain unauthorized access to a computer system. The mainstream usage of "hacker" mostly refers to computer criminals who gathers information on computer security flaws and breaks into computers without authorization.

Handshaking procedures are the dialogue between two information systems for synchronizing, identifying, and authenticating themselves to one another.

A hard copy key is physical keying material, such as printed key lists, punched or printed key tapes, or programmable, read-only memories.

The permanent storage medium within a computer that uses magnetic storage to store and retrieve digital information, programs and data.

Hardware is the physical components of an information system.

A hardwired key is a permanently installed key.

A Hash Function is a function that is used to map data of arbitrary size to a data of a fixed size. The values returned by a hash function are called hash values, hash codes, hash sums, or simply hashes.

A hash value is the result of applying a cryptographic hash function to data (e.g., a message).

Hash-based Message Authentication Code is a message authentication code that uses a cryptographic key in conjunction with a hash function.

Hashing is a a system of generating string values with the help of algorithms to maintain data integrity and accuracy.

High Assurance Guard is an enclave boundary protection device that controls access between a local area network that an enterprise system has a requirement to protect, and an external network that is outside the control of the enterprise system, with a high degree of assurance. A guard that has two basic functional capabilities:  a Message Guard and a Directory Guard.

High availability is a feature that ensures availability during device or component interruptions.

High impact is the loss of confidentiality, integrity, or availability that could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the United States; (i.e., 1) causes a severe degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; 2) results in major damage to organizational assets; 3) results in major financial loss; or 4) results in severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries).

A high impact system is an information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a FIPS 199 potential impact value of high. An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a potential impact value of high.

A Hijack Attack is a form of active wiretapping in which the attacker seizes control of a previously established communication association.

HoneyClient is a web browser-based high interaction client honeypot designed by Kathy Wang in 2 4 and subsequently developed at MITRE. It was the first open source client honeypot and is a mix of Perl, C++, and Ruby. HoneyClient is state-based and detects attacks on Windows clients by monitoring files, process events, and registry entries.

A honeymonkey is an automated program that imitates a human user to detect and identify websites which exploit vulnerabilities on the Internet. It is also known as Honey Client.

A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers.

Honeypots is a trap set to detect, deflect or in some manner, counteract attempts at unauthorized use of information systems. Consists of computer data or a network site that appears to be part of a network but is actually isolated and monitored.

A hop occurs each time that a data packet is passed from one device to the another, from a specified source to its destination. Data packets pass through bridges, routers, and gateways on the way.

A network host is a device connected to a computer network. It is a network node that is assigned a network layer host address. A network host may offer information resources, services, and applications to users or other nodes on the network.

A host-based intrusion detection system (HIDS) is an intrusion detection system that monitors and analyses information from the operating system audit records occurring on the host.This analysis of the audit trail forces significant overhead requirements on the system due to the increased amount of processing power which must be utilized by the intrusion detection system.

Identity and Access Management is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons.

Identification is a system to recognize user on a company's systems by using unique names.

Internet identity (IID) is a social identity that an Internet user creates on online communities or websites. While some users prefer using their real names online, others prefer to be anonymous and identify themselves by means of pseudonyms.

Intrusion Detection and Prevention Systems are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it. [Wikipedia]

IDLP stands for information leak detection and prevention.

IMINT, imaginary intelligence is a intelligence gathering discipline which collects information via satellite and aerial photography.

An incident is an unplanned disruption of a network or system service and needs to be resolved immediately. An example would be a server crash that causes a disruption in the business process.

Investigation The investigation seeks to determine the circumstances of the incident. Every incident will warrant or require an investigation. However, investigation resources like forensic tools, dirty networks, quarantine networks and consultation with law enforcement may be useful for the effective and rapid resolution of an emergency incident.

Response Procedures Incident Response Procedures are formal written procedures that detail the steps to be taken in the event of a major security problem, such as break-in. Developing detailed incident-response procedures before the occurrence of a problem is a hallmark of a well-designed security system.

Response Team The incident response team is a team that meets regularly to review status reports, authorize specific remedies, and manage the response process. During incidents, they properly assess the incident and make decisions regarding the proper course of action. The incident team meets regularly to review status reports and to authorize specific remedies.

An incremental backup provides a backup of only those files that have changed, modified, or are new since the last backup. Incremental backups are often desirable as they consume minimum storage and are quicker to perform than differential backups.

Inetd stands for Internet Service Daemon and is a super-server daemon on many Unix systems to manage several Internet services. This reduces the load of the system. This means that the network services such as telnet, File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP) can be activated on demand rather running continuously.

An inference attack is a data mining technique used to illegally access information about a subject by analyzing data. This is an example of breached information security. Such an attack occurs when a user is able to deduce key information of a database from trivial information without directly accessing it.

Information Warfare (IW) is primarily a United States Military concept that involves the use and management of information and communication technology in pursuit of a competitive advantage over an opponent. This concept may employ a combination of tactical information, assurance(s) that the information is valid, spreading of propaganda or disinformation to demoralise or manipulate the enemy and the public, undermining the quality of opposing force information and denial of information-collection opportunities to opposing forces.

IaaS is the provision of computing infrastructure (such as server or storage capacity) as a remotely provided service accessed online (ie via the internet).

Ingress filtering is used to ensure that all incoming packets (of data) are from the networks from which they claim to originate. Network ingress filtering is a commonly used packet filtering technique by many Internet service providers to prevent any source address deceiving. This helps in combating several net abuse or crimes by making Internet traffic traceable to its source.

Input Validations Attacks are when an attacker purposefully sends strange inputs to confuse a web application. Input validation routines serve as the first line of defence for such attacks. Examples of input validation attacks include buffer overflow, directory traversal, cross-site scripting and SQL injection.

Input/ Output is a general term for the equipment that is used to communicate with a computer as well as the data involved in the communications.

An insider is an entity inside the security perimeter that is authorized to access system resources but uses them in a way not approved by those who granted the authorization.

A declaration issued by an interested party that specified requirements have been met.

A service that allows people to send and get messages almost instantly. To send messages using instant messaging you need to download an instant messaging program and know the instant messaging address of another person who uses the same IM program. See also Spim.

The integrity of a system or network is the assurance that information is protected, and is only made available to those who are authorised.

Integrity Star Property means a user cannot access or read data of a lower integrity level than their own.

Intelligent Electronic Device refers to any device incorporating one or more processors with the capability to receive or send data/control from or to an external source (e.g., electronic multifunction meters, digital relays, controllers).

Internal Escalation is the process of reporting a security breach to a higher level of command with-in the department, division or company in which the breach occurred.

The Internet Control Message Protocol (ICMP) is one of the key Internet protocols and is used by network devices such as routers to generate error messages to the source IP address when network problems prevent delivery of IP packets. Any IP network device has the capability to send, receive or process ICMP messages.

The Internet Engineering Task Force (IETF) is a large open international community of network designers, operators, vendors, and researchers who are concerned with the evolution of the Internet architecture and its smooth operations. This body defines the standard Internet operating protocols such as TCP/IP.

The Internet Message Access Protocol (IMAP) is a standard Internet protocol that is used by e-mail clients to retrieve e-mail messages from a mail server over TCP/IP. IMAP is defined by RFC 35 1. An IMAP server typically listens on port number 143. IMAP over SSL (IMAPS) is assigned the port number 993.

Jitter is any deviation in the signal pulses in a high-frequency digital signal. The aberration can be in amplitude, phase timing, or the width of the signal pulse. Jitter is sometimes referred to as""Packet Delay Variation""or PDV. Controlling jitter is critical for creating a good online experience.

A Jump Bag is a container that has all the items necessary to respond to an incident inside to help mitigate the effects of delayed reactions.