Cyber Glossary

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Acceptable Interruption Window
Sometimes, an organization's critical systems or applications are interrupted. An acceptable interruption window is the maximum amount of time allowed for restoration of critical systems and applications such that the business goals are not negatively affected.
RELATED:
Disruption
 | 
Easy Access
Acceptable Use Policy
An acceptable use policy establishes the rules that one must agree to in order to be provided access to a network or internet. The policy also sets guidelines on how the network should be used.
RELATED:
File Protection
 | 
Network
Access Control List
An access control list (ACL) is a list of permissions attached to an object in a computer file. Each ACL contains a list of access control entries (ACE) that specifies which users or system processes are granted access, denied access or are audited for a securable object.
RELATED:
Access Rights
 | 
Permissions
Access Path
An access path is a process where a specified quantity of material moves as a unit between work stations, while maintaining its unique identity. In database management system terminology, access path refers to the path chosen by the system to retrieve data after a SQL request is executed.
RELATED:
SOCKS
 | 
Trust
Access Point
An access point is a computer networking device which allows a Wi-Fi compliant device to connect to a wired network wirelessly. It usually connects via a router. It is frequently referred to as a WAP (Wireless Access Point).
RELATED:
Wireless Application Protocol
 | 
Router
Access Profile
An access profile is accessibility information about a user that is stored on a computer. A profile includes the user's password, name and what information/systems they are allowed or denied access to.
RELATED:
Root
 | 
Brute Force Attack
Access Rights
Access rights are permissions that are granted to a user, or an application, to view, modify or delete files in the network. These rights can be assigned to a particular client, server, folder, specific programs or data files.
RELATED:
Data Server
 | 
Permissions
Access Type
Access type is used to specify attributes. It is applied to an entity class, mapped superclass or embeddable class.
RELATED:
Issue-Specific Policy
 | 
List Based Access Control
Account Manager
An account manager in an organization is responsible for the management of sales and relationships with particular customers, so that they will continue to use the company for business.
RELATED:
Electronic Signature
 | 
Software
Accountability
Accountability in the cyber security space entails ensuring that activities on supported systems can be traced to an individual who is held responsible for the integrity of the data.
RELATED:
Chief Security Officer
 | 
Role Based Access Control
Accounting Legend Code
Accounting legend code (ALC) is the numeric code assigned to communications security (COMSEC) material. It indicates the degree of accounting and minimum accounting controls required for items to be accountable within the control systems.
RELATED:
Sensitive Information
 | 
OPSEC
Active Defense
Active defense refers to a process, whereby an individual or organization takes an active role to identify and mitigate threats to the network and its systems.
RELATED:
Cybersecurity
 | 
NGIPS
Active Security Testing
Active security testing is security testing which involves directly interacting with a target, such as sending packets.
RELATED:
Packet
 | 
Promiscuous Mode
Ad Hoc Network
An ad hoc network is a local area network (LAN) that spontaneously builds as devices connect. An ad hoc network does not rely on a base station to coordinate different points, rather the individual base nodes forward packets to and from each other.
RELATED:
Local Area Network (LAN)
 | 
Source Port
Administrative Safeguards
Administrative safeguards are a special set of the HIPPA security rules. Administrative safeguards focus on internal organization, policies and procedures, and the maintenance of security managers which are in place to protect sensitive patient information.
RELATED:
Due Diligence
 | 
Protocol
Advanced Encryption Standard
The advanced encryption standard (AES), also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST). The algorithm described by AES is a symmetric-key algorithm, where the same key is used for both encrypting and decrypting the data.
RELATED:
Cipher
 | 
Encryption
Advanced Penetration Testing
Advanced penetration testing is the process where a network is penetrated intentionally to discover vulnerabilities which make it open to harmful intruders. These vulnerabilities are then addressed and remedied early.
RELATED:
Man-In-The-Middle
 | 
Zero Day
Advanced Persistent Threat
An advanced persistent threat (APT) is a type of network attack. An unauthorized person gains access to a network and stays there undetected for a long period of time, with an intention to steal data rather than to cause direct damage to the network.
RELATED:
Firewall
 | 
Malicious Payload
Adversary
An individual, group, organisation, or government that conducts (or intends to conduct) detrimental activities. In cryptography, an adversary has malicious intent to prevent the users of the cryptosystem from achieving their goal by threatening the privacy, integrity and availability of data. This could be done by discovering secret data, corrupting some of the data, spoofing the identity of a message sender, or forcing system downtime.
RELATED:
Distributed Denial of Service Attack (DDoS)
 | 
Spoofing
Adware
Adware is a type of software that displays or downloads unwanted advertisements on your system. Some adware which are designed to be malicious act at a speed and frequency that slows down the system and ties up resources. Adware often includes code that tracks a user's personal information and passes it on to a third party. Having multiple adware slows down your computer significantly.
RELATED:
Forensically Clean
 | 
Malware
Alert Situation
An alert situation is when the interruption in an enterprise is not resolved even after the competition of the threshold stage, an alert situation requires the enterprise to start escalation procedure.
RELATED:
Governance
 | 
Incident Management
Alternate Facilities
Alternate facilities are secondary backup facilities where high-priority emergency tasks can be performed when primary facilities are interrupted and made unavailable. These facilities include offices and data processing centers.
RELATED:
Cold Site
 | 
Hot Site
Alternate Process
An alternate process is a back-up process devised to help continue business critical processes without any interruption, from the time the primary enterprise system breaks down to the time of its restoration.
RELATED:
Failover
 | 
Maintenance
Analog
A computer program that analyzes log files from servers.
RELATED:
Data Server
 | 
Log Clipping
Anti Malware
Anti-malware refers to a software program that prevents, detects and remediates malicious programming on computing devices or IT systems.
RELATED:
Badware
 | 
Malware
Anti Virus Software
A program that is designed to detect and destroy computer viruses - preventing them from entering a computer system or network.
RELATED:
Firewall
 | 
Virus
App Attack
An app attack describes the scenario when a user unknowingly installs a malicious app on a device, which in turn steals their personal data.
RELATED:
Logic Bomb
 | 
Macro Virus
Application Layer
An application layer is an abstraction layer that specifies the shared protocols and interface methods used by hosts in a communications network. It is one of the seven layers in both of the standard models of computer networking: the Internet Protocol Suite (TCP/IP) and the Open Systems Interconnection model (OSI model)
RELATED:
Protocols
 | 
TCP/IP
Architecture
Architecture refers to a structure that defines the fundamentals of a system or an organization, its components, and the relationship across components. Ultimately, it aims to guide the system or organization towards its goals.
RELATED:
Infrastructure-as-a-service (IaaS)
 | 
Software Development Kit
Asset
An asset is a resource; something of value. This could be a person, structure or facility, information, systems and resources, materials, processes, relationships, or reputation.
RELATED:
Server
 | 
Workstation
Assurance
Assurance in cybersecurity refers to the the level of confidence that the information system architecture meditates and enforces the organization's security policy.
RELATED:
Compliance
 | 
Resilience
Asymmetric Key
Asymmetric Key Cryptography, also known as Public key cryptography, is an cryptographic system that uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner.
RELATED:
Private Key
 | 
Public Key
Attack
An attack is a malicious intent to gain unauthorized access to a system , or compromise system integrity or confidentiality. It interrupts the operations of a network.
RELATED:
Masquerade Attack
 | 
Pharming
Attack Mechanism
An attack mechanism is a system or strategy by which a target is hit; the attacker may use different attack mechanisms such as a container or payload to hit the intended target.
RELATED:
Incident
 | 
Watering Hole
Attack Vector
An attack vector is the means by which the hacker accesses the targetted system. Attack vestors allow hackers to exploit system vulnerabilities, both human and non.
RELATED:
Social Engineering
 | 
Weakness
Attacker
An individual, group, organisation, or government that executes an attack. A party acting with malicious intent to compromise an information system.
RELATED:
Black Hat
 | 
Hacker
Attenuation
Attenuation happens when signal strengths become weak after transmitting over long distances.
RELATED:
Synchronization
 | 
Topology
Audit trail
Audit trail is a documented record of events or transactions. It allows the auditor to trace a piece of information to its origin and to reconstruct past system activities.This helps to maintain security and recover any lost data.
RELATED:
Inside Threat
 | 
Investigation
Authentication
Authentication is the proces of confirming the correctedness of the claimed identity of an individual user, machines or software component, to allow access to the system.
RELATED:
Claimant
 | 
Token-Based Access Control
Authenticity
Authenticity is the proof that a claimed identity is legitimate.
RELATED:
Authentication
 | 
Password
Authorization
Authorization is the right, permission or empowerment that is granted to a system entity to access the system resource and do something.
RELATED:
Integrity
 | 
Whitelist
Availability
Availability is the time duration a system or resource is ready for use.
RELATED:
Disruption
 | 
Poison Reverse
Backdoor
A backdoor bypasses normal security authentications to enter a system. Backdoors are created by developers to speed access through security during the development phase. When they are not properly removed during final implementation, hackers can use backdoors to bypass security implementations and threaten the security of the system.
RELATED:
Brute Force Attack
 | 
Firewall
Badware
Malware, Adware and Spyware.
RELATED:
Adware
 | 
Malware
Bandwidth
Bandwidth is the volume of information that can pass through a network for a given period. It specifies the capacity of the communciation channel, and is usually measured in bits per second.
RELATED:
File Transfer Protocol
 | 
Hub
Banner
A banner is a display on an information system that sets the parameters for system or data use.
RELATED:
Operational Controls
 | 
Security Controls
Banner Grabbing
Banner grabbing is the process of grabbing banner information such as the application type and version. This information is then transmitted by a remote port when a connection is initiated.
RELATED:
Port
 | 
QoS
Baseline Security
Baseline security is the minimum set of security controls required for safeguarding an IT system. Baseline security is based upon a system's identified needs for confidentiality, integrity and availability protection.
RELATED:
Integrity
 | 
Secure Communications
Bastion
A bastion is a system of high level of security protection that offers very strong protection against attacks.
RELATED:
NIPS
 | 
NGFW
Bastion Host
A bastion host is a special services computer on a network that is designed to withstand attacks.
RELATED:
Management System
 | 
Redundant Control Server
Behavioral Outcome
A behavioral outcome is what an individual who has completed a specific training module is expected to accomplish on regular IT security job performance.
RELATED:
Configuration Management
 | 
Gap Analysis
Biometrics
Biometrics is a type of security system, which uses unique physiological characteristics of a person such as fingerprints, DNA, hair for identification purposes.
RELATED:
Domain Controller
 | 
Identification
Bit Error Rate
A bit error rate is the ratio between the number of bits incorrectly received and the total number of bits transmitted in a telecommunications system.
RELATED:
Checksum
 | 
Octet
Black Core
A black core is a communication network architecture in which user data traversing a global internet protocol (IP) is end-to-end encrypted at the IP layer.
RELATED:
Encryption
 | 
Internet Protocol Security (IPSec)
Black Hat
A black hat hacker is the “bad guy” who violates computer security for few reasons beyond maliciousness or personal gain. Black Hat Hackers may share information about the hack with other black hats so that the same vulnerabilities can be exploited before the victim becomes aware and takes appropriate measures.
RELATED:
Adversary
 | 
White Hat
Blacklist
A list of entities that are blocked or denied privileges or access.
RELATED:
Access Control List
 | 
Content Filtering
Blacklisting Software
A form of filtering that blocks only websites specified as harmful. Parents and employers sometimes use such software to prevent children and employees from visiting certain blacklisted websites.
RELATED:
Monitoring Software
 | 
Whitelisting Software
Blended Attack
A blended attack is a hostile action with the intent of spreading malicious code.
RELATED:
IDPS
 | 
Malicious Code
Blended Threat
A blended threat is a computer network attack that tries to maximize the severity of damage by combining various attack methods. combine the characteristics of viruses, worms, trojan horses, and malicious code with system and internet vulnerabilities to initiate, transmit and spread an attack.
RELATED:
Polymorphic Virus
 | 
Resource Exhaustion
Block Cipher
A block cipher algorithm is a family of functions and their inverses parameterized by a cryptographic key in which the function map bit strings of a fixed length to bit strings of the same length. It is a method used to cipher text, information by encrypting data in blocks, strings, or group at a time rather encrypting individual bits.
RELATED:
Cipher Text
 | 
Encryption
Bot
A bot is a software “robot” that performs an extensive set of automated tasks on its own. Search engines like Google use bots, also known as spiders, to crawl through websites in order to scan and rank pages.When black hats use a bot, they can perform an extensive set of destructive tasks, as well as introduce many forms of malware to your system or network. They can also be used by black hats to coordinate attacks by controlling botnets.
RELATED:
Black Hat
 | 
Zombie Computer
Botnet
A botnet is a remote network of zombie drones under the control of a black hat. Attackers use various malware and viruses to take control of computers to form a botnet (robotic network), which will send further attacks such as spam and viruses to target computers or networks. Most often, the users of the systems will not even know they are involved .
RELATED:
Threat
 | 
Zombie / Zombie Drone
Bridge
A bridge is an electronic device that connects two networks such as LAN that uses the same protocol such as Ethernet or Token Ring, and creates two distinct LAN's or Wide Area Networks. Operating at the Data Link Layer of the Open System Interconnect model, bridges have the ability to filter the information and can pass such information to the right nodes, or decide not to pass any information. They also help in streamlining or reducing the volume of traffic on a LAN by dividing the data into two segments.
RELATED:
Ethernet
 | 
Switch Network
Broadcast
A broadcast is a process of transmitting the same message to multiple users simultaneously without the need for acknowledgement from users.
RELATED:
Data Flow Control
 | 
Spam
Brute Force Attack
A brute force attack is the process of finding the solution by trying many probable variants of information such as passwords, deciphered keys, randomly.
RELATED:
Decipher
 | 
Remotely Exploitable
Buffer Overflow
A buffer overflow is a type of programmatic flaw, when a program tries to store more data to a buffer than it can hold. Since there is a limit on how much data a buffer can hold, any surplus data overflows to the adjoining buffers. This causes data stored in those buffers to be overwritten, and triggers unpredictable consequences.
RELATED:
Collision
 | 
CRC
Bug
An unexpected and relatively small defect, fault, flaw, or imperfection in an information system or device.
RELATED:
Exploit
 | 
Patch
Business Continuity Management
Business continuity management refers to preparing for and maintaining continued business operations following disruption or crisis.
RELATED:
Business Continuity Plan
 | 
Conflict-of-interest Escalation
Business Continuity Plan
A Business Continuity Plan, also known as business emergency plan, offers safeguards against a disaster, and outlines the strategies, action plan on how to continue business as usual in the event of any disaster.
RELATED:
Business Continuity Management
 | 
Contingency Plan
Business Impact Assessment
A Business Impact Analysis is the process of evaluating and identifying risks and threats that a business might face in the event of an accident, disaster, or an emergency. It evaluates the possible risk to tangible and intangible assets such as personal, infrastructure, data and goodwill. In addition, it offers steps needed to recover from any such disasters.
RELATED:
Incident Management
 | 
Risk Assessment
C2
C2 is a computer security class defined in the Trusted Computer System Evaluation Criteria (TCSec).
RELATED:
C2 Infrastructure Data
 | 
Security
C2 Infrastructure Data
C2 infrastructure data consists of domains, IP addresses, protocol signatures, email addresses, payment card data, etc.
RELATED:
C2
 | 
Data Custodian
Central Services Node
A central services node is the key management infrastructure core node that provides central security management and data management services.
RELATED:
Gateway
 | 
Mandatory Access Control
Certificate Authority
In cryptography, a certificate authority is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate.
RELATED:
Digital Certificate
 | 
Public Key
Certificate Management
Certificate management is the process in which certificates are generated, used, transmitted, loaded and destroyed.
RELATED:
Trusted Certificate
 | 
Web of Trust
Certification Revocation List
A certification revocation list is an independent third party that verifies the online identity of an entity. They issue digital certificates that contains information about the owner of the certificate and details of the certificates, thus verifying the identity of the owner.
RELATED:
Trusted Certificate
 | 
Web of Trust
Chain of Custody
A chain of custody is a chronological documentation of how electronic evidence is handled and collected. It also contains information on how has access to it.
RELATED:
Digital Evidence
 | 
Evidence
Chain of Evidence
The chain of evidence shows who obtained the evidence, where the evidence came from, also who secured, had control and possession of the evidence. The chain of evidence goes in the following order: collection and identification; analysis; storage; preservation; presentation in court; return to owner.
RELATED:
Evidence
 | 
Digital Forensics
Challenge Response Protocol
Challenge response protocol is a authentication protocol, where the verifier sends the user a challenge. When the challenge is solved with a private key operation, access is then allowed.
RELATED:
Authentication
 | 
Two-factor Authentication
Chargeback
A payment card transaction where the supplier initially receives payment but the transaction is later rejected by the cardholder or the card issuing company. The supplier's account is then debited with the disputed amount.
RELATED:
C2 Infrastructure Data
 | 
Secure Electronic Transactions
Checksum
A numerical value that helps to check if the data transmitted is the same as the data stored and that the recipient has error free data. It is often the sum of the numerical values of bits of digital data stored, this value should match with the value at the recipients end, and a mismatch in the value indicates an error.
RELATED:
Bit Error Rate
 | 
CRC  
Chief Information Security Officer (CISO)
A Chief Information Security Officer is a senior level executive of an organization entrusted with the responsibilities of protecting the information assets of the businesses and making sure that the information policies of the organization align with the objectives of the organization.
RELATED:
Information Security
 | 
Security Authorization Boundary
Chief Security Officer (CSO)
A Chief Security Officer is an executive of the company with assigned responsibility to protect assets such as the infrastructure, personnel, including information in digital and physical form.
RELATED:
Data Asset
 | 
Security
Cipher
In cryptography, a cipher is an algorithm for performing encryption or decryption of code. This process encrypts data into code, or decipher the code to a required key.
RELATED:
Decryption
 | 
Decryption Key
Ciphertext
Data or information in its encrypted form. "Cipher Text is data converted from plain text into code using algorithm, making it unreadable without the key."
RELATED:
Cleartext
 | 
Encryption
Ciphony
Ciphony is the process of enciphering audio information with the result of encrypted speech.
RELATED:
Dual-Use Certificate
 | 
Radiation Monitoring
Claimant
A claimant is the party who needs to be identified via an authentication protocol.
RELATED:
Authentication
 | 
Kerberos
Clear Desk Policy
A policy that directs all personnel to clear their desks at the end of each working day, and file everything appropriately. Desks should be cleared of all documents and papers, to ensure that sensitive papers and documents are not exposed to unauthorized persons outside of working hours.
RELATED:
Clear Screen Policy
 | 
Inside Threat
Clear Screen Policy
Clear Screen Policy is a policy that directs all computer users to ensure that the contents on screen are protected from prying eyes. The easiest way is to use a screen saver that engages either on request or after a specified short period of time.
RELATED:
Clear Desk Policy
 | 
Intrusion
Cleartext
Cleartext is data in ASCII format or data that is not coded or encrypted. All applications and machines support this plain text.
RELATED:
Cryptography
 | 
Plaintext
Clinger Cohen Act of 1996
The Clinger–Cohen Act (CCA), formerly the Information Technology Management Reform Act of 1996 (ITMRA), is a 1996 United States federal law designed to improve the way the federal government acquires, uses and disposes information technology (IT).
RELATED:
National Institute of Standards and Technology
 | 
SIEM
Cloud Computing
Cloud computing allows remote sharing of files, data and facilitates remote working, as long as users are connected to the internet. A model for enabling on-demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
RELATED:
Endpoint Security
 | 
Infrastructure-as-a-service (IaaS)
Cold Site
A cold site is a backup site that can become operational fairly quickly, usually in one or two days. A cold site might have standard office equipment such as furniture and telephones, however there is unlikely to be any computer equipment. Basically, a cold site is a backup facility ready to receive computer equipment should a group need to move to an alternate location.
RELATED:
Contingency plan
 | 
Hot Site
Collision
A collision is a situation where two or more devices try to send requests or transmit data to the same device at the same time.
RELATED:
Buffer Overflow
 | 
Topology
Common Text
Common text is a series of requirements defined by the International Organization for Standardization, that are being incorporated in all management system international standards as they are revised.
RELATED:
Encipher
 | 
ISO
Compartmentalization
Compartmentalization is a technique of protecting confidential information by revealing it only to a few people, to those who actually need to know the details to perform their job. Thus, by restricting access to information, data the risk to business objectives is limited.
RELATED:
Data Custodian
 | 
Integrity
Compliance
Compliance is the act of adhering to the set standards, rules, and laws of regulatory bodies and authorities. For example, in software, installation process abides by the vendor license agreement.
RELATED:
Assurance
 | 
GRC
Compliance Documents
A compliance document is a document detailing the actions required to comply or adhere to the set standards by regulatory bodies. Any violations of the said rules attract punitive actions from the regulatory bodies.
RELATED:
Security Audit
 | 
Whitelist
Compromise
A compromise is the violation of the company's system security policy by an attacker. It can result in the modification, destruction or theft of data.
RELATED:
Crimeware
 | 
Hacker
Computer Crime
Computer crime refers to form of illegal act involving electronic information and computer equipment.
RELATED:
Hacker
 | 
Vulnerability
Computer Forensics
Computer forensics is the process of analyzing computer devices which are suspected for crime, with the aim of gathering evidence for presentation in a court of law. Computer forensics offer many tools for investigation and analysis to find out such evidence.
RELATED:
Chain of Evidence
 | 
Investigation
Computer Fraud
Computer fraud is a computer crime that an intruder commits to obtain money or something of value from a company. Computer fraud can involve the modification, destruction, theft or disclosure of data. Often, all traces of the crime are covered up.
RELATED:
Accountability
 | 
Weakness
Computer Network Defence
The actions taken to defend against unauthorised activity within computer networks. Confidentiality authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.
RELATED:
Attack
 | 
Confidentiality
Confidentiality
Confidentiality ensures that rules are set that places restrictions on access to, or sharing of information with the aim of preserving and protecting the privacy of the information.
RELATED:
Privacy
 | 
Secure Socket Layer (SSL)
Configuration Control
Configuration control is a process for controlling modifications to hardware, firmware, software, and documentation to ensure the information system is protected against improper modifications before, during, and after system implementation.
RELATED:
Topology
 | 
System Administration
Configuration Management
Configuration Management (CM) is a systems engineering process for ensuring consistency of a product's performance, functional, and physical attributes with its requirements, design, and operational information.
RELATED:
Acceptable Interruption Window
 | 
Systems Security Architecture
Conflict-of-interest Escalation
Conflict of interest escalation is a present procedure for escalating a security incident if any members of the support or security teams are suspect.
RELATED:
Business Continuity Management
 | 
Insider
Consumerization
Consumerization refers to new trends or changes in enterprise technology as more and more consumers embrace such technology. Employees use devices for personal use and as they gain wide acceptance, even organizations start using such technologies.
RELATED:
Enterprise
 | 
Share
Containment
Containment is steps taken to control any further risks when identifying a threat.
RELATED:
Countermeasure
 | 
Endpoint Security
Content Filtering
Content filtering is a process by which access to certain content, information, data is restricted or completely blocked based on organization's rules, by using either software or hardware based tools.
RELATED:
Blacklist
 | 
Sandboxing
Contingency Plan
A contingency plan is a security plan to ensure that mission-critical computer resources are available to a company in disasters (such as earthquake or flood). It includes emergency response actions, backup operations and post-disaster recovery.
RELATED:
Business Continuity Plan
 | 
Cold Site
Continuous Process
Continuous process is a process that operates on the basis of continuous flow, as opposed to batch, intermittent, or sequenced operations.
RELATED:
Data Flow Control
 | 
Egress
Control
Control are the regulations taken to prevent unauthorized use of any company's system resources by external intruders or unauthorized employees.
RELATED:
Honeypot
 | 
Information Security
Control Algorithm
A control algorithm is a mathematical representation of the control action to be performed.
RELATED:
Hashing
 | 
Secret Key Cryptographic Algorithm
Control Center
The control center is an equipment structure from which a process is measured, controlled, and/or monitored.
RELATED:
Control Server
 | 
Kernel
Control Loop
A control loop is a combination of field devices and control functions arranged so that a control variable is compared to a set point and returns to the process in the form of a manipulated variable.
RELATED:
Controlled Variable
 | 
Cycle Time
Control Network
The control network of an enterprise is typically connected to equipment that controls physical processes and that is time or safety critical. The control network can be subdivided into zones, and there can be multiple separate control networks within one enterprise and site.
RELATED:
Disaster Recovery Plan
 | 
Single Loop Controller
Control Server
Control Server is a server that hosts the supervisory control system, typically a commercially available application for DCS or SCADA system.
RELATED:
Control Center
 | 
Kernel
Control System
A control system is a system in which deliberate guidance or manipulation is used to achieve a prescribed value for a variable. Control systems include SCADA, DCS, PLCS and other types of industrial measurement and control systems.
RELATED:
DCS
 | 
Supervisory Control and Data Acquisition (SCADA)
Controlled Variable
A controlled variable is the variable that the control system attempts to keep at the set point value. The set point may be constant or variable.
RELATED:
Control Loop
 | 
Set Point
Cookie
A cookie is a small packet of information which your computer’s browser stores when you visit a web server. The stored information(e.g. A set of forms) is used to customize your next visit to the same web server.
RELATED:
Packet
 | 
Web Server
Countermeasure
A countermeasure is a defensive mechanism that helps mitigate risk, threat, to a network or computers, using a process, system or a device.
RELATED:
Containment
 | 
RIsk
Cracker
A cracker, also known as a black hat hacker, is an individual with extensive computer knowledge whose purpose is to breach or bypass internet security or gain access to software without paying royalties. As opposed to hackers who can be internet security internet experts to hire vulnerabilities in systems, crackers has the malicious intent to do damage for criminal gain.
RELATED:
Black Hat
 | 
Vulnerability
CRC  
CRC refers to a cyclic redundancy check. The CRC is an error-detecting code commonly used to detect accidental changes to raw data. It identifies the error so that corrective action can be taken against corrupted data.
RELATED:
Buffer Overflow
 | 
Checksum
Crimeware 
Crimeware refers to any malware that's used to compromise systems such as servers and desktops - the majority of these incidents start through web activity, not links or attachments in email.
RELATED:
Compromise
 | 
Malware
Critical Infrastructure
Critical Infrastructure is the fundamental system of an organization that is important for its survival. Any threat to such basic systems would push the entire organization in to jeopardy.
RELATED:
Data Breach
 | 
Defense-in-Depth
Criticality
Criticality is the level of importance assigned to an asset or information. The organization may not function effectively and efficiently in the absence of an asset or information that is highly critical.
RELATED:
Acceptable Interruption Window
 | 
Criticality Analysis
Criticality Analysis
Criticality Analysis is evaluating the importance of an asset or information to an organization; and the effects its failure would have on the overall performance of the organization.
RELATED:
Alternate Process
 | 
Critical Infrastructure
CRITs 
CRITs (Collaborative Research Into Threats) is an open source malware and threat repository. It work by leveraging open source software to create a unified tool for security experts engaged in threat defense.
RELATED:
ISAC/ISAO
 | 
NGIPS 
Cross-Site Scripting
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
RELATED:
SQL Injection
 | 
Zero Day
Cryptanalysis
The operations performed in defeating or circumventing cryptographic protection of information by applying mathematical techniques.
RELATED:
Cryptography
 | 
Hashing
Cryptography
Cryptography is a method to of protect the privacy of information by encrypting it into a secret code, so no one but the authorized person with an encryption key can read or view the information. The use of mathematical techniques to provide security services, such as confidentiality, data integrity, entity authentication, and data origin authentication. The art or science concerning the principles, means, and methods for converting plaintext into ciphertext and for restoring encrypted ciphertext to plaintext.
RELATED:
Cryptanalysis
 | 
Encryption Key
Cryptosystem
A suite of cryptographic algorithms needed to implement a particular security service, most commonly for achieving confidentiality (encryption). Typically, a cryptosystem consists of three algorithms: one for key generation, one for encryption, and one for decryption.
RELATED:
Decryption
 | 
Encryption
Cyber
Relating to, or characteristic of, the culture of computers, information technology and virtual reality (OED)
RELATED:
Cybersecurity
 | 
SIEM 
Cyber Ecosystem
The interconnected information infrastructure of interactions among persons, processes, data, and information and communications technologies, along with the environment and conditions that influence those interactions.
RELATED:
Central Services Node
 | 
Critical Infrastructure
Cyber Espionage
Cyber espionage is the use of computer networks to gain illicit access to confidential information.
RELATED:
Computer Crime
 | 
Malicious Code
Cybercop
A cybercop is a law enforcement officer entrusted with the responsibilities of monitoring online activities to control criminal activities online or cybercrimes.
RELATED:
Digital Forensics
 | 
Gray Hat
Cybersecurity
Cybersecurity are the processes employed to safeguard and secure crucial information of an organization. Identity management, risk management and incident management form the crux of cyber security strategies of an organization.
RELATED:
Cyber
 | 
Information Security
Cybersecurity Architecture
Cybersecurity architecture is the information security layout that describes the overall structure, including its various components, and their relationships in an organization. It displays how strong the data security, controls and preventive mechanisms implemented in the organization.
RELATED:
IDPS 
 | 
Voice Intrusion Prevention System
CybOX 
CybOX (cyber observable expression) is the standard language for cyber observables (i.e. a schema). A cyber observable is "a measurable event or stateful property in the cyber domain".
RELATED:
Cyber
 | 
Information Security
Cycle Time
Cycle time is the time for a controller to complete one control loop where sensor signals are read into memory, control algorithms are executed, and corresponding control signals are transmitted to actuators that create changes the process resulting in new sensor signals.
RELATED:
Control Loop
 | 
Routing Loop
Darknet
A darknet is a private file sharing network where connections are made only between trusted peers using non-standard protocols and ports. Darknet networks are anonymous, and therefore users can communicate with little fear of governmental or corporate interference.
RELATED:
Port
 | 
Protocol
Data Asset
A data asset is any entity that is comprised of data; for example, a database is an example of a data asset. A system or application output file, database, document, or web page are also considered data assets. Data assets can also be a service that may be provided to access data from an application.
RELATED:
Database
 | 
High Impact
Data Breach
The unauthorised movement or disclosure of sensitive information to a party, usually outside the organisation, that is not authorised to have or see the information.
RELATED:
Defense-in-Depth
 | 
Exploit
Data Classification
Data classification is a data management process that involves of categorizing and organizing data into different classes based on their forms, types, importance, sensitivity, and usage in an organization.
RELATED:
Access Type
 | 
Security Concept of Operations
Data Custodian
A data custodian is an executive of an organization entrusted with the responsibilities of data administration - as such protecting and safeguarding data is the primary responsibility of data custodian.
RELATED:
Chief Security Officer (CSO)
 | 
Information Security
Data Disclosure
Data disclosure is a breach where where it is confirmed that data was disclosed to an unauthorized party.
RELATED:
Cracker
 | 
External Escalation
Data Element
A data element is a basic unit of information that has a unique meaning and subcategories (data items) of distinct value. Gender, race, and geographic location are all examples of data elements.
RELATED:
Advanced Encryption Standard
 | 
Data Owner
Data Encryption Standard
A Data Encryption Standard is a form of algorithm to convert plain text to a cipher text. Data Encryption Standard uses the same key to encrypt and decrypt the data, and hence it is a symmetric key algorithm.
RELATED:
Cipher Text
 | 
Encryption
Data Flow Control
Data flow control is another term for information flow control.
RELATED:
Broadcast
 | 
File Transfer Protocol (FTP)
Data Historian
A data historian is centralized database supporting data analysis using statistical process control techniques.
RELATED:
Database
 | 
ILDP 
Data Integrity
Data that is complete, intact, and trusted and has not been modified or destroyed in an unauthorised or accidental manner.
RELATED:
C2
 | 
Trusted Certificate
Data Leakage
Data leakage is the accidental or intentional transfer and distribution of private and confidential information of an organization without its knowledge or the permission.
RELATED:
Recovery
 | 
Security Automation
Data Loss
The result of unintentionally or accidentally deleting data, forgetting where it is stored, or exposure to an unauthorised party.
RELATED:
Exposure
 | 
Mitigation
Data Mining
The process or techniques used to analyze large sets of existing information to discover previously unrevealed patterns or correlations.
RELATED:
Data Integrity
 | 
Syslog
Data Owner
A data owner is an executive entrusted with the data accuracy and integrity in an organization. Such an individual has complete control over data, and can limit the access of data to people and assign permissions.
RELATED:
Data Element
 | 
Least Privilege
Data Retention
Data retention is the process of storing and protecting data for historical reasons and for data back up when needed. Every organization has its own rules governing data retention within the organization.
RELATED:
Compartmentalization
 | 
Security Policy
Data Server
Data Server is a computer or program that provides other computers with access to shared files over a network.
RELATED:
HTTP Proxy
 | 
Proxy Server
Data Theft
The deliberate or intentional act of stealing of information.
RELATED:
Computer Fraud
 | 
MSSP 
Data Transfer Device
The Data Transfer Device (DTD) is an electronic fill device designed to replace the existing family of common electronic fill devices.
RELATED:
Ethernet
 | 
Extranet
Database
A database is a systematic collection and organization of information so that information can be easily stored, retrieved, and edited for future use.
RELATED:
Data Asset
 | 
Polyinstantiation
DC Servo Drive
DC Servo Drive is a type of drive that works specifically with servo motors. It transmits commands to the motor and receives feedback from the servo motor resolver or encoder.
RELATED:
Hard Disk
 | 
Servo Valve
Decentralization
Decentralization is the process of distributing functions, authorities among different people or to different locations.
RELATED:
Gnutella
 | 
Supervisory Control and Data Acquisition (SCADA)
Decipher
To convert enciphered text to plaintext by means of a cryptographic system.
RELATED:
Cryptography
 | 
Encipher
Declaration of Conformity
A declaration of conformity is a confirmation issued by the supplier of a product that specified requirements have been met.
RELATED:
Inspection Certificate
 | 
Security Control Assessor
Decryption
Decryption is the process of decoding cipher text to plain text, so it is readable by the user. It is the opposite of encryption, the process of converting plain text to cipher text.
RELATED:
Encryption
 | 
Session Key
Decryption Key
A decryption key is a piece of code that is required to decipher or convert encrypted text or information into plain text or information.
RELATED:
Cipher
 | 
Key
Defense-in-Depth
Defense in Depth is the process of creating multiple layers of security to protect electronics and information resources against attackers. Also called as Castle approach, it is based on the principle that in the event of an attack, even if one layer fails to protect the information resource other layers can offer defense against the attack.
RELATED:
Data Breach
 | 
Personal Firewall
Demilitarized Zone
A Demilitarized Zone is a firewall setting that separates the LAN of an organization from the outside world or the internet. Demilitarized Zone (DMZ) makes certain resources servers, etc., available to everyone, yet keeping the internal LAN access private, safe and secure offering access only to authorized personnel.
RELATED:
Firewall
 | 
NGFW 
Denial of Service Attack
A denial of service attack is an attack designed to make a targeted site inaccessible, through overwhelming the targeted website. A successful denial of service attack can cripple any entity that relies on its online presence by rendering their site virtually useless.
RELATED:
Distributed Denial of Service Attack (DDoS)
 | 
Smurf Attack
Diamond Model 
Developed by one of ThreatConnect’s founders, and the primary methodology used by ThreatConnect, the Diamond Model breaks each cyber event into four vertices or nodes. These vertices represent an Adversary, Capability, Infrastructure, and Victim. The connections between the vertices form a baseball diamond shape. Through this system analysts are able to derive a multidimensional picture of the underlying relationships between threat actors and their tools, techniques and processes.
RELATED:
Digital Forensics
 | 
Threat Actor
Dictionary Attack
A dictionary attack is a password-cracking attack that tries all of the words in a dictionary.
RELATED:
Brute Force Attack
 | 
Password
Digital Certificate
A Digital Certificate is a piece of information that guarantees that the sender is verified. The digital certificate is the electronic equivalent of an ID card that establishes your credentials when doing business or other transactions on the Web. Otherwise known as Public Key Information, Digital certificate is issued by Certificate Authority, and helps exchange information over the internet in a safe and secure manner.
RELATED:
Certificate Management
 | 
Trusted Certificate
Digital Evidence
Digital evidence is electronic information stored or transferred in digital form.
RELATED:
Digital Forensics
 | 
Evidence
Digital Forensics
Digital forensics is the process of procuring, analyzing and interpreting electronic data to present it in as an acceptable evidence in a legal proceedings in a court of law.
RELATED:
Chain of Custody
 | 
Chain of Evidence
Digital Signature
A digital signature is an electronic code that guarantees the authenticity of the sender of information as who he claims to be. Digital signatures use the private key information of the sender and cannot be imitated or forged, easily.
RELATED:
Dual-Use Certificate
 | 
Electronic Signature
Disaster
A disaster is a sudden catastrophe that result in serious damages to the nature, society, human life, and property. Disaster in business or commercial sense disable an enterprise from delivering the essential tasks for a specified period; for organisations disasters may result in loss of resources, assets, including data.
RELATED:
Contingency Plan
 | 
Natural Disaster
Disaster Recovery Plan
A Disaster Recovery Plan (DRP) prescribes steps required to carry on the business as usual in the event of a disaster. Disaster recovery plan aims to bring business activities back to normalcy in the shortest possible time. An in-depth understanding of a business's critical processes and their continuity needs is required to create the plan.
RELATED:
Operational Exercise
 | 
User Contingency Plan
Discretionary Access Control
Discretionary access control is a security measure, by which the owner can restrict the access of the resources such as files, devices, directories to specific subjects or users or user groups based on their identity. It is the discretion of owner to grant permit or restrict users from accessing the resources completely or partially.
RELATED:
Confidentiality
 | 
Content Filtering
Disk Imaging
Disk imaging is the process of generating a bit-for-bit copy of the original media, including free space and slack space.
RELATED:
Forensic Copy
 | 
Octet
Disruption
A disruption is unplanned event that causes the general system or major application to be inoperable for an unacceptable length of time (e.g., minor or extended power outage, extended unavailable network, or equipment or facility damage or destruction).
RELATED:
Availability
 | 
Recovery
Distributed Control System
A distributed control system (DCS) is a computerised control system for a process or plant, in which autonomous controllers are distributed throughout the system, but there is central operator supervisory control.
RELATED:
Distributed Plant
 | 
Process Controller
Distributed Denial of Service Attack (DDoS)
A distributed denial of service attack is a denial of service attack that is carried out using a master programme that sends information and data packets to the targeted webserver from multiple systems under control. The DDoS is more devastating than a denial of service attack launched from a single system, flooding the target server with a speed and volume that is exponentially magnified.
RELATED:
Botnet
 | 
Denial of Service Attack
Distributed Plant
Distributed Plant is a geographically distributed factory that is accessible through the internet by an enterprise.
RELATED:
Distributed Control System
 | 
Enterprise
Disturbance
Disturbance is an undesired change in a variable being applied to a system that tends to adversely affect the value of a controlled variable.
RELATED:
Controlled Variable
 | 
Set Point
DMZ
The DMZ is a segment of a network where servers accessed by less trusted users are isolated. The name is derived from the term "demilitarized zone".
RELATED:
Demilitarized Zone
 | 
Firewall
Domain Controller
The domain controller is a server responsible for managing domain information, such as login identification and passwords.
RELATED:
Data Server
 | 
Password
Domain Hijacking
An attack in which an attacker takes over a domain by first blocking access to the domain's DNS server and then putting his own server up in its place.
RELATED:
DNS
 | 
Pharming
Domain Name System (DNS)
Domain name system is the system by which internet domain names and addresses are tracked and regulated.
RELATED:
Domain Hijacking
 | 
WHOIS
Dual-Use Certificate
A dual-use certificate is a certificate that is intended for use with both digital signature and data encryption services.
RELATED:
Digital Signature
 | 
Encryption Certificate
Due Care
Due Care is the degree of care a rational person would exercise in similar situations as the one at hand. It is also known as ordinary care or reasonable care is a test of a person's preparedness to act, be responsible or neglectful of responsibility.
RELATED:
Data Custodian
 | 
External Escalation
Due Diligence
Due Diligence is the process of conducting a thorough and detailed investigation, to verify the truthfulness of the information provided in the statements for analysis and review before committing to a transaction.
RELATED:
Forensic Discovery
 | 
Investigation
Dumpster Diving
Dumpster diving refers to the act of rummaging the trash of others to obtain useful information to access a system.
RELATED:
Eavesdropping
 | 
Shoulder Surfing
Dynamic Ports
Dynamic ports are otherwise known as private ports, these ports ranging from port number 49,152 to 65, 535 do not need any registration; these ports help any computer application communicate with any other application or program that uses Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP).
RELATED:
Port
 | 
TCP/IP
E-commerce
Electronic commerce or e-commerce is any type of business, or commercial transaction, that involves the transfer of information across the Internet.
RELATED:
Enterprise
 | 
TCP/IP
Easter Egg
A non-malicious surprise contained in a program or media, that is installed by the developer. An easter egg is undocumented, non malicious, accessible to anyone, and entertaining.
RELATED:
Freeware
 | 
Input/Output (I/O)
Easy Access
Easy access refers to the circumstance where one breaks into a system with minimal effort by exploiting a well-familiarised vulnerability, and gaining super user access in a short time.
RELATED:
Script Kiddie
 | 
Vulnerability
Eavesdropping
Eavesdropping is when one secretly listens to a conversation.
RELATED:
Dumpster Diving
 | 
Shoulder Surfing
Egress
In computer networking, egress filtering is the practice of monitoring and restricting the flow of information between networks. Typically, information from a private TCP/IP computer network to the internet is controlled.
RELATED:
Egress Filtering
 | 
Regression Analysis
Egress Filtering
Egress filtering is the filtering of outgoing network traffic.
RELATED:
Egress
 | 
Signature
Electronic Infections
Often called "viruses" these malicious programs and codes harm your computer and compromise your privacy. In addition to the traditional viruses, other common types include worms and Trojan Horses. They sometimes work in tandem to do maximum damage (blended threat).
RELATED:
Trojan Horse
 | 
Virus
Electronic Key Entry
Electronic key entry is the entry of cryptographic keys into a cryptographic module using electronic methods such as a smart card or a key-loading device.
RELATED:
Forward Cipher
 | 
Smart Card
Electronic Key Management System
An electronic key management system is an interoperable collection of systems being developed by services and agencies of the U.S. government to automate the planning, ordering, generating, distributing, storing, filling, using, and destroying of electronic key and management of other types of COMSEC material.
RELATED:
Accounting Legend Code
 | 
Electronically Generated Key
Electronic Signature
An electronic signature is the process of applying any mark in electronic form with the intent to sign a data object and is used interchangeably with digital signature.
RELATED:
Digital Signature
 | 
Signature
Electronically Generated Key
An electronically generated key is a key generated in a COMSEC device by mechanically or electronically introducing a seed key into the device and then using the seed in conjunction with a software algorithm stored in the device to produce the desired key.
RELATED:
Accounting Legend Code
 | 
Seed Key
Email Ingest
An automated email ingest feature allows users to create structured, actionable threat intelligence with ease from emails originating from trusted sources and sharing partners or from suspected spearphishing emails.
RELATED:
Countermeasure
 | 
Mass Mailer
Embedded Cryptography
Embedded cryptography is cryptography engineered into an equipment or system whose basic function is not cryptographic.
RELATED:
Cryptography
 | 
Internet Protocol Security (IPsec)
Encapsulation Security Payload
An encapsulation security payload is an IPSec protocol that offers mixed security in the areas of authentication, confidentiality, and integrity for Ipv4 and ipv6 Network packets. Encapsulation security payload offers data integrity and protection services by encrypting data, anti-replay, and preserving it in its assigned IP.
RELATED:
Encryption
 | 
Internet Protocol Security (IPsec)
Encipher
To convert plaintext to ciphertext by means of a cryptographic system.
RELATED:
Cipher Text
 | 
Encode
Encode
To convert plaintext to ciphertext by means of a code.
RELATED:
Cleartext
 | 
Encipher
Encryption
The process of transforming plaintext into ciphertext. Converting data into a form that cannot be easily understood by unauthorised people.
RELATED:
Cipher Text
 | 
Decryption
Encryption Algorithm
An encryption algorithm is a set of mathematically expressed rules for rendering data unintelligible by executing a series of conversions controlled by a key.
RELATED:
Encryption Key
 | 
Secret Key
Encryption Certificate
An encryption certificate is a certificate containing a public key that is used to encrypt electronic messages, files, documents, or data transmissions, or to establish or exchange a session key for these same purposes.
RELATED:
Digital Certificate
 | 
Public Key
Encryption Key
An encryption key is a code of variable value developed with the help of encryption algorithm to encrypt and decrypt information.
RELATED:
Encryption Algorithm
 | 
Decipher
End-to-End Encryption
End-to-end encryption describes communications encryption in which data is encrypted when passing through a network with the routing information still visible.
RELATED:
Router Flapping
 | 
Static Routing
Endpoint Security
In network security, endpoint security refers to a methodology of protecting the corporate network when accessed via remote devices such as laptops and mobile devices. Each device with a remote connecting to the network creates a potential entry point for security threats.
RELATED:
Cloud Computing
 | 
Containment
Enterprise
An enterprise in it's most basic form is a business or company, and has a responsibility to manage its own risks and performance.
RELATED:
Consumerization
 | 
Enterprise Risk Management
Enterprise Architecture
The enterprise architecture is the description of an enterprise's entire set of information systems: A configuration, integration and how they interface. Enterprise architecture also describes how they are operated to support the enterprise mission, and how they contribute to the enterprise's overall security posture.
RELATED:
Infrastructure-as-a-service (IaaS)
 | 
Internet Engineering Task Force (IETF)
Enterprise Risk Management
Enterprise risk management is the processes used by an enterprise to manage risks to its mission. It involves the identification and prioritization of risks due to defined threats, the implementation of countermeasures respond to threats, and assesses enterprise performance against threats and adjusts countermeasures as necessary.
RELATED:
Enterprise
 | 
Risk Management
Entrapment
Entrapment is the deliberate planting of flaws in an information system to detect attempted penetrations.
RELATED:
Cybercop
 | 
Exploit
EPP 
EPP stands for Endpoint Protection Platform. It is a solution that converges endpoint device security functionality into a single product that delivers antivirus, anti-spyware and security.
RELATED:
Endpoint Security
 | 
ETDR 
ETDR 
Endpoint Threat Detection and Response.
RELATED:
EPP
 | 
EVC 
Ethernet
Ethernet is the most popular local area network (LAN) technology that specifies cabling and signalling system for home or organization networks. Ethernet uses BUS topology to support data transfers and the CSMA/CD system to process requests at the same time.
RELATED:
Data Transfer Device
 | 
Local Area Network (LAN)
EVC 
Endpoint Visibility and Control
RELATED:
Endpoint Security
 | 
ETDR 
Event
An event is an action that a program can detect. Examples of some events are clicking of a mouse button or pressing the key.
RELATED:
ILDP
 | 
Interrupt
Evidence
Evidence is documents, records or any such objects or information that helps prove the facts in a case.
RELATED:
Digital Forensics
 | 
Investigation
Evil Twin
A fake Wi-Fi hot spot that looks like a legitimate service. When victims connect to the wireless network, a hacker can launch a spying attack on their transactions on the internet, or just ask for credit card information in the standard pay-for-access deal.
RELATED:
Man-In-the-Middle Attack
 | 
Passing off
Exercise Key
An exercise key is cryptographic key material used exclusively to safeguard communications transmitted over-the-air during military or organized civil training exercises.
RELATED:
Fieldbus
 | 
Global Information Grid
Exploit
An exploit is a taking advantage of a vulnerability, weakness or flaw in the sytem to intrude and attack the system.
RELATED:
Bug
 | 
Vulnerability
Exploit Code
An exploit code is a program that allows attackers to automatically break into a system.
RELATED:
Brute Force Attack
 | 
Malicious Code
Exploitable Channel
An exploitable channel is a channel that allows the violation of the security policy governing an information system and is usable or detectable by subjects external to the trusted computing base.
RELATED:
Incident
 | 
Intrusion Detection
Exposure
The condition of being unprotected, thereby allowing access to information or access to capabilities that an attacker can use to enter a system or network.
RELATED:
Data Loss
 | 
Risk
External Escalation
External Escalation is the process of reporting a security breach to an individual or group outside the department, division or company in which it occurred. when a problem is escalated, responsibility for resolving that problem is either accepted or shared with the party to whom the problem is escalated.
RELATED:
Data Disclosure
 | 
Internal Escalation
External Network
An external network is a network not controlled by the organization.
RELATED:
Local Access Network
 | 
Network
External Security Testing
External security testing is security testing conducted from outside the organization's security perimeter.
RELATED:
Demilitarized Zone
 | 
Security Control Inheritance
Extranet
An extranet is an extension of a company's intranet to include systems outside the company. It is used to facilitate easy access to databases and other sources of information between the company and its customers or suppliers.
RELATED:
Data Transfer Device
 | 
Rootkit
Fail Safe
A fail safe is the automatic protection of programs and processing systems when hardware or software failure is detected.
RELATED:
Alternate Process
 | 
Fail Soft
Fail Soft
Fail soft are systems that terminate any nonessential processing when there are hardware or software failures.
RELATED:
Fail Safe
 | 
Restore
Failover
Failover is a method of protecting computer systems from failure, in which standby equipment automatically takes over when the main system fails without warning or huamn intervention.
RELATED:
Alternate Process
 | 
Network Resilience
Failure
The inability of a system or component to perform its required functions within specified performance requirements.
RELATED:
Flooding
 | 
Maintenance
False Positive
A false positive is normal behavior that is marked as ‘different’, or possibly malicious. Too many false positives can drown out true alerts.
RELATED:
Alert Situation
 | 
Event
Fault Tolerant
Fault tolerant refers to the ability of a system to have built in capability to provide continued, correct execution of its assigned function in the presence of a hardware and/or software fault.
RELATED:
Bug
 | 
Security Fault Analysis (SFA)
Federal Information System
The Federal Information System is an information system used or operated by an executive agency, a contractor of an executive agency, or by another organization on behalf of an executive agency.
RELATED:
Clinger Cohen Act of 1996
 | 
SHA1
Field Device
A field device is an equipment that is connected to the field side on an ICS. Types of field devices include RTUs, PLCs, actuators, sensors, HMIs, and associated communications.
RELATED:
Field Site
 | 
Switch
Field Site
A field site is a subsystem that is identified by physical, geographical, or logical segmentation within the ICS. A field site may contain RTUs, PLCs, actuators, sensors, HMIs, and associated communications.
RELATED:
Cold Site
 | 
Hot Site
Fieldbus
Fieldbus is a digital, serial, multi-drop, two-way data bus or communication path or link between low-level industrial field equipment such as sensors, transducers, actuators, local controllers, and control room devices. Use of fieldbus technologies eliminates the need of point-to-point wiring between the controller and each device. A protocol is used to define messages over the fieldbus network with each message identifying a particular sensor on the network.
RELATED:
Exercise Key
 | 
Global Information Grid
File Encryption
File encryption is the process of encrypting individual files on a storage and permitting access to the encrypted data only after proper verification.
RELATED:
Encryption
 | 
File Transfer Protocol (FTP)
File Name Anomaly
File name anomaly is a mismatch between the internal file header and its external extension. A file name anomaly is also a file name inconsistent with the content of the file (e.g., renaming a graphics file with a non-graphical extension).
RELATED:
Trojan Horse
 | 
Trust
File Protection
File protection is the aggregate of processes and procedures designed to inhibit unauthorized access, contamination, elimination, modification, or destruction of a file or any of its contents.
RELATED:
File Security
 | 
Threat Model
File Security
File security is the method in which access to computer files is limited to authorized users only.
RELATED:
File Protection
 | 
TELNET
File Transfer Protocol (FTP)
The File Transfer Protocol (FTP) is a standard network protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client-server model architecture and uses separate control and data connections between the client and the server.
RELATED:
Bandwidth
 | 
Inetd
FIM
File integrity monitoring (FIM) is an internal control that validates the integrity of operating system and application software files using a verification method between the current file state and the known baseline.
RELATED:
Hashing
 | 
Privacy
Firewall
A firewall is a security barrier that monitors and controls incoming and outgoing network traffic based on predetermined security rules, designed to keep unwanted intruders “outside” a computer system or network. A firewall should be regularly checked and updated to ensure continued function, as malicious hackers learn new tricks to breach the firewall.
RELATED:
Personal Firewall
 | 
Virtual Private Network (VPN)
Flooding
Flooding is an attack that attempts to cause a failure in a system by providing more input than the system can process properly.
RELATED:
Denial of Service Attack
 | 
Distributed Denial of Service Attack (DDoS)
Forensic Copy
Forensic copy is an accurate bit-for-bit reproduction of the information contained on an electronic device or associated media, whose validity and integrity has been verified using an accepted algorithm.
RELATED:
Disk Imaging
 | 
Integrity
Forensic Discovery
Forensic discovery is the search and analysis of electronic documents. Electronic records can be found on a wide variety of devices such as desktop and laptop computers, network servers, personal digital assistants and digital phone, and exist in a medium that can only be read by using computers such as cache memory, magnetic disks, optical disks, and magnetic tapes.
RELATED:
Evidence
 | 
Investigation
Forensically Clean
Forensically clean describes digital media that is completely wiped of all data, including nonessential and residual data, scanned for malware, and verified before use.
RELATED:
Investigation
 | 
Malware
Forward Cipher
A forward cipher is one of the two functions of the block cipher algorithm that is determined by the choice of a cryptographic key.  
RELATED:
Cipher Text
 | 
Secret Key
Freeware
Freeware is an application, program, or software available for use at no cost.
RELATED:
Easter Egg
 | 
Input/Output (I/O)
Gap Analysis
The comparison of actual performance against expected performance.
RELATED:
Behavioral Outcome
 | 
Reliability
Gateway
Gateways act as an entrance to another network. A node or stopping point can be either a gateway node or a host (end-point) node.
RELATED:
Endpoint Security
 | 
Host
Get Nearest Server
Get nearest server is a request packet sent by a client on an IPX network to locate the nearest active server of a particular type.
RELATED:
MD5
 | 
Ping Scan
GIT/Github
GitHub is a a web based graphical interface for website and mobile collaboration. It also provides access control and several collaboration features such as bug tracking,feature requests, task management, and wikis for every project.
RELATED:
Python
 | 
Sandboxing
Global Information Grid
The Global Information Grid (GIG) is an all-encompassing communications project of the United States Department of Defense.
RELATED:
High Impact
 | 
Information Warfare
GNU
GNU is an operating system and an extensive collection of computer software.
RELATED:
IOCs
 | 
Unix
Gnutella
Gnutella is a large peer-to-peer network. It was the first decentralized peer-to-peer network of its kind.
RELATED:
Decentralization
 | 
Legion
Governance
Governance is a system for directing an organization. It includes a set of rules and practices established to evaluate the conditions of the stakeholders (e.g. management, suppliers, financiers, customers). It also includes framework for attaining the established goals of an organization, alongside achieving a balance between the goals of organization and interests of the stakeholders. It aims to protect the interests of the organization by protecting assets of the organization, and the interests of the creditors, customers.
RELATED:
Alert Situation
 | 
Operational Threat Intelligence
Graduated Security
Graduated security is a security system that provides several levels (e.g., low, moderate, high) of protection based on threats, risks, available technology, support services, time, human concerns, and economics.
RELATED:
Protocol
 | 
Strong Star Property
Gray Hat
A gray hat is a white hat/ black hat hybrid. A gray hat is a hacker with no intention to do damage to a system or network, but to expose flaws in the system security. However, they may use illegal means to gain access to the net work to expose the security weakness.
RELATED:
Black Hat
 | 
White Hat
GRC 
GRC stands for governance, risk and compliance
RELATED:
Governance
 | 
Risk
Grooming
Grooming is the act of cyber criminals who use the Internet to manipulate and gain trust of a minor as a first step towards the future sexual abuse, production or exposure of that minor. Sometimes, this may involve days, weeks, months or in some cases years to manipulate the minor.
RELATED:
Cracker
 | 
Cybercop
Group Authenticator
A group authenticator is used sometimes in addition to a sign-on authenticator, to allow access to specific data or functions that may be shared by all members of a particular group.
RELATED:
Hash-based Message Authentication Code (HMAC)
 | 
Null Session
Guard System
A guard system is a mechanism limiting the exchange of information between information systems or subsystems.
RELATED:
Security Association
 | 
SSL (Secure Socket Layer)
Guessing Entropy
A guessing entropy is a measure of the difficulty that an attacker has to guess the average password used in a system. In this document, entropy is stated in bits. When a password has n-bits of guessing entropy then an attacker has as much difficulty guessing the average password as in guessing an n-bit random quantity. The attacker is assumed to know the actual password frequency distribution.
RELATED:
Attacker
 | 
War Dialer
Hacker
A hacker is a programmer who gains unauthorized access to a computer system. The mainstream usage of "hacker" mostly refers to computer criminals who gathers information on computer security flaws and breaks into computers without authorization.
RELATED:
Compromise
 | 
Exploit
Handshaking Procedures
Handshaking procedures are the dialogue between two information systems for synchronizing, identifying, and authenticating themselves to one another.
RELATED:
TCP Full Open Scan
 | 
TCP Half Open Scan
Hard Copy Key
A hard copy key is physical keying material, such as printed key lists, punched or printed key tapes, or programmable, read-only memories.
RELATED:
Hardwired Key
 | 
Token-Based Devices
Hard Disk
The permanent storage medium within a computer that uses magnetic storage to store and retrieve digital information, programs and data.
RELATED:
Cloud Computing
 | 
DC Servo Drive
Hardware
Hardware is the physical components of an information system.
RELATED:
Router
 | 
Server
Hardwired Key
A hardwired key is a permanently installed key.
RELATED:
Hard Copy Key
 | 
Key
Hash Function
A hash function is a function that is used to map data of arbitrary size to a data of a fixed size. The values returned by a hash function are called hash values, hash codes, hash sums, or simply hashes.
RELATED:
Hashing
 | 
MD5
Hash Value
A hash value is the result of applying a cryptographic hash function to data (e.g., a message).
RELATED:
Cryptography
 | 
Hash Function
Hash-based Message Authentication Code (HMAC)
Hash-based Message Authentication Code is a message authentication code that uses a cryptographic key in conjunction with a hash function.
RELATED:
Group Authenticator
 | 
Public Key Encryption
Hashing
A process of applying a mathematical algorithm against a set of data to produce a numeric value (a 'hash value') that represents the data. It's a way to maintain data integrity and accuracy.
RELATED:
MD5
 | 
One-Way Encryption
High Assurance Guard (HAG)
High assurance guard is an enclave boundary protection device that controls access between a local area network (LAN) that an enterprise system has a requirement to protect, and an external network that is outside the control of the enterprise system, with a high degree of assurance.
RELATED:
Enterprise
 | 
Local Area Network (LAN)
High Availability
High availability is a feature that ensures availability during device or component interruptions.
RELATED:
Availability
 | 
Security Service
High Impact
High impact is the loss of confidentiality, integrity, or availability that could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, individuals, other organizations, or the national security interests of the United States; (i.e., 1) causes a severe degradation in mission capability to an extent and duration that the organization is able to perform its primary functions, but the effectiveness of the functions is significantly reduced; 2) results in major damage to organizational assets; 3) results in major financial loss; or 4) results in severe or catastrophic harm to individuals involving loss of life or serious life threatening injuries).
RELATED:
Data Asset
 | 
Global Information Grid
High Impact System
A high impact system is an information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a FIPS 199 potential impact value of high.
RELATED:
High Impact
 | 
Integrity
Hijack Attack
A hijack attack is a form of active wiretapping in which the attacker seizes control of a previously established communication association.
RELATED:
Sniffing
 | 
Wiretapping
Honeyclient
Honeyclient is a web browser-based high interaction client honeypot designed by Kathy Wang and developed at MITRE. It was the first open source client honeypot and is a mix of Perl, C++, and Ruby. HoneyClient is state-based and detects attacks on Windows clients by monitoring files, process events, and registry entries.
RELATED:
Honeypot
 | 
Information Security
Honeymonkey
A honeymonkey is an automated program that imitates a human user to detect and identify websites which exploit vulnerabilities on the Internet. It is also known as honeyclient.
RELATED:
IDPS
 | 
IOCs 
Honeypot
A honeypot is a trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers.
RELATED:
Control
 | 
Entrapment
Hop
A hop occurs each time that a data packet is passed from one device to the another, from a specified source to its destination. Data packets pass through bridges, routers, and gateways on the way.
RELATED:
Bridge
 | 
Gateway
Host
A network host is a device connected to a computer network. It is a network node that is assigned a network layer host address. A network host may offer information resources, services, and applications to users or other nodes on the network.
RELATED:
Hub
 | 
Kerberos
Host-Based Intrusion Detection System (HIDS)
A host-based intrusion detection system (HIDS) is an intrusion detection system that monitors and analyses information from the operating system audit records occurring on the host.This analysis of the audit trail forces significant overhead requirements on the system due to the increased amount of processing power which must be utilized by the intrusion detection system.
RELATED:
NIPS
 | 
Voice Intrusion Prevention System
Hot Site
A hot site is a fully operational offsite data processing facility equipped with hardware and software, to be used in the event of an information system disruption. Backup site that includes phone systems with the phone lines already connected. Networks will also be in place, with any necessary routers and switches plugged in and turned on.
RELATED:
Alternate Facilities
 | 
Cold Site
Hot Wash
A hot wash is a debrief conducted immediately after an exercise or test with the staff and participants.
RELATED:
Exercise Key
 | 
Operational Exercise
HTTP Proxy
An HTTP Proxy is a server that receives requests from your web browser and then, requests the Internet on your behalf. Results are returned to the browser.
RELATED:
Data Server
 | 
Web Server
HTTPS
HTTPS (also called HTTP over TLS, HTTP over SSL, and HTTP Secure) is an Internet protocol used for secure communication over a computer network. HTTPS is very important over insecure networks (such as public WiFi), as anyone on the same local network can discover sensitive information not protected by HTTPS. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security or its predecessor, Secure Sockets Layer.
RELATED:
Secure Communication Protocol
 | 
Transport Layer Security (TLS)
Hub
A hub is a network device that is a common connection point for devices in a network. These are commonly used to connect segments of a LAN. A hub contains multiple ports. When a data packet is received at one port, it is transmitted to the other ports on the hub.
RELATED:
Bandwidth
 | 
Host
HUMINT 
HUMINT (human intelligence) is intelligence gathered by means of interpersonal contact; a category of intelligence derived from information collected and provided by human sources.
RELATED:
Eavesdropping
 | 
Social Engineering
Hybrid Attack
A hybrid attack is a blend of both a dictionary attack method as well as brute force attack. It builds on other password-cracking attacks by adding numerals and symbols to dictionary words.
RELATED:
Brute Force Attack
 | 
Dictionary Attack
Hybrid Encryption
A hybrid encryption is a method of encryption that combines two or more encryption algorithms or systems. This method merges asymmetric and symmetric encryption in order to derive benefit from the strengths of each form of encryption. These strengths include speed and security respectively.
RELATED:
Encryption
 | 
Security
Hybrid Security Control
Hybrid security control is a security control that is implemented in an information system in part as a common control and in part as a system-specific control.
RELATED:
Security Control
 | 
Security Perimeter
Hyperlink
A hyperlink is a link from a hypertext file or document to another location or file, typically activated by clicking on a highlighted word or image on the screen.
RELATED:
HTML
 | 
Secure Sockets Layer (SSL)
Hypertext Markup Language (HTML)
Hypertext Markup Language (HTML) is a set of markup symbols or codes that are inserted in a file intended for display on a world wide web (WWW) browser page. These markup states the browser how to display a web page to the user.
RELATED:
Python
 | 
SQL
Hypertext Transfer Protocol (HTTP)
HTTP is the underlying protocol used by the World Wide Web (WWW). This protocol defines how messages are formatted and transmitted on the Internet and what actions web servers and browsers should take in response to various commands.
RELATED:
HTTP Proxy
 | 
Protocol
Identification
Identification is a system to recognize user on a company's systems by using unique names.
RELATED:
Authorization
 | 
Password
Identity
Internet Identity (IID) is a social identity that an internet user creates on online communities or websites. While some users prefer using their real names online, others prefer to be anonymous and identify themselves by means of pseudonyms.
RELATED:
Two-factor Authentication
 | 
Username
Identity and Access Management (IAM)  
Identity and Access Management is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons.
RELATED:
File Encryption
 | 
Group Authenticator
IDPS 
Intrusion Detection and Prevention Systems are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it. [Wikipedia]
RELATED:
Blended Attack
 | 
Endpoint Security
ILDP 
IDLP stands for Information Leak Detection and Prevention.
RELATED:
Data Leakage
 | 
Recovery
IMINT 
IMINT, Imaginary Intelligence is a intelligence gathering discipline which collects information via satellite and aerial photography.
RELATED:
MASINT
 | 
SIGINT 
Incident
An incident is an unplanned disruption of a network or system service and needs to be resolved immediately. An example would be a server crash that causes a disruption in the business process.
RELATED:
Disruption
 | 
Event
Incident Management
The management and coordination of activities associated with an event that may result in adverse consequences to information or information systems.
RELATED:
Alert Situation
 | 
Business Impact Assessment
Incident Response Procedures
Incident response procedures are formal written procedures that detail the steps to be taken in the event of a major security problem, such as break-in. Developing detailed incident-response procedures before the occurrence of a problem is a hallmark of a well-designed security system.
RELATED:
Contingency Plan
 | 
Security Procedures
Incident Response Team
The incident response team is a team that meets regularly to review status reports, authorize specific remedies, and manage the response process. During incidents, they properly assess the incident and make decisions regarding the proper course of action. The incident team meets regularly to review status reports and to authorize specific remedies.
RELATED:
Response
 | 
VERIS 
Incremental Backups
An incremental backup provides a backup of only those files that have changed, modified, or are new since the last backup. Incremental backups are often desirable as they consume minimum storage and are quicker to perform than differential backups.
RELATED:
Redundant Control Server
 | 
Safety Instrumented System (SIS)
Inetd
Inetd stands for Internet Service Daemon and is a super-server daemon on many Unix systems to manage several Internet services. This reduces the load of the system. This means that the network services such as telnet, File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP) can be activated on demand rather running continuously.
RELATED:
FTP
 | 
Unix
Inference Attack
An inference attack is a data mining technique used to illegally access information about a subject by analyzing data. This is an example of breached information security. Such an attack occurs when a user is able to deduce key information of a database from trivial information without directly accessing it.
RELATED:
Data Mining
 | 
Polyinstantiation
Information Security
Information Security is the set of policy regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information.
RELATED:
Issue-Specific Policy
 | 
Program Policy
Information Warfare
Information Warfare (IW) is primarily a United States Military concept that involves the use and management of information and communication technology in pursuit of a competitive advantage over an opponent. This concept may employ a combination of tactical information, assurance(s) that the information is valid, spreading of propaganda or disinformation to demoralise or manipulate the enemy and the public, undermining the quality of opposing force information and denial of information-collection opportunities to opposing forces.
RELATED:
Exercise Key
 | 
Global Information Grid
Infrastructure-as-a-service (IaaS)
IaaS is the provision of computing infrastructure (such as server or storage capacity) as a remotely provided service accessed online (ie via the internet).
RELATED:
Architecture
 | 
Cloud Computing
Ingress Filtering
Ingress filtering is used to ensure that all incoming packets (of data) are from the networks from which they claim to originate. Network ingress filtering is a commonly used packet filtering technique by many Internet service providers to prevent any source address deceiving. This helps in combating several net abuse or crimes by making web traffic traceable to its source.
RELATED:
Packet
 | 
Spoofing
Input Validation Attacks
Input Validations Attacks are when an attacker purposefully sends strange inputs to confuse a web application. Input validation routines serve as the first line of defence for such attacks. Examples of input validation attacks include buffer overflow, directory traversal, cross-site scripting and SQL injection.
RELATED:
Buffer Overflow
 | 
SQL Injection
Input/Output (I/O)
Input/ Output is a general term for the equipment that is used to communicate with a computer as well as the data involved in the communications.
RELATED:
Dynamic Ports
 | 
TCP/IP
Insider (Inside Threat)
An insider is an entity inside the security perimeter that is authorized to access system resources but uses them in a way not approved by those who granted the authorization.
RELATED:
Grey Hat
 | 
Intrusion Prevention System (IPS)
Inspection Certificate
A declaration issued by an interested party that specified requirements have been met.
RELATED:
Declaration of Conformity
 | 
Stateful Inspection
Instant Messaging (IM)
A service that allows people to send and get messages almost instantly. To send messages using instant messaging you need to download an instant messaging program and know the instant messaging address of another person who uses the same IM program.
RELATED:
Spim
 | 
XMPP
Integrity
The integrity of a system or network is the assurance that information is protected, and is only made available to those who are authorised. The property whereby information, an information system, or a component of a system has not been modified or destroyed in an unauthorised manner.
RELATED:
Privacy
 | 
Simple Integrity Property
Intelligent Electronic Device (IED)
Intelligent Electronic Device refers to any device incorporating one or more processors with the capability to receive or send data/control from or to an external source (e.g., electronic multifunction meters, digital relays, controllers).
RELATED:
Portable Device
 | 
Tablet
Internal Escalation
Internal escalation is the process of reporting a security breach to a higher level of command with-in the department, division or company in which the breach occurred.
RELATED:
External Escalation
 | 
Incident
Internet Control Message Protocol (ICMP)
The Internet Control Message Protocol (ICMP) is one of the key Internet protocols and is used by network devices such as routers to generate error messages to the source IP address when network problems prevent delivery of IP packets. Any IP network device has the capability to send, receive or process ICMP messages.
RELATED:
IP Address
 | 
Router
Internet Engineering Task Force (IETF)
The Internet Engineering Task Force (IETF) is a large open international community of network designers, operators, vendors, and researchers who are concerned with the evolution of the Internet architecture and its smooth operations. This body defines the standard Internet operating protocols such as TCP/IP.
RELATED:
Reverse Lookup
 | 
SOCKS
Internet Message Access Protocol (IMAP)
The Internet Message Access Protocol (IMAP) is a standard Internet protocol that is used by e-mail clients to retrieve e-mail messages from a mail server over TCP/IP. IMAP is defined by RFC 35 1. An IMAP server typically listens on port number 143. IMAP over SSL (IMAPS) is assigned the port number 993.
RELATED:
Port
 | 
TCP/IP
Internet Protocol Security (IPsec)
Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), security gateways (network-to-network), or between a security gateway and a host (network-to-host).
RELATED:
Black Core
 | 
Gateway
Internet Service Provider (ISP)
Internet Service Provider is the company through which an individual or organization receives access to the internet. Typically, ISPs provide email service and homepage storage in addition to internet access.
RELATED:
Modem
 | 
World Wide Web
Internet Standard
An internet standard is a normative specification of a technology or methodology applicable to the internet. Internet Standards are created and published by the Internet Engineering Task Force (IETF). An internet standard is characterised by technical reliability and usefulness.
RELATED:
Internet Engineering Task Force (IETF)
 | 
Reliability
Interoperability
The ability of two or more systems or components to exchange information.
RELATED:
Digital Certificate
 | 
Router
Interrupt
An Interrupt is a signal sent to the processor by hardware or software indicating an event that needs immediate attention.
RELATED:
Event
 | 
Internal Escalation
Intranet
An intranet is a organisation's private network. It is established with the technologies for local area networks (LANs) and wide area networks (WANs).
RELATED:
Ethernet
 | 
Local Area Network (LAN)
Intrusion
An unauthorised act of bypassing the security mechanisms of a network or information system.
RELATED:
Backdoor
 | 
Cross Site Scripting (XSS)
Intrusion Detection System (IDS)
Intrusion Detection System is a security service that monitors and analyzes network or system events for the purpose of finding, and providing real-time or near real-time warning of, attempts to access system resources in an unauthorized manner.
RELATED:
Intrusion Detection
 | 
Host-Based Intrusion Detection System (HIDS)
Intrusion Prevention System (IPS)
Intrusion Prevention System is a system that can detect an intrusive activity and can also attempt to stop the activity, ideally before it reaches its targets.
RELATED:
NGIPS
 | 
Voice Intrusion Prevention System
Investigation
A systematic and formal inquiry into a qualified threat or incident using digital forensics to determine the events that transpired, and to collect evidence.
RELATED:
Computer Forensics
 | 
Due Diligence
IOCs 
Indicators of Compromise is an artifact observed on a network or in an operating system that with high confidence indicates a computer intrusion.Typical IOCs are virus signatures and IP addresses, MD5 hashes of malware files or URLs or domain names of botnet command and control servers. After IOCs have been identified in a process of incident response and computer forensics, they can be used for early detection of future attack attempts using intrusion detection systems and antivirus software.
RELATED:
GNU
 | 
Log Clipping
IP Address
An Internet Protocol address (IP address) is a numerical label that is assigned to any device that is using Internet Protocol and is connected to an internet network. An IP address allows network interface identification and location addressing.
RELATED:
Application Layer
 | 
TCP/IP
IP Forwarding
IP forwarding is also known as internet routing. It is a process used to determine using which path a packet or datagram can be sent. IP forwarding is an OS option that allows a host to act as a router. A system that has more than one network interface card must have IP forwarding turned on in order for the system to be able to act as a router.
RELATED:
Packet
 | 
Tiny Fragment Attack
IP Spoofing
IP Spoofing is also known as IP address forgery or a host file hijack. It is a hijacking technique where a hacker impersonates as a trusted host to conceal his identity, spoof a web site, hijack browsers, or gain access to a network.
RELATED:
Domain Hijacking
 | 
Hijack Attack
ISAC/ISAO
Information Sharing and Analysis Centers is a nonprofit org that provides a central resource for gathering information on cyber threats to critical infrastructure.
RELATED:
CRITs
 | 
NGIPS
ISO
The International Organization for Standardization (ISO) is an international standard-setting body that is composed of voluntary representatives from various national standards organizations.
RELATED:
Common Text
 | 
OSI
Issue-Specific Policy
An Issue-Specific Policy is intended to address specific needs within an organisation, such as a password policy.
RELATED:
Information Security
 | 
System-Specific Policy
Jitter
Jitter is any deviation in the signal pulses in a high-frequency digital signal. The aberration can be in amplitude, phase timing, or the width of the signal pulse. Jitter is sometimes referred to as "Packet Delay Variation" or PDV. Controlling jitter is critical for creating a good online experience.
RELATED:
Multiplexing
 | 
SIGINT 
Kerberos
Kerberos is a computer network authentication protocol allowing nodes to communicate over a non-secure network. Such protocol messages are protected against snooping and replay attacks. Massachusetts Institute of Technology (MIT) developed the Kerberos to protect network services provided by the Project Athena.
RELATED:
Authentication
 | 
Claimant
Kernel
The kernel is an essential center of a computer operating system that provides basic services for other parts of the operating system. A kernel can be contrasted with a shell, the outermost part of an operating system that interacts with user commands.
RELATED:
Control Center
 | 
Control Server
Key
The numerical value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification.
RELATED:
Digital Signature
 | 
Secret Key
Keylogger
A keylogger is hardware or software designed to record the keys pressed on a computer keyboard. It's used to bypass other security measures, and can gather usernames, passwords, and other personally identifiable information.
RELATED:
Hardware
 | 
Malicious Logic
Lattice Techniques
Lattice Techniques use security designations to determine access to information.
RELATED:
Computer Network Defence
 | 
Identity and Access Management (IAM)  
Leased Circuit
A leased circuit is a communications link between two locations used exclusively by one organization. In modern communications, dedicated bandwidth on a shared link reserved for that user.
RELATED:
Bandwidth
 | 
Decentralization
Least Privilege
Least privilege is the security principle of allowing users the least amount of permissions necessary to perform their intended function.
RELATED:
Compartmentalization
 | 
Defense-in-Depth
Legion
Legion is a computer software system. It is an object-based system designed to provide secure, transparent access to large numbers of machines, both to computational power and data. It is classified as a distributed operating system, a peer-to-peer system, metacomputing software, or middleware.
RELATED:
Gnutella
 | 
Network Taps
Light Tower
A light tower is a device containing a series of indicator lights and an embedded controller used to indicate the state of a process based on an input signal.
RELATED:
IOCs
 | 
Typical Threat Indicators
Link State
Link-state routing protocols are one of the two main classes of routing protocols for computer communicatios. Link-state routers exchange messages to allow each router to learn the entire network topology. Link-state protocol is performed by every switching node, which creates a map of the connectivity to the network displaying all the nodes that are connected to other nodes. Each node then calculates the next best logical path.
RELATED:
IP Forwarding
 | 
Open Shortest Path First
List Based Access Control
List Based Access Control associates a list of users and their privileges with each object, such as a file directory or individual file. Each object has a security attribute that identifies its access control list. The list has an entry for each system user with access privileges. This list is implemented differently by each operating system.
RELATED:
Blacklist
 | 
Password Authentication Protocol
Local Area Network (LAN)
A local area network (LAN) is a computer network that links devices within a building or group of adjacent buildings.
RELATED:
Private Addressing
 | 
QoS
Log Clipping
Log clipping is the selective removal of log entries from a system log to hide a compromise.
RELATED:
Analog
 | 
IOCs
Logic Bomb
A logic bomb is a malicious program designed to execute when a certain criterion is met. This criteria can be: when a certain time is met, when a certain file is accessed, or when a certain key combination is pressed.
RELATED:
Malicious Logic
 | 
Malware
Logic Gate
A logic gate is an elementary building block of a digital circuit. This device is used to implement a Boolean function. It performs a logical operation on one or more logical inputs, and produces a single logical output.
RELATED:
Input/ Output (I/O)
 | 
Input Validation Attacks
Loopback Address
A loopback address is an pseudo address that sends outgoing signals back to the same computer for testing.
RELATED:
Modem
 | 
Signals Analysis
MAC Address
A Media Access Control address (MAC address) is the physical address and is a unique identifier assigned to the network interface for communication. MAC addresses are generally used as a network address for most IEEE 8 2 network technologies (Ethernet, WiFi). MAC addresses are used in the media access control protocol sub-layer of the OSI reference model.
RELATED:
Ethernet
 | 
Wi-Fi
Machine Controller
A machine controller is a control system/motion network that electronically synchronizes drives within a machine system instead of relying on synchronization via mechanical linkage.
RELATED:
Process Controller
 | 
Single Loop Controller
Macro Virus
A macro virus is a malware (ie malicious software) that uses the macro capabilities of common applications such as spreadsheets and word processors to infect data. A type of malicious code that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute, replicate, and spread or propagate itself.
RELATED:
Malicious Code
 | 
Virus
Maintenance
Maintenance is any act of preventing malfunction of equipment or restoring its operating capability. It's any act that either prevents the failure or malfunction of equipment or restores its operating capability.
RELATED:
Control
 | 
Remote Maintenance
Malicious Code
Malicious code describes a broad category of system security terms that includes attack scripts, viruses, worms, trojan horses, backdoors, and other malicious active content. Malicious code is any code in any part of a software system or script that is intended to cause undesired effects, security breaches, or damage to a system. Such codes actually gain unauthorised access to system resources or tricks a user into executing other malicious logic. Program code intended to perform an unauthorised function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system. This may include software, firmware, and scripts.
RELATED:
Blended Attack
 | 
Exploit Code
Malicious Logic
Hardware, firmware, or software that is intentionally included or inserted into a system to perform an unauthorised function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system.
RELATED:
Keylogger
 | 
Logic Bomb
Malicious Payload
Threats can contain programs, often referred to as payloads that perform malicious activities such as denial of service attacks, destruction or modification of data, changes to system settings, and information disclosure. The majority of viruses do not contain a payload; they simply replicate.
RELATED:
Data Breach
 | 
Denial of Service Attack
Malware
Malware is a term used for malicious software. Malware can be any software that is used to interrupt or disrupt computer operations, gather sensitive information, or gain access to certain files or programs. It includes viruses, Trojans, worms, time bombs, logic bombs, or anything else intended to cause damage upon the execution of the payload.
RELATED:
Anti Malware
 | 
Logic Bomb
Man-In-the-Middle Attack
Posing as an online bank or merchant, a cyber criminal allows a victim to sign in over a Secure Sockets Layer (SSL) connection. The attacker then logs onto the real server using the client's information and steals credit card numbers.
RELATED:
App Attack
 | 
Evil Twin
Management Controls
Management controls are the security controls (i.e., safeguards or countermeasures) for an information system that focus on the management of risk and the management of information security.
RELATED:
Information Security
 | 
Risk
Management System
A set of processes used by an organisation to meet policies and objectives for that organisation.
RELATED:
Cyber Ecosystem
 | 
Identity and Access Management (IAM)  
Mandatory Access Control (MAC)
In computer security, Mandatory Access Control (MAC) refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target.
RELATED:
Confidentiality
 | 
Discretionary Access Control
Manipulated Variable
Manipulated variable is a process that is intended to regulate some condition, a quantity or a condition that the control alters to initiate a change in the value of the regulated condition.
RELATED:
Controlled Variable
 | 
Disturbance
MASINT  
MASINT is a technical branch of intelligence gathering, which serves to detect, track and identify or describe the signatures (distinctive characteristics) of fixed or dynamic target sources. This often includes radar, acoustic, nuclear, chemical and biological intelligence.
RELATED:
HUMINT
 | 
IMINT 
Masquerade Attack
A masquerade attack is any attack that uses a forged identity (such as a network identity) to gain unofficial access to a personal or organisational computer. Masquerade attacks are generally performed by using either stolen passwords and logons, locating gaps in programs, or finding a way around the authentication process.
RELATED:
IP Spoofing
 | 
Null Session
Mass Mailer
A mass mailer is a threat that self-replicates by sending itself through email. The threat obtains email addresses by searching for them in files on the system or by responding to messages found in the email client inbox.
RELATED:
Macro Virus
 | 
Worm
Master Program
A master program is the program a black hat cracker uses to remotely transmit commands to malicious software. It is used to carry out large scale Denial of Service attacks or spam attacks.
RELATED:
Black Hat
 | 
Denial of Service Attack
MD5
The MD5 message-digest algorithm is the most widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit hexadecimal number. MD5 is currently a standard, Internet Engineering Task Force (IETF) Request for Comments (RFC) 1321.
RELATED:
Cryptography
 | 
Hashing
MDM 
MDM (master data management) is a comprehensive method of enabling an enterprise to link all of its critical data to one file, called a master file, that provides a common point of reference.
RELATED:
Control Network
 | 
Enterprise
Mitigation
The application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences.
RELATED:
Data Loss
 | 
Threat Model
Modem
The modem is a device used to convert serial digital data from a transmitting terminal to a signal suitable for transmission over a telephone channel.
RELATED:
Loopback Address
 | 
Router
Monitoring Software
Software products that allow parents to monitor or track the websites or email messages that a child visits or reads. See also Blacklisting Software and Whitelisting Software.
RELATED:
Blacklisting Software
 | 
Whitelisting Software
Monoculture
Monoculture is the case where a large number of users run the same software, and are vulnerable to the same attacks.
RELATED:
Vulnerability
 | 
Watering Hole
Morris Worm
The Morris Worm (internet worm) program was written by a graduate student at Cornell University, Robert Tappan Morris, and launched on November 2, 1988 from MIT. It was the first computer worm distributed via the Internet and gained significant mainstream media attention.
RELATED:
Blended Threat
 | 
Worm
Motion Control Network
The mission control network is the network supporting the control applications that move parts in industrial settings, including sequencing, speed control, point-to-point control, and incremental motion.
RELATED:
Hybrid Security Control
 | 
Star Network
MSSP 
MSSP (Managed Security Service Provider) is an outsourced network security service. Businesses turn to managed security services providers to alleviate the pressures they face daily related to information security such as targeted malware, customer data theft, skills shortages and resource constraints.
RELATED:
Data Theft
 | 
Malware
Multi-Cast
An IP multi-cast is a method of sending packets of data to a group of receivers in a single transmission. This method is often used to stream media applications on the internet and private networks.
RELATED:
Encapsulation Security Payload
 | 
Hops
Multi-Homed
Multi-homed is any computer host that has multiple IP addresses to connected networks. A multi-homed host is physically connected to multiple data links that can be on the same or different networks. Multihoming is commonly used in web management for load balancing, redundancy, and disaster recovery.
RELATED:
IP Address
 | 
Recovery
Multiplexing
Multiplexing is a technique by which multiple data streams are combined into one signal over a shared medium. The multiplexed signal is transmitted over a communication channel, such as a cable. A reverse process, known as demultiplexing, extracts the original channels on the receiver end.
RELATED:
Socket
 | 
Tunnel
National Institute of Standards and Technology
The National Institute of Standards and Technology (NIST) is a measurement standards laboratory, and a non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and industrial competitiveness. NIST's activities are organized into laboratory programs that include Nanoscale Science and Technology, Engineering, Information Technology, Neutron Research, Material Measurement, and Physical Measurement.
RELATED:
Advanced Encryption Standard
 | 
Kerberos
Natural Disaster
Natural disasters are any act of God or natural event caused by environmental factors. Some examples of these disasters include fire, flood, earthquake, lightning, or wind and disables the system, part of it, or a network of systems.
RELATED:
Contingency Plan
 | 
Operational Exercise
Netmask
A netmask isused to divide an IP address into subnets and specify the network's available hosts. The netmask screen out the network part of an IP address so that only the host computer part of the address remains.
RELATED:
Network-Based IDS
 | 
Subnet Mask
Network
A network happens when two or more computer systems that are grouped together share information, software and hardware.
RELATED:
Local Area Network (LAN)
 | 
Network Resilience
Network Address Translation (NAT)
Network Address Translation (NAT) is an approach that is used to remap an IP address space into another by modifying network address information in IP datagram packet headers while they are in transit. This technique was originally used for rerouting traffic in IP networks without renumbering every host.
RELATED:
Encapsulation Security Payload
 | 
Socket Pair
Network Firewall
A network firewall is a device that controls traffic to and from a network.
RELATED:
Firewall
 | 
NGFW 
Network Mapping
Network mapping is the study of physical connectivity of networks. It is used to compile an electronic inventory of the systems and the services on any network. With the increase in complexities of networks, automated network mapping has become more popular.
RELATED:
Ping Sweep
 | 
Static Host Tables
Network Resilience
The ability of a network to: 1. Provide continuous operation (i.e., highly resistant to disruption and able to operate in a degraded mode if damaged); 2. Recover effectively if failure does occur; and 3. Scale to meet rapid or unpredictable demands.
RELATED:
Assurance
 | 
Resilience
Network Taps
Network taps are hardware devices that help in accessing the data flow across a computer network. It is also desirable for a third party to monitor the traffic between two points in the network. The network tap has (at least) three ports, an A port, a B port, and a monitor port. Network taps are generally used for network intrusion detection systems, VoIP recording, network probes, RMON probes, packet sniffers, and other monitoring and collection devices and software that require access to a network segment.
RELATED:
Data Flow Control
 | 
Legion
Network-Based IDS
Network-based Intrusion Detection Systems (NIDS) are placed at a strategic point (or points) to monitor the traffic on the network. It analyses the passing traffic on the entire subnet, and matches the traffic that is passed on the subnets to the library of known attacks. When an attack is identified, or abnormal behaviour is detected, an alert is sent to the administrator. OPNET and NetSim are commonly used tools for simulation network intrusion detection systems.
RELATED:
CRITs 
 | 
Netmask
NGFW 
Next Generation Firewall is an integrated network platform that combines a traditional firewall with other network device filtering functionalities such as an application firewall using in speed integrated network platform that performs deep inspection of traffic and blocking of attacks.”
RELATED:
Demilitarized Zone
 | 
Firewall
NGIPS 
NGIPS (next generation intrusion prevention system) offers protection against advanced and evasive targeted attacks with high accuracy. Usually using a combination of technologies such as deep packet inspection, threat reputation, and advanced malware analysis, it provides enterprises with a proactive approach to security.
RELATED:
Intrusion Prevention System (IPS)
 | 
Voice Intrusion Prevention System
NIPS 
NIPS (network intrusion prevention system) examines network traffic flows to detect and prevent vulnerability exploits. Following a successful exploit, the attacker can disable the target application.
RELATED:
Bastion
 | 
Host-Based Intrusion Detection System (HIDS)
Non-Printable Character
A non printable character is a character that doesn't have a corresponding character letter to its corresponding ASCII code. Examples would be the Linefeed, which is ASCII character code 1 decimal, the carriage return, which is 13 decimal, or the bell sound, which is decimal 7. On a PC, you can often add non-printable characters by holding down the Alt key, and typing in the decimal value (i.e., Alt- 7 gets you a bell). There are other character encoding schemes, but ASCII is the most prevalent.
RELATED:
Biometrics
 | 
Uniform Resource Identifier
Non-Repudiation
Non-repudiation refers to the ability of a system to prove that a specific user and only that specific user sent a message and that it hasn't been modified. On the Internet, a digital signature is used not only to ensure that a message or document has been electronically signed by the person, but also, since a digital signature can only be created by one person, to ensure that a person cannot later deny that they furnished the signature.
RELATED:
Digital Signature
 | 
Secure Communications
Null Session
A Null session is also known as Anonymous Logon. It is a method that allows an anonymous user to retrieve information such as user names and share this over the network, or connect without authentication. Null sessions are one of the most commonly used methods for network exploration employed by hackers. A null session connection allows you to connect to a remote machine without using a user name or password. Instead, you are given anonymous or guest access.
RELATED:
Group Authenticator
 | 
Masquerade Attack
Octet
An octet is a unit of digital information that consists of eight bits. Octets are generally displayed using a variety of representations, for example in the hexadecimal, decimal, or octal number systems. The binary value of all 8 bits set (or turned on) is 11111111, equal to the hexadecimal value FF, the decimal value 255, and the octal value 377. One octet can be used to represent decimal values ranging from to 255.
RELATED:
Bit Error Rate
 | 
Yottabyte
One-Way Encryption
One-way encryption is also known as a one-way hash function. It's a cryptography algorithm that maps data of an arbitrary size to a hash function. Any small change to a message would change the hash value so extensively that the new hash value would seem unrelated to the old one. It's designed so as to be near impossible to reverse - brute force usually being the only method of doing so.
RELATED:
Hash Function
 | 
MD5
Open Shortest Path First
Open Shortest Path First (OSPF) is a routing protocol for Internet Protocol (IP) networks. It uses a link state routing (LSR) algorithm and falls into the group of interior gateway protocols (IGPs), operating within a single autonomous system (AS). It is defined as OSPF Version 2 in RFC 2328 (1998) for IPv4.
RELATED:
IP Forwarding
 | 
Link State
Operating System
An operating system (OS) is a software that manages computer hardware and software resources to support the computer's basic functions. All computer programs require an operating system to provide the fundamental controls for controlling the computer. Popular operating systems include the Linux operating system, the Mac operating system and the Windows operating system.
RELATED:
Root
 | 
Software
Operational Control
An operational control is the security control (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by people (as opposed to systems).
RELATED:
Countermeasure
 | 
Security Control
Operational Exercise
An action-based exercise where personnel rehearse reactions to an incident scenario, drawing on their understanding of plans and procedures, roles, and responsibilities.
RELATED:
Hot Wash
 | 
Exercise Key
Operational Threat Intelligence
Information about specific impending attacks against the organization and is initially consumed by higher level security.
RELATED:
Chief Security Officer
 | 
Governance
Operations Technology
The hardware and software systems used to operate industrial control devices.
RELATED:
Programmable Logic Controller
 | 
Motion Control Network
OPSEC 
OPSEC (operations security) is a process by which we protect unclassified information that can hurt us.
RELATED:
Cryptography
 | 
Defense-in-Depth
OSI
OSI stands for Open System Interconnection and is an ISO standard for worldwide communications. OSI defines a networking framework for implementing protocols in seven layers. OSI defines seven layers of functions that take place at each end of a communication. Although OSI is not always strictly adhered to in terms of keeping related functions together in a well-defined layer, many products involved in telecommunication attempt to describe themselves in relation to the OSI model.
RELATED:
ISO
 | 
Protocol
OSI Layers
OSI layer is a physical layers that conveys the bit stream, electrical impulse, light, or radio signal through the network at the electrical and mechanical level. Fast Ethernet, RS232, and ATM are protocols with physical layer components.
RELATED:
Light Tower
 | 
Photo Eye
OSINT 
OSINT (Open source threat intelligence) is data collected from publicly available Web sources such as social media, blogs, news publications, and forums. With an estimated 9 % of required intelligence available in open source, it is imperative intelligence analysts become adept at mining open sources.
RELATED:
Data Mining
 | 
Operational Threat Intelligence
Outside(r) Threat
A person or group of persons external to an organization who are not authorised to access its assets and pose a potential risk.
RELATED:
Hacker
 | 
Risk
Overload
Overload is defined as the limitation of system operation by excessive burden on the performance capabilities of a system component.
RELATED:
Buffer Overflow
 | 
Distributed Denial of Service Attack (DDoS)
Packet
A packet is a unit of data that is routed between an origin and a destination on the Internet or any other packet-switched network. When any file (such as e-mail message, HTML file, Graphics Interchange Format file) is sent from one place to another, the Transmission Control Protocol (TCP) layer of TCP/IP divides the file into smaller chunks ideal for routing.
RELATED:
Hub
 | 
IP Forwarding
Partitions
Partitioning is the division of a computer hard disk or other secondary storage into one or more regions. Many computers have hard disk drives with only a single partition but others have multiple partitions so that an OS can manage information in each region separately. Each partition then appears in the OS as a distinct logical disk that uses part of the actual disk.
RELATED:
Control Network
 | 
Demilitarized Zone
Passing Off
Passing off is making false representation that goods or services are those of another business.
RELATED:
Evil Twins
 | 
Spoofing
Passive Attack
An assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations.
RELATED:
Sniffing
 | 
Snooping Tool
Password
A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorisation.
RELATED:
Authentication
 | 
Username
Password Authentication Protocol
Password Authentication Protocol (PAP) is a password-based authentication protocol used by Point to Point Protocol (PTP) to validate users. Almost all network operating system remote servers support PAP.
RELATED:
Blacklist
 | 
List Based Access Control
Password Cracking
Password cracking is the process of trying to guess or crack passwords to gain access to a computer system or network. Crackers generally use a variety of tools, scripts, or software to crack a system password. Password cracks work by comparing every encrypted dictionary word against the entries in system password file until a match is found.
RELATED:
Brute Force
 | 
Dictionary Attack
Password Sniffing
Password sniffing is a technique used to gain knowledge of passwords that involves monitoring traffic on a network to pull out information. Softwares can be used for automatic password sniffing.
RELATED:
Hybrid Attack
 | 
Sniffing
Patch
A patch is a piece of software security update designed to update a computer program or its supporting data, to fix or improve it. This includes fixing security vulnerabilities and other bugs in existing programs, usually called bug fixes.
RELATED:
Bug
 | 
Vulnerability
Payload
In computing, a payload is the actual intended message within transmitted data. In cybersecurity, however, a payload is the part of malware that performs the malicious action.
RELATED:
Malware
 | 
Packet
Penetration
Penetration is defined as gaining unauthorised access to sensitive information by evading a system's protections.
RELATED:
Exploit Code
 | 
Vulnerability
Penetration Test
A penetration test, is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders. The process involves an active analysis of the system for any potential vulnerabilities from improper system configuration, or operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker and can involve active exploitation of security vulnerabilities. Penetration Testing is also known as pen testing.
RELATED:
Active Security Testing
 | 
Promiscuous Mode
Permissions
Permissions are the authorized actions that a subject can perform with an object (that is read, write, modify or delete).
RELATED:
Authorization
 | 
Trust
Permutation
Permutation is a process where the letters within a text are kept the same, but the position changes to scramble the message.
RELATED:
Cryptography
 | 
Steganography
Personal Firewall
Personal firewalls is a software that controls network traffic to and from a computer. Firewalls are installed and run on individual computers. A personal firewall is an application which controls network traffic to and from a computer, permitting or denying communications based on a security policy. Typically it works as an application layer firewall.
RELATED:
Defense-in-Depth
 | 
Firewall
Personally Identifiable Information
Personal data relating to an identifiable living individual.
RELATED:
Confidentiality
 | 
Privacy
Pharming
Pharming is a type of cyber attack that redirect a website's traffic to a masquerading website. Pharming is achieved by corrupting a DNS server to steer the URL to the IP address of the pseudo website instead of the real IP address. This attack is used to gather private information such as login credentials.
RELATED:
Domain Name System (DNS)
 | 
Domain Hijacking
Phishing
Phishing is a form of social engineering carried out by black hats in electronic form, usually by email, with the purpose of gathering sensitive information by impersonating a trustworthy entity. Phishing communications are made to look like they come from a legitimate source like a social networking site, entity or bank.
RELATED:
Social Engineering
 | 
Spoofing
Photo Eye
Photo eye is a light sensitive sensor utilizing photoelectric control that converts a light signal into an electrical signal, ultimately producing a binary signal based on an interruption of a light beam.
RELATED:
SIGINT
 | 
Temperature Sensor
Phreaker
Phreakers are people who hack into a telecommunications system. Phreakers can hack into a system, circumvent telecommunications security systems by using electronic recording devices or simply creating tones with a whistle.
RELATED:
Bit Error Rate
 | 
Store-and-Forward
Ping Sweep
A ping sweep is a technique that is used to establish a range of IP addresses mapping to live hosts. Well-known tools with ping sweep capability include nmap for Unix systems, and the Pinger software from Rhino9 for Windows NT. There are many other tools with this capability, including: Hping, Simple Nomad's ICMPEnum, SolarWind's Ping Sweep, and Foundstone's SuperScan.
RELATED:
Get Nearest Server
 | 
Internet Control Message Protocol (ICMP)
Plaintext
Plaintext is the most portable format and is supported by almost every application. In cryptography, plaintext refers to any message that is not encrypted.
RELATED:
Cryptography
 | 
Decryption
Poison Reverse
Poison reverse is a method where the gateway node communicates to its neighbour gateways that one of the gateways is no longer connected. The notifying gateway sets the number of hops to the unconnected gateway to a number that indicates infinite. In effect, advertising the fact that there routes are not reachable.
RELATED:
Availability
 | 
Gateway
Polyinstantiation
Polyinstantiation is the ability of a database to maintain multiple records with the same key. It is used to prevent inference attacks. It may also indicate, such as in the case of database polyinstantiation, that two different instances have the same name (identifier, primary key).
RELATED:
Database
 | 
Inference Attack
Polymorphic Virus
A polymorphic virus is a virus that will change its digital footprint every time it replicates. Anti virus software relies on a constantly updated and evolving database of virus digital footprint signatures to detect any virus that may have infected a system. By changing its signature upon replication, a polymorphic virus may elude antivirus software, making it very hard to eradicate.
RELATED:
Anti Virus Software
 | 
Digital Signature
Port
A port is an end point of communication in an operating system, identified by a 16 bit port number. It is the entry or exit point from a computer for connecting communications or peripheral devices.
RELATED:
Endpoint Security
 | 
Secure Communication Protocol
Port Scan
A port scan is a sequence of messages sent by an attacker attempting to break into a computer. Port scanning provides the attacker with an idea of where to probe for weaknesses. A port scan consists of sending a message to each port, one at a time to determine which ports on a system are open.
RELATED:
Reconnaissance
 | 
Vulnerability
Portable Device 
A small, easily transportable computing device such as a smartphone, laptop or tablet computer.
RELATED:
Intelligent Electronic Device (IED)
 | 
Tablet
Pressure Sensor
A pressure sensor is a sensor system that produces an electrical signal related to the pressure acting on it by its surrounding medium. Pressure sensors can also use differential pressure to obtain level and flow measurements.
RELATED:
Hardware
 | 
Photo Eye
Privacy
Privacy is the protection of a company's data from being accessed by unauthorized parties. Safeguards such as encryption can assurance that the integrity of the data is protected from exposure. The assurance that the confidentiality of, and access to, certain information about an entity is protected.
RELATED:
Assurance
 | 
Security
Private Addressing
IANA has set aside three address ranges for use by private or non-internet connected networks. This is referred to as Private Address Space and is defined in RFC 1918. The reserved address blocks are: 1 . . . to 1 .255.255.255 (1 /8 prefix) 172.16. . to 172.31.255.255 (172.16/12 prefix) 192.168. . to 192.168.255.255 (192.168/16 prefix).
RELATED:
IP Address
 | 
Local Area Network (LAN)
Private Key
A cryptographic key that must be kept confidential and is used to enable the operation of an asymmetric (public key) cryptographic algorithm.
RELATED:
Challenge Response Protocol
 | 
Public Key
Process Controller
A process controller is a proprietary computer system, typically rack-mounted, that processes sensor input, executes control algorithms, and computes actuator outputs.
RELATED:
Distributed Control System
 | 
Machine Controller
Program Infector
A program infector is a piece of malware (or virus) that attaches itself to existing program files. Once the original infected program is run the virus transfers to the computer memory and may replicate itself further, spreading the infection. This type of virus can be spread beyond one's system as soon as the infected file or program is passed to another computer.
RELATED:
Virus
 | 
Worm
Program Policy
A program policy is a high-level policy that sets the overall tone of an organisation's security approach.
RELATED:
Chief Security Officer (CSO)
 | 
Security
Programmable Logic Controller
A programmable logic controller (PLC), or programmable controller is an industrial digital computer which has been ruggedised and adapted for the control of manufacturing processes, such as assembly lines, or robotic devices, or any activity that requires high reliability control and ease of programming and process fault diagnosis.
RELATED:
Motion Control Network
 | 
Operations Technology
Promiscuous Mode
Promiscuous mode allows a network device to intercept and read each network packet. This is used by network administrators to diagnose network problems, but also by crackers who are trying to eavesdrop on network traffic for confidential information.
RELATED:
Active Security Testing
 | 
Penetration Test
Proprietary Information
Proprietary information is information that is unique and will affect a company's ability to compete, such as customer lists, technical data, product costs, and trade secrets.
RELATED:
Computer Network Defence
 | 
Criticality
Protocol
A protocol is a set of rules to implement and control communications and associations between systems. Protocols guide connections between end points in a telecommunication connection, and specify interactions between the communicating entities. Protocols exist at several levels in a telecommunication connection.
RELATED:
Challenge Response Protocol
 | 
File Transfer Protocol (FTP)
Protocol Analyzer
A protocol analyzer is a device or software application that enables the user to analyze the performance of network data so as to ensure that the network and its associated hardware/software are operating within network specifications.
RELATED:
Failure
 | 
Quality of Service (QoS)
Proximity Sensor
A proximity sensor is a non-contact sensor with the ability to detect the presence of a target within a specified range.
RELATED:
Hardware
 | 
Pressure Sensor
Proxy Server
A proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. Most proxies are web proxies, facilitating access to content on the World Wide Web and providing anonymity.
RELATED:
Data Server
 | 
Http Proxy
Public Key
A Public Key is the publicly-disclosed component of a pair of cryptographic keys used for asymmetric cryptography. A cryptographic key that can be obtained and used by anyone to encrypt messages intended for a particular recipient, such that the encrypted messages can be deciphered only by using a second key that is known only to the recipient (the private key).
RELATED:
Cryptography
 | 
Secret Key Cryptographic Algorithm
Public Key Encryption
Public Key Encryption is also known as asymmetric cryptography. Public key encryption is a cryptographic system that uses two keys, a public key known to everyone and a private or secret key known only to the recipient of the message.
RELATED:
Public Key
 | 
Secret Key
Python
Python is a widely used high-level programming language for general-purpose programming, created by Guido van Rossum and first released in 1991.
RELATED:
HTML
 | 
SQL
QAZ
A QAZ is a network worm with backdoor capabilities.
RELATED:
Backdoor
 | 
Worm
Quality of Service (QoS)
Quality of service (QoS) is the overall performance of a computer network, particularly the performance seen by the users of the network.
RELATED:
Jitter
 | 
Local Area Network (LAN)
Race Condition
Race condition is also known as race hazard. Race condition is the behavior of an electronic, software, or other system where the output is dependent on the sequence or timing of other uncontrollable events. This becomes a bug when events don't happen in the order the programmer planned. Race conditions can occur in electronics systems, especially logic circuits, and in computer software, especially multithreaded or distributed programs.
RELATED:
Bug
 | 
Distributed Control System
Radiation Monitoring
Radiation monitoring is the process of receiving images, data, or audio from an unprotected source by snooping on radiation signals.
RELATED:
Ciphony
 | 
Snooping Tool
Ransomware
Ransomware is a form of computer malware that can be easily installed covertly on a victim’s computer. Ransomware prevents a user from being able to operate their PC normally unless they comply with the demands of the attacker. To regain access to your PC and files, you typically have pay money – a ‘ransom’ – to the attacker in exchange for unlocking your system.
RELATED:
Crimeware, Malware
Real Time
Real time pertains to the performance of a computation during the actual time that the related physical process transpires, so that the results of the computation can be used to guide the physical process.
RELATED:
Availability
 | 
Process Controller
Reconnaissance
Active reconnaissance is a type of computer attack in which an intruder engages with the targeted system to gather information about vulnerabilities. The attacker often uses port scanning, for example, to discover any vulnerable ports.
RELATED:
Port Scanning
 | 
Scavenging
Recovery
The activities after an incident or event to restore essential services and operations in the short and medium term, and fully restore all capabilities in the longer term. Redundancy Additional or alternative systems, subsystems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, subsystem, asset, or process.
RELATED:
Data Leakage
 | 
Restore
Redundant Control Server
A redundant control server is a backup to the control server that maintains the current state of the control server at all times.
RELATED:
Bastion Host
 | 
Control Server
Registry
Registry is a system-defined database where applications and system components store and retrieve configuration data. Applications use the registry API to retrieve, modify, or delete registry data.
RELATED:
Database
 | 
Honeyclient
Regression Analysis
The use of scripted tests which are used to test software for all possible input is should expect. Typically developers will create a set of regression tests that are executed before a new version of a software is released.
RELATED:
Egress
 | 
Software
Relay
Relay is an an electromechanical device that completes or interrupts an electrical circuit by physically moving conductive contacts. It's motion can be coupled to another mechanism such as a valve.
RELATED:
OSI Layers
 | 
Solenoid Valve
Reliability
Reliability is the assurance that a system will adequately accomplish its tasks for a specific period of time under the expected operating conditions.
RELATED:
Gap Analysis
 | 
Internet Standard
Remote Access
Remote access by users (or information systems) communicating external to an information system security perimeter.
RELATED:
Secure Shell
 | 
TCP Fingerprinting
Remote Diagnostics
Remote diagnostics are diagnostic activities conducted by individuals communicating externally to an information system security perimeter.
RELATED:
Endpoint Security
 | 
Secure Shell
Remote Maintenance
Remote maintenance is maintenance activities conducted by individuals communicating externally to an information system security perimeter.
RELATED:
Maintenance
 | 
Remote Access
Remotely Exploitable
Remotely exploitable vulnerabilities are those that can be exploited by attackers across a network. for example, vulnerabilities in web servers that can be exploited by web clients are remotely exploitable vulnerabilities.
RELATED:
Botnet
 | 
Null Session
Resilience
The ability to adapt to changing conditions and prepare for, withstand, and rapidly recover from disruption.
RELATED:
Assurance
 | 
Compliance
Resource Exhaustion
Resource exhaustion is a kind of attack where the attacker or hacker ties up finite resources on a system, making them unavailable to others.
RELATED:
Distributed Denial of Service Attack (DDoS)
 | 
Smurf Attack
Resource Starvation
Resource starvation is a condition where a computer process cannot be supported by available computer resources. It can occur due to the lack of computer resources or the existence of multiple processes that are competing for the same computer resources.
RELATED:
Control
 | 
Disaster
Response
A response is information that is sent in response to a request or sitimulus.  
RELATED:
Incident Response Procedures
 | 
Stimulus
Restore 
Restore refers to the recovery of data following computer failure or loss.
RELATED:
Maintenance
 | 
Recovery
Reverse Engineering
Reverse engineering is the process of extracting any kind of sensitive information by disassembling and analyzing the design of a system component.
RELATED:
Architecture
 | 
Social Engineering
Reverse Lookup
Reverse lookup is a technique that uses the IP (Internet Protocol) address to find a domain name.
RELATED:
IP Address
 | 
WHOIS
Reverse Proxy
A reverse proxy is a device or service that is placed between a client and a server in a network. All the incoming HTTP requests are handled by the proxy (back-end webservers), so the proxy can then send the content to the end-user.
RELATED:
HTTP Proxy
 | 
Hypertext Transfer Protocol (HTTP)
Risk
Risk is the probability of that a vulnerability in a system or network will be exploited for attack, both intentionally or accidentlly. The level of impact of having risk gives the potential impact of losing valuable and sensitive information.
RELATED:
Exposure
 | 
Management Controls
Risk Assessment
Risk assessment is a systematic process to identify, analyze and evaluate any possible threats that may leave sensitive information vulnerable to attacks. It also employs methods to calculate the risk impact and eliminate the impact.
RELATED:
Business Impact Assessment
 | 
Security Control Assessment
Risk Averse
Risk averse means avoiding risks even if this leads to the loss of opportunity. An example is using a (more expensive) phone call vs. sending an e-mail in order to avoid risks associated with e-mail.
RELATED:
Management Controls
 | 
Security Policy
Risk Management
Risk management is the process of managing risks to agency operations, assets, or individuals resulting from the operation of an information system. It includes risk assessment; cost-benefit analysis; the selection, implementation, and assessment of security controls; and the formal authorization to operate the system.
RELATED:
Risk Assessment
 | 
Security Control
Role Based Access Control
Role Based Access Control (RBAC) assigns users to roles based on their organizational functions and determines authorization based on those roles. It is used by enterprises with more than five employees, and can implement Mandatory Access Control (MAC) or Discretionary Access Control (DAC).
RELATED:
Authorization
 | 
Mandatory Access Control (MAC)
Root
Root is the account that has access to all commands and files on a Linux or Unix operating system. Root is also known as the super user.
RELATED:
Operating System
 | 
Unix
Rootkit
A rootkit is a malicious malware programme that allows the attacker to gain administrator access to a network. Once installed, the attacker gains privileged access. What makes a rootkit particularly lethal is the ability to erase tracks and mask the intrusion from the vulnerable system, allowing the attacker to navigate the entire network without being noticed.
RELATED:
Malware
 | 
Spoofing
Router
A router is a hardware device that transfers data packets to the appropriate networks. Many Internet Service Providers (ISPs) provide routers to their customers, with inbuild firewall protections.
RELATED:
Internet Service Provider (ISP)
 | 
Modem
Router Flapping
Router flapping is a router that transmits routing updates alternately advertising a destination network first via one route, then via a different route.
RELATED:
Port Scan
 | 
Router
Routing Loop
A routing loop is where two or more poorly configured routers repeatedly exchange the same data packet over and over. In case of distance vector protocols, the fact that these protocols route by rumor and have a slow convergence time can cause routing loops.
RELATED:
Packet
 | 
Router
Safety
Safety is the requirement to ensure that the individuals involved with an organization (e.g. employees, customers, and visitors) are safeguarded from any kind of malicious attack.
RELATED:
Cybersecurity
 | 
Identity and Access Management (IAM)  
Safety Instrumented System (SIS)
SIS is a system that is composed of sensors, logic solvers, and final control elements whose purpose is to take the process to a safe state when predetermined conditions are violated. Other terms commonly used include Emergency Shutdown System (ESS), Safety Shutdown System (SSD), and Safety Interlock System (SIS).
RELATED:
Security
 | 
Temperature Sensor
Salt
In cryptography, a salt is random data that is used as an additional input to a one-way function that "hashes" a password or passphrase.
RELATED:
Hash Function
 | 
Password
Sandboxing
In computer security, sandboxing is a security system to run suspicious programmes in an isolated environment. It is used to seperate out untest and untrusted programmes to run them safely in a virtual address space. Untrusted machine interpretable code modules are transformed so that all memory accesses are confined to code and data segments within their fault domain. A restricted, controlled execution environment that prevents potentially malicious software, such as mobile code, from accessing any system resources except those for which the software is authorized.
RELATED:
Content Filtering
 | 
Security Test & Evaluation (ST&E)
SCADA Server
A SCADA server is the device that acts as the master in a SCADA system.
RELATED:
MDM 
 | 
Supervisory Control and Data Acquisition (SCADA)
Scatternet
A scatternet is a type of ad hoc computer network consisting of two or more piconets. The terms "scatternet" and "piconet" are typically applied to Bluetooth wireless technology.
RELATED:
Ad Hoc Network
 | 
Network
Scavenging
Scavenging is the process of searching through data residue in a system or a network to gain unauthorized knowledge of sensitive information.
RELATED:
Reconnaissance
 | 
Sensitive Information
Scoping Guidance
Scoping guidance is a part of tailoring guidance providing organizations with specific considerations on the applicability and implementation of individual security controls in the security control baseline.
RELATED:
Security Control Baseline
 | 
Security Control Effectiveness
Screen Scraper
A virus or physical device that logs information sent to a visual display to capture private or personal information.
RELATED:
Personally Identifiable Information
 | 
Skimming
Script
A script is a file containing active content such as commands or instructions that are executed by the computer.
RELATED:
Python
 | 
SQL
Script Kiddie
An individual uses existing codes to hack into a system, lacking the expertise to write their own. While they may not possess a lot of computing talent, they're easily as dangerous as hackers.
RELATED:
Easy Access
 | 
Hacker
Secret Key Cryptographic Algorithm
Secret Key (symmetric) Cryptographic Algorithm is a cryptographic algorithm that uses a single secret key for both encryption and decryption. A cryptographic algorithm that uses a single key (i.e., a secret key) for both encryption and decryption.
RELATED:
Control Algorithm
 | 
Secret Key
Secret Seed
A secret seed is a secret value used to initialize a pseudorandom number generator.
RELATED:
Hash Value
 | 
MD5
Secure Communication Protocol
Protocols that establishes rules that encourages secure communication. Examples include Transport Layer Security and HTTPS.
RELATED:
HTTPS
 | 
Transport Layer Security (TLS)
Secure Communications
A Secure Electronic Transaction (SET) is a communications protocol standard for securing credit card transactions over insecure networks. SET ensures that all parties (customers, merchant, and bank) are authenticated using digital signatures, encryption protects the message and provides integrity, and provides end-to-end security for credit card transactions online.
RELATED:
Baseline Security
 | 
Non-Repudiation
Secure Electronic Transactions
Secure Electronic Transaction (SET) was a communications protocol standard for securing credit card transactions over insecure networks, specifically, the internet.
RELATED:
Chargeback
 | 
Secure Communications
Secure Shell (SSH)
A Secure Shell (SSH) is also known as Secure Socket Shell. SSH is a UNIX-based command interface and protocol used to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another.
RELATED:
Shell
 | 
UNix
Secure Sockets Layer
A Secure Sockets Layer (SSL) is the standard security technology for establishing an encrypted link between a web server and a browser. SSL was developed by Netscape for transmitting private documents via the internet.
RELATED:
Secure Shell (SSH)
 | 
Web Server
Secure State
Secure state is a condition in which no subject can access any object in an unauthorized manner.
RELATED:
Link State
 | 
Steady State
Secure Subsystyem
A secure subsystem is a subsystem containing its own implementation of the reference monitor concept for those resources it controls. A secure subsystem must depend on other controls and the base operating system for the control of subjects and the more primitive system objects.
RELATED:
Control
 | 
Guard System
Security
Security is acheived when an organization establishes and maintains protective measures that enable an enterprise to perform its mission or critical functions despite risks posed by threats to its use of information systems.
RELATED:
Risk
 | 
Security Engineering
Security Assertion Markup Language (SAML)
Security Assertion Markup Language (SAML, pronounced sam-el) is an XML-based, open-standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is a product of the OASIS Security Services Technical Committee.
RELATED:
CybOX
 | 
XML
Security Association
A security association is a relationship established between two or more entities to enable them to protect data they exchange.
RELATED:
Guard System
 | 
OPSEC 
Security Attribute
A security attribute is a security-related quality of an object. Security attributes may be represented as hierarchical levels, bits in a bit map, or numbers. Compartments, caveats, and release markings are examples of security attributes. A security attribute is also an abstraction representing the basic properties or characteristics of an entity with respect to safeguarding information; typically associated with internal data structures (e.g., records, buffers, files) within the information system.
RELATED:
Partitions
 | 
Security Label
Security Audit
A security audit is an independent review and examination of a system's activity records to determine if system control is adequate. The process ensures compliance with established security policies, detects breaches in security, and recommends any changes.
RELATED:
Compliance Documents
 | 
System Control
Security Authorization Boundary
A security authorization boundary is an information security area that includes a grouping of tools, technologies, and data.
RELATED:
High Assurance Guard (HAG)
 | 
Security Perimeter
Security Category
Security category is the characterization of information based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on the organization or individuals, other organizations, and the nation.
RELATED:
Availability
 | 
Integrity
Security Concept of Operations
Security concept of operations is a security-focused description of an information system, its operational policies, classes of users, interactions between the system and its users, and the system’s contribution to the operational mission.
RELATED:
Cyber Ecosystem
 | 
Enterprise Architecture
Security Control
A security control is the management, operational, and technical control (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information. Security Control is something that modifies or reduces one or more security risks.
RELATED:
Banner
 | 
Operational Controls
Security Control Assessment
Security control assessment is the testing and/or evaluation of the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly, and producing the desired outcome with respect to meeting the security requirements.
RELATED:
Risk Assessment
 | 
Threat Assessment
Security Control Assessor
A security control assessor is the individual, group, or organization responsible for conducting a security control assessment.
RELATED:
Declaration of Conformity
 | 
Threat Assessment
Security Control Baseline
A security control baseline is the set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system.
RELATED:
High Impact
 | 
Scoping Guidance
Security Control Effectiveness
Security control effectiveness is the measure of correctness of implementation (i.e., how consistently the control implementation complies with the security plan) and how well the security plan meets organizational needs in accordance with current risk tolerance.
RELATED:
Scoping Guidance
 | 
Security Plan
Security Control Enhancements
Security control enhancements are statements of security capability to 1) build in additional, but related, functionality to a basic control; and/or 2) increase the strength of a basic control. Statements of security capability to: (i) build in additional, but related, functionality to a security control; and/or (ii) increase the strength of the control.
RELATED:
Maintenance
 | 
Security Control
Security Control Inheritance
Security control inheritance is a situation in which an information system or application receives protection from security controls (or portions of security controls) that are developed, implemented, assessed, authorized, and monitored by entities other than those responsible for the system or application; entities either internal or external to the organization where the system or application resides.
RELATED:
Information Security
 | 
External Security Testing
Security Domain
A security domain is the determining factor in the classification of an enclave of servers/computers. A network with a different security domain is kept separate from other networks. Examples: NIPRNet, SIPRNet.
RELATED:
Domain Controller
 | 
Sandboxing
Security Engineering
Security Engineering is an interdisciplinary approach and means to enable the realization of secure systems. It focuses on defining customer needs, security protection requirements, and required functionality early in the systems development life cycle, documenting requirements, and then proceeding with design, synthesis, and system validation while considering the complete problem.
RELATED:
Internet Engineering Task Force (IETF)
 | 
National Institute of Standards and Technology
Security Fault Analysis (SFA)
A security fault analysis is an assessment, usually performed on information system hardware, to determine the security properties of a device when hardware fault is encountered.
RELATED:
Fault Tolerant
 | 
Threat Assessment
Security Features Users Guide
A security features users guide is a guide or manual explaining how the security mechanisms in a specific system work.
RELATED:
Acceptable Use Policy
 | 
Protocol
Security Filter
A security filter is a secure subsystem of an information system that enforces security policy on the data passing through it.
RELATED:
Assurance
 | 
Security Policy
Security Functions
A security function is the implementation of a security policy as well as a security objective. It enforces the security policy and provides required capabilities
RELATED:
Secure Communication Protocol
 | 
Security Policy
Security Goals
All information security measures try to address at least one of three goals: 1) Protect the confidentiality of data. 2) Preserve the integrity of data. 3) Promote the availability of data for authorized use.
RELATED:
Cybersecurity
 | 
OPSEC
Security Information and Event Management (SIEM)
Process in which network information is aggregated, sorted and correlated to detect suspicious activities.
RELATED:
Network-Based IDS
 | 
Snort Rules/Snort Signatures
Security Kernel
In computer and communications security, the security kernel is the central part of a computer or communications system hardware, and software that implements the basic security procedures for controlling access to system resources.
RELATED:
Kernel
 | 
Security Procedures
Security Label
A security label is a marking bound to a resource (which may be a data unit) that names or designates the security attributes of that resource.
RELATED:
Security Attribute
 | 
Security Markings
Security Management Dashboard
A security management dashboard is a tool that consolidates and communicates information relevant to the organizational security posture in near real time to security management stakeholders.
RELATED:
Real Time
 | 
Security Information and Event Management (SIEM)
Security Markings
Security markings are human-readable indicators applied to a document, storage media, or hardware component to designate security classification, categorization, and/or handling restrictions applicable to the information contained therein. For intelligence information, security markings could include compartment and sub-compartment indicators and handling restrictions.
RELATED:
Content Filtering
 | 
Simple Security Property
Security Net Control Station
A security net control system is a management system overseeing and controlling implementation of network security policy.
RELATED:
Control System
 | 
Security Policy
Security Perimeter
A security perimeter is a well-defined boundary within which security controls are enforced.
RELATED:
Hybrid Security Control
 | 
Security Authorization Boundary
Security Plan
A security plan is a formal document that provides an overview of the security requirements for the information system and describes the security controls in place or planned for meeting those requirements.
RELATED:
Compliance Documents
 | 
Security Control
Security Policy
Security Policy is a set of rules and practices that specify how a system or organization delivers security services to protect sensitive and critical information. It defines the objectives and constraints for the security program.
RELATED:
Issue-Specific Policy
 | 
System-Specific Policy
Security Procedures
Security Procesures is a set of detailed instructions, configurations and recommendations to implement company's security policies.
RELATED:
Contingency plan
 | 
Incident Response Procedures
Security Requirements Baseline
Security requirements baseline is the description of the minimum requirements necessary for an information system to maintain an acceptable level of risk.
RELATED:
Baseline Security
 | 
Enterprise Architecture
Security Service
A security service is a capability that supports one, or mutiple security goals to maintain confidentiality, integrity and availability of system information.  Examples of security services are key management, access control, and authentication.
RELATED:
Integrity
 | 
UTM/USM
Security Specification
Security specification is the detailed description of the safeguards required to protect an information system.
RELATED:
Privacy
 | 
Security Control
Security Strength
Security strength is a measure of the computational complexity associated with recovering certain secret and/or security-critical information concerning a given cryptographic algorithm from known data (e.g. plaintext/ciphertext pairs for a given encryption algorithm). It is also a number associated with the amount of work (that is, the number of operations) that is required to break a cryptographic algorithm or system. Sometimes referred to as a security level.
RELATED:
Easy Access
 | 
Real Time
Security Tag
A security tag is an information unit containing a representation of certain security related information (e.g., a restrictive attribute bit map).
RELATED:
Network Mapping
 | 
Security Attribute
Security Test & Evaluation (ST&E)
A security test and evaluation is an examination and analysis of the safeguards required to protect an information system, as they have been applied in an operational environment, to determine the security posture of that system.
RELATED:
Sandbox
 | 
Threat Analysis
Security Testing
Security testing is the process to determine that an information system protects data and maintains functionality as intended.
RELATED:
Penetration Testing
 | 
Tiger Team
Security-Relevant Change
A security relevant change is any change to a system’s configuration, environment, information content, functionality, or users which has the potential to change the risk imposed upon its continued operations.
RELATED:
Risk
 | 
System Security Officer (SSO)
Seed Key
A seed key is an initial key used to start an updating or key generation process.
RELATED:
Cryptosystem
 | 
Key
Segment
A segment is another name for TCP packets. Dividing an ethernet into multiple segments is one of the most common ways of increasing available bandwidth on the LAN.
RELATED:
Ethernet
 | 
Local Area Network (LAN)
Sensitive Information
Sensitive information is data that must be protected from unauthorised access to safeguard the privacy or security of an individual, organisation, or nation. Information sensitivity is the control of access to information or knowledge that might result in loss of an advantage or level of security, if disclosed to others.
RELATED:
Data Breach
 | 
Privacy
Separation of Duties
Separation of duties (SoD) is also known as segregation of duties. It is based on the principle of splitting privileges among multiple individuals or systems.
RELATED:
List Based Access Control
 | 
Whitelist
Server
A server is a computer entity or a machine that waits for requests from other machines or software (clients) and responds to them. The purpose of a server is to share data or hardware and software resources, hence allowing for the provision of services and data within a network.
RELATED:
Data Server
 | 
Hardware
Servo Valve
A servo valve is an actuated valve whose position is controlled using a servo actuator.
RELATED:
DC Servo Drive
 | 
Solenoid Valve
Session
A session is a virtual connection between two hosts by which network traffic is passed. It is a way to store information (in variables) to be used across multiple pages.
RELATED:
Host
 | 
Virtual Private Network (VPN)
Session Hijacking
Session hijacking is also known as cookie hijacking. It is an exploitation of a valid computer session, sometimes also called a session key, to gain unauthorised access to sensitive information or services in a computer system or network.
RELATED:
Cookie
 | 
Cross Site Scripting (XSS)
Session Key
A session key is a key that is temporary. It is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers. These keys are sometimes called symmetric keys, because the same key is used for both encryption and decryption.
RELATED:
Cryptosystem
 | 
Decryption
Set Point
An input variable that sets the desired value of the controlled variable. This variable may be manually set, automatically set, or programmed.
RELATED:
Controlled Variable
 | 
Control Loop
SHA1
Secure Hash Algorithm 1 (SHA-1) is a cryptographic hash function designed by the United States National Security Agency and is a U.S. Federal Information Processing Standard published by the United States NIST.
RELATED:
Federal Information System
 | 
Triple DES
Shadow Password Files
Shadow password files are system files where encrypted user passwords are stored, so that they aren't available to people who try to break into the system.
RELATED:
Encryption
 | 
Password
Share
A share is any resource that has been made public on a system or network, such as a directory or printer.
RELATED:
Asset
 | 
Unprotected Share
Shell
Shell is a Unix term for the interactive user interface with an operating system. The shell is the layer of programming that recognises and executes the commands that a user enters. In some systems, the shell is called a command interpreter.
RELATED:
Secure Shell (SSH)
 | 
UNix
Shoulder Surfing
Shoulder Surfing is the act of looking over a person's shoulder to obtain confidential information. It is an effective way to get information in crowded places as one fill up a form, or enter a PIN number at an ATM machine.
RELATED:
Eavesdropping
 | 
Social Engineering
SIEM 
Security information and event management (SIEM) is an approach to security management that seeks to provide a holistic view of an organization’s information technology (IT) security. The acronym is pronounced “sim” with a silent e.
RELATED:
Cyber
 | 
Security
SIGINT 
Signals intelligence- intelligence gathering by interception of signals, whether communications are from people or from electronic signals not directly used in communication
RELATED:
MASINT
 | 
IMINT
Signals Analysis
Signals Analysis is a process of gaining indirect knowledge of communicated data by monitoring and analysing a signal that is emitted by a system and that contains the data, but is not intended to communicate the data.
RELATED:
Loopback Address
 | 
Photo Eye
Signature
A signature is a distinct pattern in network traffic that can be identified by a specific tool.
RELATED:
Egress Filtering
 | 
Snort Rules/Snort Signatures
Simple Integrity Property
In simple integrity property, a user cannot write data to a higher integrity level than their own.
RELATED:
Integrity
 | 
Strong Star Property
Simple Network Management Protocol (SNMP)
Simple Network Management Protocol (SNMP) is an Internet-standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks and more. SNMP is widely used in network management systems to monitor network-attached devices for conditions that warrant administrative attention.
RELATED:
Asset
 | 
Workstation
Simple Security Property
In simple security property, a user cannot read data of a higher classification than their own.
RELATED:
Security Markings
 | 
Strong Star Property
Single Loop Controller
A single loop controller controls a very small process or a critical process.
RELATED:
Control Network
 | 
Process Controller
Skimming
Skimming is a high-tech method by which thieves capture your personal or account information from your credit card, driver's license or even passport using an electronic device called a skimmer. Such devices can be purchased online for under $5.
RELATED:
Screen Scraper
 | 
Social Engineering
Smart Card
A smart card is an electronic badge that includes a magnetic strip or chip that can record and replay a set key. The card connects to a reader with direct physical contact or with a remote contactless radio frequency interface.
RELATED:
Electronic Key Entry
 | 
Forward Cipher
Smurf Attack
A Smurf Attack is a distributed denial-of-service attack where large numbers of Internet Control Message Protocol (ICMP) packets a spoofed IP is broadcast to a computer network. Most devices on a network respond by sending a reply to the source IP address. This can slow down the victim's computer to the point where it becomes impossible to work on.
RELATED:
Distributed Denial of Service Attack (DDoS)
 | 
Resource Exhaustion
Snapshot
A snapshot is a copy of a computer's memory in a specific point in time. The snapshot captures information such as primary storage and specific registers.
RELATED:
Forensic Copy
 | 
State Machine
Sniffing
Sniffing is also known as passive wiretapping. Packet sniffing allows individuals to capture data as it is transmitted over a network. Packet sniffer programs are used by network professionals to diagnose network issues and by malicious users to capture unencrypted data like passwords and usernames in network traffic. Once this information is captured, the user can then gain access to the system or network.
RELATED:
Hijack Attack
 | 
Wiretapping
Snooping Tool
A snooping tool is a program that an intruder uses to capture passwords and other data.
RELATED:
Passive Attack
 | 
Radiation Monitoring
Snort Rules/Snort Signatures
Snort rules are a different methodology for performing detection.
RELATED:
Egress Filtering
 | 
Signature
Social Engineering
Social engineering is the physcological method to deceive someone for the purpose of acquiring sensitive and personal information (e.g. credit card details, passwords) for unauthorized use. To prevent yourself from becoming a victim of social engineering, do not give your personal and sensitive information to anyone you are not absolutely sure about.
RELATED:
Reverse Engineering
 | 
Shoulder Surfing
Social Networking Websites
Social networking sits are sites specifically focused on the building and verifying of social networks. Known social networking websites include Facebook, Twitter, LinkedIn, MySpace and Blogspot. The sites facilitate connecting with other users with similar interests, activities and locations.
RELATED:
Quality of Service (QoS)
 | 
Transport Layer Security (TLS)
Socket
A socket is an end point for communication between two systems. The socket tells a host's IP stack where to plug in a data stream so that it connects to the right application.
RELATED:
Multiplexing
 | 
Port
Socket Pair
A socket pair is a way to uniquely specify a connection, i.e., source IP address, source port, destination IP address, destination port.
RELATED:
IP Address
 | 
Network Address Translation (NAT)
SOCKS
Socket Secure (SOCKS) is an Internet protocol that routes data packets between a client and server. It ensure proper authentication of users and allows only authorised users to access a server.
RELATED:
Access Path
 | 
SSL
SOC 
Security operations center. A security operations center (SOC) is a centralized unit that deals with security issues on an organizational and technical level. A SOC within a building or facility is a central location from where staff supervises the site, using data processing technology.
RELATED:
Control Center
 | 
ISAC/ISAO
Software
Software is any computer instructions, data, or programs that can be stored electronically and executed by a computer hardware. In particular, an antivirus software is designed to detect and potentially eliminate viruses before they have a chance to create substantial damage in the system.
RELATED:
Regression Analysis
 | 
Security Kernel
Software Development Kit (SDK)
A Software Development Kit (SDK or “devkit”) is typically a set of software development tools that allows the creation of applications for a certain software package, software framework, hardware platform, computer system, video game console, operating system, or similar development platform.
RELATED:
Github
 | 
Software
Solenoid Valve
A Solenoid valve is a valve actuated by an electric coil. It typically consist of two states: open and closed.
RELATED:
Relay
 | 
Servo Valve
Source Port
A source port is a port that a host uses to connect to a server. It is usually a number greater than or equal to 1 24. It is randomly generated and is different each time a connection is established.
RELATED:
Host
 | 
Port
Spam
Spam is simply unsolicited email, also known as junk email. Spammers gather lists of email addresses, which they use to bombard users with this unsolicited mail. Spam emails are used to achieve objectives such as advertising and phishing.
RELATED:
Email Ingest
 | 
Spim
Spanning Port
A spanning port is used to configure the switch to behave like a hub for a specific port.
RELATED:
Port
 | 
Switch
Spim
Spim is unwanted, unsolicited instant messages from someone you don't know. It is often sent in an attempt to sell you something or get you to reveal personal information.
RELATED:
Instant Messaging (IM)
 | 
Spam
Split Horizon
A split horizon is an algorithm used to prevent routing loops in distance-vector routing protocols by prohibiting a router from advertising a route back onto the interface from which it was learned.
RELATED:
Control Algorithm
 | 
Routing Loop
Split Key
A split key is a cryptographic key that is divided into two or more separate data items that individually convey no knowledge of the whole key or information that results from combining the items.
RELATED:
Cryptography
 | 
Key
Spoofing
A spoofing is the act of falsifying data to gain an illegitimate advantage. Black hat crackers will often cover their tracks by spoofing (faking) an IP address or masking/changing the sender information on an email so as to deceive the recipient as to its origin. Malicious spoof attacks are made to look like it come from a safe source, while linking to a page that will infect your system with malware.
RELATED:
Rootkit
 | 
Phishing
Spyware
Spyware is software designed to gather information about a user’s computer use without their knowledge. Spyware can track a user’s internet surfing habits for advertising habits, scan computers to create pop up ads, and change one’s homepage to redirect to pre chosen websites.
RELATED:
Keylogger
 | 
Malware
SQL Injection
SQL injection is a code injection technique that is used to attack data-driven applications. Malicious SQL statements are inserted into an entry field for execution.
RELATED:
Input Validation Attacks
 | 
Malicious Code
SSL (Secure Socket Layer)
An encryption system protects the privacy of data exchanged by a website and the individual user. Used by websites whose URLs begin with https instead of http.
RELATED:
Confidentiality
 | 
Privacy
Stack Smashing
Stack smashing is used to cause a stack in a computer application or operating system to overflow. This makes it possible to weaken the program or system or cause it to crash. The stack is also called a pushdown stack or first-in last-out circuit. It is a form of buffer that holds the intermediate results of an operation or data that is awaiting processing.
RELATED:
Buffer Overflow
 | 
Overload
Standard ACLs
Standard access control lists (ACLs) are essentially a set of commands, grouped together by a number or name that is used to filter traffic entering or leaving an interface. ACLs make packet filtering decisions based on source IP address only.
RELATED:
Access Control List
 | 
TCP Wrapper
Star Network
Star networks are one of the most common computer network topologies. A star network consists of one central switch, hub or computer, which acts as a conduit to transmit messages. This consists of a central node, to which all other nodes are connected. The central node provides a common connection point for all nodes through a hub.
RELATED:
Motion Control Network
 | 
Topology
State Machine
control
RELATED:
Input/Output (I/O)
 | 
Snapshot
Stateful Inspection
Stateful inspection is also known as dynamic packet filtering. It is a firewall technology that monitors the state of active connections and uses this information to determine which network packets to allow through the firewall.
RELATED:
Inspection Certificate
 | 
Declaration of Conformity
Static Host Tables
Static host tables are text files that contain hostname and address mapping.
RELATED:
Host
 | 
Network Mapping
Static Routing
Static routing is a form of routing that occurs when a router uses a manually-configured routing entry, rather than information from a dynamic routing traffic. Static routing can also be used in stub networks, or to provide a gateway of last resort.
RELATED:
Gateway
 | 
Router Flapping
Statistical Process Control (SPC)
Statistical process control is the use of statistical techniques to control the quality of a product or process.
RELATED:
Data Historian
 | 
Process Control
Steady State
A steady state is a characteristic of a condition, such as value, rate, periodicity, or amplitude, exhibiting only negligible change over an arbitrarily long period of time.
RELATED:
Link State
 | 
Secure State
Stealthing
Stealthing is a term that refers to approaches used by malicious code to conceal its presence on the infected system.
RELATED:
IP Spoofing
 | 
Malicious Code
Steganalysis
Steganalysis is the study of detecting and defeating the use of steganography. This is analogous to cryptanalysis applied to cryptography.
RELATED:
Cryptography
 | 
Steganography
Steganography
Steganography is a technique used to hide the existence of a message, files, or any other information. The first recorded use of the term was in 1499 by Johannes Trithemius in his Steganographia. This is different than cryptography, which hides the meaning of a message but does not hide the message itself. An example of a steganographic method is the invisible ink.
RELATED:
Cryptography
 | 
Permutation
Stimulus
Stimulus is network traffic that initiates a connection or solicits a response.
RELATED:
Firewall
 | 
Response
STIX 
STIX is a language for having a standardized communication for the representation of cyberthreat information. Similar to TAXII, it is not a sharing program or tool, but rather a component that supports programs or tools.
RELATED:
CybOX
 | 
VERIS 
Store-and-Forward
Store-and-Forward is a telecommunications technique in which information is sent to an intermediate station where it is kept and sent at a later time to the final destination or to another intermediate station.
RELATED:
OSI
 | 
Phreaker
Straight-Through Cable
A straight-through cable is a type of twisted pair cable that is used in local area networks (LANs) to connect a computer to a network hub such as a router. This type of cable is also sometimes called a patch cable and is an alternative to wireless connections where one or more computers access a router through a wireless signal.
RELATED:
Hub
 | 
Router
Stream Cipher
A stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream. In a stream cipher, each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, to give a digit of ciphertext stream.
RELATED:
Plaintext
 | 
Symmetric Key
Strong Star Property
In strong star property, a user cannot write data to higher or lower classifications levels than their own.
RELATED:
Graduated Security
 | 
Simple Integrity Property
Sub Network
A sub network is a separately identifiable part of a larger network that typically represents a certain limited number of host computers, the hosts in a building or geographic area, or the hosts on an individual local area network (LAN).
RELATED:
Host
 | 
Local Area Network (LAN)
Subnet Mask
A subnet mask is used to determine the number of bits that are used for the subnet and host portions of the address. It is used as a screen of numbers used for routing traffic within a subnet. Once a packet has arrived at a gateway or connection point with its unique network number, it can be routed to its destination within the internal gateways using the subnet number.
RELATED:
Netmask
 | 
Packet
Supervisory Control
Supervisory control is used to imply that the output of a controller or computer program is used as input to other controllers.
RELATED:
Control
 | 
Input/Output (I/O)
Supervisory Control and Data Acquisition (SCADA)
SCADA is a generic name for a computerized system that is capable of gathering and processing data and applying operational controls over long distances. The typical uses include power transmission and distribution and pipeline systems.
RELATED:
Control System
 | 
Decentralization
Switch
A switch is also called switching hub, bridging hub, officially MAC bridge. It is a computer networking device that connects devices together on a computer network by using packet switching to receive, process and forward data to the destination device.
RELATED:
Bridge
 | 
Mandatory Access Control (MAC)
Switched Network
A switched network is a computer network that uses only network switches rather than network hubs on ethernet local area networks (LANs). The switches allow for a dedicated connection to each workstation. A switch allows for many conversations to occur simultaneously.
RELATED:
Local Area Network (LAN)
 | 
Switch
Symbolic Links
Symbolic links are sometimes also known as symlinks. Symbolic links are essentially advanced shortcuts that point to another file.
RELATED:
MDM
 | 
Network Taps
Symmetric Cryptography
Symmetric cryptography is a branch of cryptography involving algorithms that use symmetrical keys for two different steps of the algorithm. Symmetric cryptography is called secret key cryptography because the entities that share the key.
RELATED:
Cryptography
 | 
Secret Key
Symmetric Key
A symmetric key is a cryptographic key that is used in a symmetric cryptographic algorithm.
RELATED:
Cryptography
 | 
Stream Cipher
SYN Flood
A SYN flood is a type of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.
RELATED:
Denial of Service Attack (DoS)
 | 
Flooding
Synchronization
Synchronization is the signal made up of a distinctive pattern of bits that network hardware looks for to signal that start of a frame. Synchronization refers to one of two distinct but related concepts: synchronization of processes, and synchronization of data.
RELATED:
OSI Layers
 | 
Token Ring
Syslog
A syslog is a widely used standard for message logging facility in Unix systems. It permits separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them.
RELATED:
Analog
 | 
Data Mining
System Security Officer (SSO)
A System Security Officer (SSO) is an individual responsible for enforcement or administration of the security policy that applies to the system.
RELATED:
Chief Security Officer (CSO)
 | 
Security-Relevant Change
System-Specific Policy
A system-specific policy is a policy written for a specific system or device and may change with changes in the system or device, its functionality, or its vulnerabilities.
RELATED:
Issue-Specific Policy
 | 
Security Policy
T1, T3
A T1, T3 is a digital circuit using TDM (Time-Division Multiplexing).
RELATED:
Logic Gate
 | 
Relay
Tablet 
An ultra-portable, touch screen computer that shares much of the functionality and operating system of smartphones, but generally has greater computing power.
RELATED:
Intelligent Electronic Device (IED)
 | 
Portable Device
Tamper
Tamper is an action to deliberately change or alter a system's logic, data, or control information to cause the system to perform unauthorized functions or services.
RELATED:
CRC
 | 
Manipulated Variable
TCP Fingerprinting
TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters may be used to infer the remote machine's operating system (OS), or incorporated into a device fingerprint.
RELATED:
Remote Access
 | 
TCP/IP
TCP Full Open Scan
A TCP Full Open Scan checks each and every port after performing a full three-way handshake on each port to determine if it was open.
RELATED:
Handshaking Procedures
 | 
TCP Half Open Scan
TCP Half Open Scan
A TCP Half Open Scan determines if a port is open by performing the first half of a three-way handshake. It is also referred as the SYN scanning. In SYN scanning, the hostile client or attacker attempts to set up a TCP/IP connection with a server at every possible port. This is done by sending a SYN (synchronization) packet, as if to initiate a three-way handshake, to every port on the server.
RELATED:
Handshaking Procedures
 | 
TCP Full Open Scan
TCP Wrapper
A TCP wrapper is a software package that is used to restrict access to certain network services based on the source of the connection. In other words, it is a host-based networking ACL system, used to filter network access to internet protocol servers on (Unix-like) operating systems such as GNU/Linux or BSD.
RELATED:
Cloud Computing
 | 
Software
TCP/IP
TCP/IP stands for Transmission Control Protocol/Internet Protocol. It is a basic communication language or protocol of the internet and can be used as a communications protocol in a private network as well (either an intranet or an extranet).
RELATED:
Egress
 | 
Internet Message Access Protocol (IMAP)
TCPDump
A TCPDump is a freeware protocol analyzer for Unix systems that can monitor network traffic on a wire. It allows the user to display TCP/IP and other packets being transmitted or received over a network. TCPDump works on most Unix-like operating systems. It was originally written in 1987 by Van Jacobson, Craig Leres and Steven McCanne who were working in the Lawrence Berkeley Laboratory Network Research Group.
RELATED:
Freeware
 | 
Unix
Technical Controls
Technical controls are the security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented through mechanisms contained in the hardware, software, or firmware components of the system.
RELATED:
Configuration Control
 | 
Hardware
TELNET
Telnet is a TCP-based, application-layer, internet standard protocol and an essential TCP/IP protocol for accessing remote computers. Through Telnet, an administrator or another user can access someone else's computer remotely.
RELATED:
File Security
 | 
Internet Standard
Temperature Sensor
A sensor system that produces an electrical signal related to its temperature which allows it to sense the temperature of its surrounding medium.
RELATED:
Photo Eye
 | 
Safety Instrumented System (SIS)
Threat
A threat is a possible danger that might exploit a vulnerability to violate security protocols and cause possible harm. In cybersecurity, advanced persistent threat (APT) usually refers to a group, such as a foreign government, with both the capability and the intent to persistently target a specific entity. It can also refer to a circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact organisational operations, assets (including information and information systems), individuals, other organisations, or society.
RELATED:
Black Hat
 | 
Data Breach
Threat Actor (or Threat Agent)
An individual, group, organisation, or government that conducts or has the intent to conduct detrimental activities.
RELATED:
Adversary
 | 
Hacker
Threat Analysis
The detailed evaluation of the characteristics of individual threats.
RELATED:
NGIPS
 | 
Security Test & Evaluation (ST&E)
Threat Assessment
Threat Assessment is a structured process used to identify and evaluate various risks or threats that an organization might be exposed to. The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to cause harm.
RELATED:
Business Impact Assessment
 | 
Risk Assessment
Threat Model
A threat model is a process that is used to optimize network security by identifying the key objectives and vulnerabilities, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system or network.
RELATED:
Data Loss
 | 
Mitigation
Threat Vector
A threat vector is a path or tool that a threat actor uses to attack the target.
RELATED:
Exploit
 | 
Vulnerability
Tiger Team
A tiger team is a group of professional security experts employed by a company to test the effectiveness of security by trying to break in into the system.
RELATED:
Penetration Testing
 | 
Security Testing
Time Bomb
A time bomb is a malicious program designed to execute at a predetermined time and/or date. Time bombs are often set to trigger on special days like holidays, or sometimes they mark things like Hitler’s birthday or 9/11 to make some sort of political statement.
RELATED:
Malicious Code
 | 
Script
Time to Live
Time to Live (TTL) or the hop limit is a mechanism that limits the lifespan of data in a computer or network. TTL is generally implemented as a counter or time stamp attached to or embedded in the data. TTL value in an IP data packet tells a network router whether or not the packet has been in the network too long and should be discarded.
RELATED:
Hop
 | 
Packet
Tiny Fragment Attack
A tiny fragment attack is IP fragmentation that is the process of breaking up a single Internet Protocol (IP) datagram into multiple packets of smaller size. If the data packet size is made small enough to force some of a TCP packet's TCP header fields into the second data fragment, filter rules that specify patterns for those fields will not match. If the filtering implementation does not enforce a minimum fragment size, a disallowed packet might be passed because it didn't hit a match in the filter.
RELATED:
Attack
 | 
IP Forwarding
Token Ring
A token ring network is a local area network in which all computers are connected in a ring or star topology and a binary digit or token-passing scheme is used in order to prevent the collision of data between two computers that want to send messages at the same time. It uses a special three-byte frame called a token that travels around a logical ring of workstations or servers.
RELATED:
Local Area Network (LAN)
 | 
Workstation
Token-Based Access Control
Token-based Access Control is an authentication method that offers additional security. Using this method, each user has a smart card or token that displays a constantly changing password. Without this card or token, it is impossible to authenticate yourself to the system. This two-factor authentication provides additional security by requiring an attacker to both guess the user's password and steal the smart card.
RELATED:
Access Control
 | 
Token Ring
Token-Based Devices
A token-based device or a security token is known by several names such as, hardware token, authentication token, USB token, cryptographic token, or key fob. A security token may be a physical device that an authorized user is given to access a system or network. Security tokens are used to prove one's identity electronically and is used in addition to or in place of a password to prove that the customer is who they claim to be.
RELATED:
Access Path
 | 
Authentication
Topology
Topology is the geometric arrangement of a computer system. Two networks have the same topology if the connection configuration is the same, although the networks may have variations in physical interconnections, distances between nodes, transmission rates, and signal types.
RELATED:
Collision
 | 
System-Specific Policy
Traceroute (tracert.exe)
Traceroute is a tool the maps the route a packet takes from the local machine to a remote destination. The history of the route is recorded as the round-trip times of the packets received from each successive host (remote node) in the route (path). The sum of the mean times in each hop indicates the total time spent to establish the connection.
RELATED:
Hop
 | 
Packet
Transmission Control Protocol (TCP/IP)
Transmission Control Protocol (TCP) is a set of rules or protocol that is used along with the Internet Protocol to send data in the form of message units between computers over the Internet. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP takes care of keeping track of the individual units of data called packets. TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly referred to as TCP/IP.
RELATED:
Application Layer
 | 
Internet Engineering Task Force (IETF)
Transport Layer Security (TLS)
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and the users on the Internet. When a server and client communicate, TLS ensures that no third party may overhear or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).
RELATED:
HTTPS
 | 
Secure Communication Protocol
Triple DES
Triple DES (3DES) is the common name for the Triple Data Encryption Algorithm (TDEA or Triple DEA) symmetric-key block cipher, which applies the Data Encryption Standard (DES) cipher algorithm three times to each data block. It transforms each 64-bit plaintext block by applying the DES three successive times, using either two or three different keys, for an effective key length of 112 or 168 bits.
RELATED:
Block Cipher
 | 
Data Encryption Standard (DES)
Triple-Wrapped
Triple wrapped describes any data that has been signed with a digital signature, encrypted, and then signed again is called triple-wrapped.
RELATED:
Digital Signature
 | 
Encryption
Trojan Horse
A Trojan, or Trojan Horse, is a malicious program disguised to look like a valid program, making it difficult to distinguish from programs that are supposed to be there. Once introduced, a Trojan is designed to execute malicious tasks such as destroy files, alter information, steal passwords or other information. Alternatively, it may stay dormant, waiting for a hacker to access it remotely and take control of the system. However, unlike viruses, a Trojan doesn’t have the ability to replicate.
RELATED:
Malicious Code
 | 
Virus
Trunking
Trunking is a method for a system to provide network access to many clients by sharing a set of lines instead of providing them individually. This is analogous to the structure of a tree with one trunk and many branches.
RELATED:
Access Type
 | 
Cloud Computing
Trust
Trust determines what permissions and actions other systems or users can perform on remote machines.
RELATED:
Access Path
 | 
Permission
Trusted Certificate
A trusted certificate is any digital certificate that a certificate user accepts as being valid without testing it.
RELATED:
Certificate Management
 | 
Certification Revocation List
Trusted Ports
Trusted ports are ports below number 1024 usually allowed to be opened by the root user.
RELATED:
Port
 | 
Root
Tunnel
A tunnel is a communication channel that is created in a computer network by encapsulating a protocol's data packets within a different type of protocol. The purpose is to move data between computers that use a protocol not supported by the network connecting them. For example, a tunnel may encapsulate a transport protocol (such as TCP), in a network layer protocol (such as IP).
RELATED:
Multiplexing
 | 
TCP/IP
Two-Factor Authentication
Two-factor authentication is a security measure that is used to obtain evidence of an identity by two independent means, such as knowing a password and successfully completing a smartcard transaction.
RELATED:
Authentication
 | 
Challenge Response Protocol
UDP Scan
A UDP Scan performs scans to determine which UDP ports are open or vulnerable. UDP is a connectionless protocol so there is no equivalent to a TCP SYN packet. However, if a UDP packet is sent to a port that is not open, the system will respond with an ICMP port unreachable message.
RELATED:
Port Scan
 | 
Protocol
Unauthorized Access
Unauthorized access is when a person gains logical or physical access without permission to a network, system, application, data, or other resource.
RELATED:
Tamper
 | 
Weakness
Unicast
Unicast is any communication between a single sender and a single receiver over a network. The term exists in contradiction to multicast, communication between a single sender and multiple receivers, and any cast, communication between any sender and the nearest of a group of receivers in a network.
RELATED:
Application Layer
 | 
TCP/IP
Uniform Resource Identifier
A uniform resource identifier (URI) is a string of characters that are used to identify the name of a resource. Such identification enables interaction with representations of the resource over a network (such as the world wide web) using specific protocols. In other words, URI is the generic term for all types of names and addresses that refer to objects on the world wide web.
RELATED:
Cyber Ecosystem
 | 
Non-Printable Character
Unix
Unix is a popular multi-user, multi-tasking operating system developed at Bell Labs in the early 1970's. Unix was designed to be a small, flexible system used exclusively by programmers.
RELATED:
Operating System
 | 
Root
Unprotected Share
An unprotected share is a mechanism that allows a user to connect to file systems and printers on other systems. An unprotected share is one that allows anyone to connect to it.
RELATED:
Hub
 | 
Share
URL
URL(or Uniform/Universal Resource Locator) is also known as the web address. It is a way of specifying the location of publicly available information on the internet.
RELATED:
Pharming
 | 
SSL (Secure Socket Layer)
URL Obfuscation
URL Obfuscation is when scammers use phishing emails to guide recipients to fraudulent sites with names very similar to established sites. They use a slight misspelling or other subtle difference in the URL, such as "monneybank.com" instead of "moneybank.com" to redirect users to share their personal information unknowingly.
RELATED:
Domain Hijacking
 | 
Phishing
User
A user is any person or organization entity that accesses a system. Users generally use a system or a software product without the technical expertise required to fully understand it.
RELATED:
Password Authentication Protocol
 | 
Root
User Account 
The record of a user kept by a computer to control their access to files and programs.
RELATED:
User
 | 
Password
User Contingency Plan
A user contingency plan is the alternative methods of continuing business operations if IT systems are unavailable.
RELATED:
Business Continuity Plan
 | 
Disaster Recovery Plan
Username 
The name associated with a particular computer user.
RELATED:
Password
 | 
User Account 
UTM/USM
Unified Threat Management/Unified Security Management is a solution in the network security industry. It has become established as a primary network gateway defense solution for organizations. In theory, UTM is the evolution of the traditional firewall into an all appliance reporting.
RELATED:
Gateway
 | 
Firewall
Variable Frequency Drive
A variable-frequency drive (VFD) is a adjustable-speed drive used in electro-mechanical drive systems to control AC motor speed and torque.
RELATED:
DC Servo Drive
 | 
Machine Controller
VCDB
VCDB is a community data initiative to catalog security incidents in the public domain using the VERIS framework. The database contains raw data for thousands of security incidents shared under a creative commons license. You can download the latest release, follow the latest changes on github, and even help catalog and code incidents to grow the database.
RELATED:
CRITs
 | 
Github
VERIS 
The Vocabulary for Event Recording and Incident Sharing (VERIS) is a set of metrics designed to provide a common language for describing security incidents in a structured and repeatable manner. VERIS is a response to one of the most critical and persistent challenges in the security industry a lack of quality information. VERIS targets this problem by helping organizations to collect useful incident data.
RELATED:
Incident Response Team
 | 
STIX 
Virtual Private Network (VPN)
A virtual private network (VPN) extends a private network across a public network, such as the internet. VPN enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. A VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols, or traffic encryption. FA VPN is generally less expensive to build and operate than a dedicated real network, because the virtual network shares the cost of system resources with other users of the real network.
RELATED:
Network
 | 
Wi-Fi
Virus
A virus is a malicious program that attaches itself to another program file and can replicate itself and thereby infect other systems. Viruses often perform some type of harmful activity on infected host computers, such as acquisition of hard disk space or central processing unit (CPU) time, accessing private information (e.g., credit card numbers), corrupting data, or displaying messages on a computer’s screen.
RELATED:
Blended Threat
 | 
Worm
Vishing
Vishing is the act of collecting private information from customers by fooling them into divulging confidential personal and financial information. People are lured into sharing user names, passwords, account information or credit card numbers, usually by an official-looking message that urges them to act immediately.
RELATED:
Email Ingest
 | 
Phishing
Voice Firewall
A voice firewall is a physical discontinuity in a voice network that monitors, alerts, and controls inbound and outbound voice network activity based on user-defined call admission control (CAC) policies, voice application layer security threats or unauthorized service use violations.
RELATED:
Application Layer
 | 
Firewall
Voice Intrusion Prevention System
A voice intrusion prevention system (VIPS) is a security management system for voice networks that monitors voice traffic for multiple calling patterns or attack/abuse signatures to proactively detect and prevent toll fraud, denial of service, telecom attacks, service abuse, and other anomalous activities.
RELATED:
Host-Based Intrusion Detection System (HIDS)
 | 
NIPS
Vulnerability
A vulnerability is a flaw that allows someone to operate a computer system with authorization levels in excess of that which the system owner specifically granted.
RELATED:
Buffer Overflow
 | 
Bug
Vulnerability Assessment
A vulnerability assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in the information technology system.
RELATED:
Security Control Assessment
 | 
Threat Assessment
War Chalking
War chalking is the marking of areas, usually on sidewalks with chalk, that receive wireless signals to advertise an open Wi-Fi network. They were publicised by Matt Jones who designed the set of icons and produced a downloadable document containing them.
RELATED:
Exploit
 | 
Wi-Fi
War Dialer
A war dialer is a computer program that automatically dials a series of telephone numbers to locate lines connected to computer systems, and catalogs those numbers so that a cracker or attacker can try to break into the systems.
RELATED:
Cracker
 | 
Guessing Entropy
Wardriving
Wardriving is the act of driving around in a vehicle with the purpose of finding an open, unsecured Wi-Fi wireless network. The range of a wireless network will exceed the perimeter of a building and create zones in public places that can be exploited to gain entry to the network. If your WiFi network is not secure, malicious hackers will often use a GPS system to make maps of exploitable zones so they can be used at a later time or passed on to others.
RELATED:
War Chalking
 | 
Wi-Fi
Watering Hole
A computer attack strategy, in which the victim is a particular group (organization, industry, or region). In this attack, the attacker guesses or observes which websites the group often uses and infects one or more of them with malware. Eventually, some member of the targeted group gets infected. Relying on websites that the group trusts makes this strategy efficient, even with groups that are resistant to spear phishing and other forms of phishing.
RELATED:
Monoculture
 | 
Phishing
Weakness
A shortcoming or imperfection in software code, design, architecture, or deployment that, under proper conditions, could become a vulnerability or contribute to the introduction of vulnerabilities.
RELATED:
Attack Vector
 | 
Vulnerability
Web of Trust
The Web of trust is a concept that is used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure (PKI), which relies exclusively on a certificate authority.
RELATED:
Certificate Management
 | 
Certification Revocation List
Web Server
A Web server is a computer system that processes requests via HTTP, the basic network protocol used to distribute information on the World Wide Web. Web server is used to refer either the entire system, or specifically to the software that accepts and supervises the HTTP requests.
RELATED:
Cookie
 | 
HTTPS
White Hat
White hats are ethical hackers who use. They use their knowledge and skill to thwart the black hats and secure the integrity of computer systems or networks. If a black hat decides to target you, it’s a great thing to have a white hat around. But if you don’t, you can always call on one of ours at Global Digital Forensics.
RELATED:
Black Hat
 | 
Grey Hat
Whitelist
A list of entities that are considered trustworthy and are granted access or privileges.
RELATED:
Authorization
 | 
Compliance Documents
WHOIS
A WHOIS is a protocol used for query and response of a database. It is popular for querying databases that store data such as registered users, domain name, IP address block, or an autonomous system. The protocol stores and delivers database content in a human-readable format. The WHOIS protocol is documented in RFC 3912.
RELATED:
Domain Name System
 | 
Reverse Lookup
Wi-Fi
Wireless local area network based upon IEEE 8 2.11standards.
RELATED:
Access Point
 | 
MAC Address
Windump
A Windump is a freeware tool for Windows that is a protocol analyzer that can monitor network traffic on a wire.
RELATED:
Freeware
 | 
Protocol
Wireless Application Protocol (WAP)
Wireless Application Protocol (WAP) is a technical standard for accessing information over a mobile wireless network. A WAP browser is a web browser for mobile devices such as mobile phones that uses the protocol.
RELATED:
Access Point
 | 
Endpoint Security
Wireless Device
A wireless device is a device that can connect to a manufacturing system via radio or infrared waves to typically collect/monitor data, but also in cases to modify control set points.
RELATED:
Router
 | 
Tablet
Wiretapping
Wiretapping is the process of monitoring and recording data that is flowing between two points in a communication system.
RELATED:
Hijack Attack
 | 
Sniffing
Workstation
Workstation is a computer used for tasks such as programming, engineering, and design.
RELATED:
Asset
 | 
Simple Network Management Protocol (SNMP)
World Wide Web
The World Wide Web (abbreviated WWW or the Web) is an information space where documents and other web resources are identified by Uniform Resource Locators (URLs), interlinked by hypertext links, and can be accessed via the Internet. English scientist Tim Berners-Lee invented the World Wide Web in 1989.
RELATED:
IP Address
 | 
Hypertext Transfer Protocol (HTTP)
Worm
A worm, like a virus, is a destructive self-contained program that can replicate itself. However, unlike viruses, a worm does not need to be part of another program and can self-replicate without user intervention. A worm can become devastating if not isolated and removed. Even if it does not cause outright damage, a worm replicating out of control can exponentially consume system resources like memory and bandwidth until a system becomes unstable and unusable.
RELATED:
Script Kiddie
 | 
Virus
XHTML
XHTML is short for eXtensible HyperText Markup Language. XHTML is a hybrid between XML and HTML and designed for network devices as a method of displaying web pages on network and portable devices.
RELATED:
HTML
 | 
XML
XML
XML is short for eXtensible Markup Language. XML is a specification developed by W3C starting with the recommendation on February 1 , 1998. XML is similar to HTML, XML uses tags to markup a document, allowing the browser to interpret the tags and display them on a page. Unlike HTML, XML language is unlimited (extensible) which allows self-defining tags and can describe the content instead of only displaying a page's content. Using XML other languages such as RSS and MathML have been created, even tools like XSLT were created using XML.
RELATED:
Hypertext Markup Language (HTML)
 | 
Security Assertion Markup Language (SAML)
XMPP
XMPP which stands for Extensible Messaging and Presence Protocol, is a communications protocol for messaging systems. It is based on XML, storing and transmitting data in that format. It is used for sending and receiving instant messages, maintaining buddy lists, and broadcasting the status of one's online presence. XMPP is an open protocol standard. Anyone can operate their own XMPP service, and use it to interact with any other XMPP service. The standard is maintained by XSF, the XMPP Standards Foundation.
RELATED:
Instant Messaging (IM)
 | 
SPIM
XMT
XMT is also called transmit. XMT is the method of sending data to an alternate computer or device.
RELATED:
Broadcast
 | 
Multi-Cast
XNS
XNS is short for Xerox Network Services, XNS is a proprietary network communications protocol developed by Xerox. XNS is no longer used and has been replaced by Transmission Control Protocol / Interface Program (TCP/IP).
RELATED:
Protocol
 | 
TCP/IP
Y2K
Y2K is short for the millennium bug. Y2K is a warning first published by Bob Bemer in 1971 describing the issues of computers using a two-digit year date stamp.
RELATED:
Bug
 | 
Operating System
YARA
YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic.
RELATED:
Active Defense
 | 
MASINT
Ymodem
A Ymodem is a file-transfer protocol developed by Chuck Forsburg, that is similar to the enhanced 1K version of Xmodem. Ymodem allows for multiple file transmissions at once, performs cyclical redundancy checks (CRC), and can reduce the transfer size to compensate for poor connections.
RELATED:
CRC
 | 
FTP
Yottabyte
A yottabyte is equal to one septillion bytes and is the largest recognized value used with storage. Yottabyte is abbreviated as YB.
RELATED:
Hard Disk
 | 
Octet
Zero Day
A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack.
RELATED:
Exploit
 | 
Vulnerability
Zombie / Zombie Drone
A zombie is a malware program that can be used by a black hat cracker to remotely take control of a system, which is then used as a zombie drone for further attacks (e.g. spam emails, Denial of Service attacks), without a user’s knowledge. Zombie drones are used to cover the black hat’s tracks and increase the magnitude of activities by using other’s resources. As zombies are benign and non destructive, the users infected are usually unaware that it is there.
RELATED:
Bot
 | 
Malware
Zombie Computer
A remote-access Trojan horse installs hidden code that allows your computer to be controlled remotely. Digital thieves then use robot networks of thousands of zombie computers to carry out attacks on other people and cover up their tracks. Authorities have a harder time tracing criminals when they go through zombie computers.
RELATED:
Bot
 | 
Trojan Horse
CyberPolicy
Your Trusted Advisor for Complete Cyber Protection

CyberPolicy.  Plan. Prevent. Insure.