Information Security and Regulatory Compliance Glossary
Access Control is a security technique that regulates who or what can view, use, or access resources in a computing environment. It is a fundamental concept in security that minimizes risk to the business or organization. There are two types of access control: physical and logical. Physical access control limits access to buildings, rooms, and physical IT assets. Logical access control limits connections to computer networks, system files, and data.
Access Control List (ACL)
An Access Control List (ACL) is a list of permissions attached to an object that specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an operation.
Advanced Persistent Threat (APT)
An advanced persistent threat (APT) is a prolonged, aimed attack on a specific target with the intention to compromise their system and gain information from or about that target. APT attacks are typically carried out by organized cybercriminal groups and can extend over a long period of time, often going unnoticed for months or even years.
An air gap, in computer security, is a measure or design intended to prevent insecure connections between an unsecured network, for instance, the public internet, and a secured computer system. An air-gapped system is one that is physically isolated from unsecured networks.
Application Security involves measures taken to improve the security of an application often by finding, fixing and preventing security vulnerabilities within the application. This can include security considerations in the design and development, but also system configuration, and the deployment processes.
An audit in the context of information security is a systematic evaluation of the security of a company's information system by measuring how well it conforms to a set of established criteria. This typically includes assessments of various aspects like physical configuration, environment, software, information handling processes, and user practices.
An Audit Trail is a record of the sequence of activities detailing the operational history within an organization or system. In IT, this often includes logs of who has accessed a computer system, when it was accessed, and what operations were performed. It's crucial for maintaining security, recovering lost transactions, and in the forensic investigation of a cyber incident.
The ability to prove that a person or application is genuine, verifying the identity of that person or application. Authentication uses one or more of three primary methods, or factors: what you know, what you are, and what you have.
“What you know” encompasses passwords, personal identification numbers (PINs), passphrases, and other secrets. This type of authentication is not strong on its own and is typically paired with another authentication factor.
“What you are” involves biometric authentication methods, such as retinal scans, fingerprints, voice or signature recognition, and so on. These factors cannot be easily changed if compromised.
“What you have” entails objects or applications running on objects that you physically possess. Traditionally this involved keys, but modern forms may also involve USB tokens, smart cards, and one-time password applications on devices. This factor requires possession of the object at the time of use and may be hindered by intentional or unintentional loss of, or damage to, the object.
Authorization is the act of determining whether a user or application has the right to conduct particular activities in a system. This determination is typically based on the role that a user holds within the organization, and the rights associated with that role. This concept is known as Role-Based Access Control (RBAC). In this model, roles are created for various job functions, and permissions to perform certain operations are assigned to specific roles. Users are then assigned appropriate roles, and through those roles, users acquire the permissions to perform particular system functions. Because users are not assigned permissions directly, but only acquire them through their roles (role-based privileges), management of individual user rights becomes a matter of simply assigning appropriate roles to the user's account; this simplifies common operations, such as adding a user or changing a user's department.
Availability is the assurance that data and services are accessible to authorized users whenever needed. This involves maintaining system and service uptime, ensuring system resources are not overwhelmed, and implementing robust backup and recovery procedures to prevent and recover from potential failures. Redundancy is often used as a measure to ensure availability.
A subset of authentication methods that uses unique physical or behavioral characteristics to verify an individual's identity. This can include fingerprints, facial recognition, iris or retinal scans, voice recognition, and even typing rhythm. Biometric authentication provides a higher level of security as these characteristics are difficult to replicate, but it also raises privacy concerns and cannot be changed if compromised.
Blue Teaming refers to the internal defense team that defends against both real attackers (external threats) and the Red Team (internal, simulated attacks).
Brute Force Attack
A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data.
Business Continuity Planning (BCP)
A proactive planning process that ensures critical services or products are delivered during a disruption. This includes identifying potential threats to an organization, assessing the impact of those threats, and developing strategies to minimize the impact. BCP aims to minimize financial loss and prevent damage to the organization's reputation, while ensuring the quick resumption of time-sensitive tasks and processes.
The CIA Triad is an abbreviation for the core tenets of information security: confidentiality, integrity, and availability. These principles need to be in balance, as an overemphasis on one may lead to weaknesses in others. For instance, focusing too much on confidentiality could make data less available to authorized users.
Cloud Computing is the delivery of different services through the Internet, including data storage, servers, databases, networking, and software. These cloud-based services are designed to provide easy, scalable access to applications, resources and services, and are fully managed by a cloud services provider.
In the context of information security, compliance refers to the process of adhering to a set of specific standards, regulations, laws, or policies that are applicable to a particular business or sector. These regulations can be internal (company policies) or external (laws or industry standards).
Compensating controls are alternative security measures implemented when a primary control is not feasible or cost-effective. The compensating control must effectively mitigate the risk to an acceptable level. These controls are typically used when an organization can't comply with a security standard's primary requirements for technical or business reasons.
Confidentiality involves ensuring that sensitive information is accessed only by those with a legitimate need to know. This is often enforced through encryption, access controls, and other protective measures designed to keep unauthorized individuals from accessing the data.
Controlled Unclassified Information (CUI)
Controlled Unclassified Information (CUI) is a category of information that law, regulation, or government-wide policy requires to have safeguarding or dissemination controls, but is not classified under Executive Order 13526 or the Atomic Energy Act. This typically includes information that may pertain to privacy, proprietary business interests, and law enforcement investigations.
Criminal Justice Information Services (CJIS)
CJIS is a division of the United States Federal Bureau of Investigation (FBI) that provides criminal justice information needed to perform law enforcement duties. The CJIS Security Policy outlines the security precautions that must be taken to protect this data, including in areas such as authentication, access control, encryption, and auditing.
Cybersecurity Maturity Model Certification (CMMC)
The Cybersecurity Maturity Model Certification (CMMC) is a unified cybersecurity standard for future Department of Defense (DoD) acquisitions. Depending on the sensitivity of the information, different levels of CMMC might be required, ranging from basic cyber hygiene to advanced.
A data breach is an incident where data is accessed, exposed, copied, transmitted, viewed, or stolen by an unauthorized party. This can involve any form of data: electronic or paper. The data could be sensitive, protected, or confidential, such as credit card numbers, customer data, personal identification information, intellectual property, trade secrets, and so on. This term does not indicate intent; other terms such as 'data leak' and 'information leakage' help convey whether a data breach was intentional or not.
Data Encryption is the method of using an algorithm to transform data into a form that is unreadable without a decryption key. Its purpose is to secure sensitive and confidential data, both at rest and in transit, to prevent unauthorized access.
Data Loss Prevention (DLP)
A strategy, encompassing a set of technologies, processes, and procedures, designed to prevent sensitive or critical information from being sent outside the corporate network, lost, misused, or accessed by unauthorized users. DLP involves control over what data end users can transfer and typically includes the monitoring, detection, and blocking of data in motion, data at rest, and data in use. This term is also used to describe software products that assist a network administrator in implementing these controls.
Data Masking is a method of creating a structurally similar but inauthentic version of an organization's data that can be used for purposes such as software testing and user training. This helps protect the actual data while having a functional substitute for occasions when the real data is not required.
Data Protection Impact Assessment (DPIA)
A Data Protection Impact Assessment (DPIA) is a process designed to help organizations systematically analyze, identify and minimize the data protection risks of a project or plan. DPIAs are often used in the context of GDPR compliance.
Defense-in-depth is a strategy that employs a series of mechanisms to slow the advance of an attack aimed at acquiring unauthorized access to information. This layered approach to security can include physical security, network security, antivirus software, user authentication, and encryption, among others. Each layer provides protection so that if one layer is breached, a subsequent layer is already in place to thwart an attack.
Defense Information Systems Agency (DISA)
The Defense Information Systems Agency (DISA) is a combat support agency of the U.S. Department of Defense (DoD). DISA provides, operates, and assures command and control and information-sharing capabilities and a globally accessible enterprise information infrastructure in direct support to joint warfighters, national level leaders, and other mission and coalition partners across the full spectrum of military operations.
DISA Security Technical Implementation Guides (STIGs)
DISA Security Technical Implementation Guides (STIGs) are the configuration standards for DoD Information Assurance (IA) and IA-enabled devices and systems. A STIG describes how to minimize network-based attacks and prevent system access when the attacker is trying to gain access through a system’s network interface. They are a valuable resource to help secure large and complex network infrastructures.
Denial-of-Service (DoS) Attack
A type of cyber attack in which an attacker seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. This is typically accomplished by flooding the targeted system with requests, in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.
Distributed Denial of Service (DDoS) Attack
A variant of the Denial-of-Service (DoS) attack, but the attack source is more than one, often thousands of, unique IP addresses. It is distinct from DoS attacks, as the attack traffic is generated from a distributed network of compromised devices, often referred to as a 'botnet'. These attacks can be significantly more difficult to mitigate due to the distributed nature of the attack source.
Disaster Recovery (DR)
Disaster Recovery is the coordinated process of restoring systems, data, and infrastructure required for maintaining or resuming critical business operations after a disaster or disruption. This process involves various steps such as planning, testing, and implementing strategies like data backup and recovery, system redundancy, and contingency planning.
E-Discovery refers to discovery in legal proceedings such as litigation, government investigations, or Freedom of Information Act requests, where the information sought is in electronic format. It can be an involved process that entails identifying, securing, and searching electronic records for relevant evidence.
In the context of network security, an endpoint is any device that communicates back and forth with a network, including but not limited to desktops, laptops, smartphones, and servers.
This refers to the approach of safeguarding the various endpoints on a network, which are entry points for security threats. Endpoint security involves both security software located on a centrally managed and accessible server or gateway within the network and client software installed on each endpoint device. This system monitors and blocks potentially harmful activities and/or objects that could jeopardize the network, providing protection for the network when accessed via remote devices such as laptops, smartphones, or other wireless and mobile devices.
Encryption is the process of converting plaintext into encoded data (ciphertext) to prevent unauthorized access. Only authorized parties can decipher a ciphertext back to plaintext and access the original information. Encryption does not prevent interference, but denies the intelligible content to a would-be interceptor. In an encryption scheme, the intended information or message, referred to as plaintext, is encrypted using an encryption algorithm - a cipher - generating ciphertext that can be read only if decrypted.
Federal Information Security Management Act (FISMA)
FISMA is United States legislation that defines a comprehensive framework to protect government information, operations and assets against natural or man-made threats. FISMA was enacted as part of the Electronic Government Act of 2002.
FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services used by federal agencies. Its goal is to ensure effective, repeatable cloud security for the government.
A firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet.
A finding refers to an issue that has been identified during an audit or assessment. In information security, a finding could be a weakness or deficiency in the system that could potentially be exploited by a threat actor, or it could be an area where the organization is not meeting its own policies or a regulatory requirement.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside these areas. GDPR aims to give control to individuals over their personal data and to simplify the regulatory environment for international business.
Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that requires the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge.
A honeypot is a computer system that is set up to act as a decoy to lure cyber attackers, and to detect, deflect, or study attempts to gain unauthorized access to information systems. Honeypots can be designed to purposely engage and deceive hackers and identify malicious activities performed over the Internet.
Identification is the process of a user asserting a claimed identity, such as by providing a username or email address. It's the first step in access control and is followed by authentication, which is the process of verifying the claimed identity. Identification establishes the 'who' for access control and accountability, while authentication verifies that 'who.'
Identity and Access Management (IAM)
Identity and access management (IAM) is a framework for business processes that facilitates the management of electronic or digital identities. The framework includes the technology needed to support identity management.
An incident is the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information, or interference with system operations. Incidents can be caused by people, natural phenomena, disasters, and even animals. When an incident occurs, it's crucial for organizations to have an Incident Response plan in place. This is a structured approach to addressing and managing the aftermath of a security incident with the aim to limit damage and reduce recovery time and costs.
The organized approach to addressing and managing the aftermath of a security breach or cyberattack. The goal is to manage the situation in a way that limits damage, reduces recovery time and costs, and enhances the organization's resilience. An effective incident response plan involves identification, containment, eradication, recovery, and lessons learned to prevent future incidents.
Information Assurance (IA)
Information Assurance (IA) is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes. IA includes protection of the integrity, availability, authenticity, non-repudiation, and confidentiality of user data.
Information Governance is the management of information at an organization. It includes policies, processes, and controls designed to manage information throughout its lifecycle, from creation, use, maintenance, to disposal, with regard to regulatory compliance, data protection, and data privacy.
Information Security Management System (ISMS)
An Information Security Management System (ISMS) is a set of policies, procedures, and systems for managing risks to organizational data, with the objective of ensuring acceptable levels of information security risk.
Integrity in information security refers to maintaining the accuracy, consistency, and trustworthiness of data over its entire life cycle. Measures taken to ensure integrity include controlling the physical environment of networked terminals and servers, restricting access to data, and maintaining rigorous authentication practices. Data integrity can be threatened by many things including human error, physical damage to hardware, malicious activity, and more.
Intrusion Detection System (IDS)
An Intrusion Detection System (IDS) is a system that monitors network traffic for suspicious activity and alerts the system or network administrator. In some cases, the IDS may also respond to anomalous or malicious traffic by taking action such as blocking the user or source IP address from accessing the network.
Intrusion Prevention System (IPS)
An Intrusion Prevention System (IPS) is a system that examines network traffic flows to detect and prevent vulnerability exploits, which are the main method by which malware is delivered onto a network. An IPS not only detects malicious activities but also takes proactive actions to prevent the data from entering the network.
ISO 27001 is a specification for an information security management system (ISMS). An ISMS is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organization's information risk management processes.
Lateral movement refers to the techniques that a cyber attacker uses to move through a network in search of targeted key data and assets after gaining initial access. This can involve exploitation of vulnerabilities in software, abuse of system features, or use of stolen credentials. These techniques are typically used to avoid detection and gain access to sensitive data or privileged system access.
The principle of least privilege recommends that only the minimum access rights necessary for staff or systems to perform their authorized tasks should be assigned, and for the minimum duration necessary. This approach minimizes the risk of unauthorized access or actions. A modern implementation of this principle is just-in-time (JIT) access, where users are granted the necessary permissions only at the moment they're needed, and these permissions are revoked immediately after.
Malicious software designed to infiltrate, damage, or disable computers, computer systems, networks, or electronic devices, often while giving a threat actor remote control over the affected systems. Malware encompasses a range of software types, including viruses, worms, ransomware, and spyware. It spreads through various methods such as email attachments, software downloads, or malicious websites.
Malware analysis is the process of understanding the behavior and purpose of a suspicious file or URL to help mitigate potential risks. It involves using a variety of tools and techniques to assess the nature, functionality, and potential impact of the suspected malware.
Multi-Factor Authentication (MFA) is a method that uses authentication techniques from two or more of the distinct categories of factors. For example, combining a password (something you know) with a one-time password generated by an app on a smartphone (something you have), or a facial scan (something you are) with a PIN. This approach significantly enhances security because even if one factor is compromised, an attacker still has at least one more barrier to breach. It's important to note that true MFA requires elements from different categories. Two elements from the same category (e.g., two types of something you know, like a password and a security question) does not constitute MFA but is instead referred to as two-step verification.
Network Address Translation (NAT)
Network Address Translation (NAT) is a method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device.
Network segmentation is the practice of dividing a computer network into subnetworks, each being a network segment or network layer. Advantages of such division are primarily for boosting performance and improving security through isolation.
NIST 800-53 is a publication from the National Institute of Standards and Technology (NIST) that provides a catalog of security and privacy controls for all U.S. federal information systems except those related to national security. It is part of the NIST Risk Management Framework.
NIST 800-171 is a set of standards that define how to protect sensitive, non-classified information in non-federal systems and organizations. It's often used by government contractors and subcontractors to adequately safeguard controlled unclassified information (CUI).
North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)
NERC CIP is a set of standards designed to secure the assets required for operating North America's bulk electric system. The NERC CIP plan consists of 9 standards and 45 requirements covering the security of electronic perimeters and the protection of critical cyber assets as well as personnel and training, security management and disaster recovery planning.
Non-repudiation refers to the ability to ensure that a party to a contract or a communication cannot deny the authenticity of their signature on a document or the sending of a message. In digital security, it provides proof of the origin or delivery of data to protect the sender against false denial by the recipient that the data has been received, or to protect the recipient against false denial by the sender that the data has been sent.
Patch Management is a process used in IT to ensure that all systems are up-to-date with the latest security patches and updates. This is crucial for protecting systems against known vulnerabilities that can be exploited by attackers. Patch management activities include: maintaining knowledge of available patches, deciding which patches are appropriate for particular systems, ensuring patches are installed properly, testing systems after installation, and documenting all associated procedures.
Payment Card Industry Data Security Standard (PCI DSS)
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. PCI DSS helps to prevent credit card fraud through increased controls around data and its exposure to compromise.
A method of evaluating the security of a computer system, network, or web application by simulating an attack from a malicious source.
Privilege escalation happens when a user gets access to more resources or functionality than they are normally allowed, and such elevation or changes should have been prevented by the system. This concept is significant in the context of a malicious cyber-attack, where an intruder initiates a privilege escalation attack to exploit a bug, design flaw, or configuration oversight in an operating system or software application to gain elevated access to resources.
Privileged Access Management (PAM)
A cybersecurity discipline that encompasses the strategies and technologies for exerting control over the elevated (“privileged”) access and permissions for users, accounts, processes, and systems across an IT environment.
Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, tricks a victim into opening an email, instant message, or text message. The recipient is then tricked into clicking a malicious link, which can lead to the installation of malware, the freezing of the system as part of a ransomware attack, or the revealing of sensitive information.
Privacy Impact Assessment (PIA)
A tool for identifying and assessing privacy risks throughout the development life cycle of a program or system. A PIA examines how personal information is collected, used, stored, and shared, and it helps organizations make informed decisions about privacy aspects related to products, services, or initiatives. A thorough PIA helps ensure compliance with privacy laws, regulations, and policies, while also building trust through transparency.
Public Key Infrastructure (PKI)
Public Key Infrastructure (PKI) is a technology for authenticating users and devices in the digital world. The basic idea is to have one or more trusted parties digitally sign documents certifying that a particular cryptographic key belongs to a particular user or device.
Ransomware is a type of malicious software designed to block access to a computer system or data until a sum of money or ransom is paid.
Red Teaming is a full-scope, multi-layered attack simulation designed to measure how well a company's people, networks, applications and physical security controls can withstand an attack from a real-life adversary.
Recovery Point Objective (RPO)
Recovery Point Objective (RPO) refers to the maximum tolerable period in which data might be lost due to a major incident. It is measured in time, such as 'one hour of customer data'. This means that, in the event of a disaster, the organization should be prepared to lose up to one hour's worth of data. RPO is a key consideration in backup and disaster recovery planning.
Recovery Time Objective (RTO)
Recovery Time Objective (RTO) is the targeted duration of time within which a business process must be restored after a disaster or disruption to avoid unacceptable consequences associated with a break in business continuity. In other words, it's the length of time your business can afford to be 'down' or offline.
Risk Assessment is the process of identifying, estimating, and prioritizing risks to organizational operations and assets resulting from the operation and use of information systems. The risk assessment process is used to identify potential threats, vulnerabilities that could be exploited by the threats, and the potential impact on the organization should a threat exploit a vulnerability.
Risk Management Framework (RMF)
The Risk Management Framework (RMF) is a set of criteria that dictate how the United States government IT systems must be architected, secured, and monitored. Initially developed by the Department of Defense (DoD), the RMF was later adopted by the rest of the U.S federal information systems in 2010.
Secure coding is the practice of developing computer software in a way that guards against the accidental introduction of security vulnerabilities. It involves regular testing and code review, and the use of coding practices specifically designed to promote security.
Security Architecture refers to the design artifacts that describe how the security controls (security countermeasures) are positioned, and how they relate to the overall systems architecture. These controls serve the purpose to maintain the system's quality attributes, among them confidentiality, integrity, availability, accountability and assurance.
Security Awareness Training
Security Awareness Training is a formal process for educating employees about computer security. The goal is to enable employees to understand potential threats to the organization's information and how to apply best practices to prevent breaches or attacks.
Security controls are safeguards or countermeasures employed to avoid, detect, counteract, or minimize security risks. They can be categorized into administrative (policies and procedures), physical (locks, fences), and technical (firewalls, access controls) controls. These controls aim to protect the confidentiality, integrity, and availability of data.
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM) software products and services combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware.
Security Operations Center (SOC)
A centralized unit that deals with security issues on an organizational and technical level.
Sarbanes-Oxley Act (SOX)
The Sarbanes-Oxley Act (SOX) is a United States federal law that mandates certain practices in financial record keeping and reporting for corporations. This law has implications for information security, particularly in areas such as access controls, data retention, and data protection.
Security Operations, Automation, and Response (SOAR)
Security Orchestration, Automation, and Response (SOAR) is a term for software products and services that help streamline and automate the incident response process in an organization's security operations center (SOC). SOAR tools allow an organization to collect data about security threats from multiple sources and automate responses to low-level threats.
A Security Policy is a high-level plan that outlines the organization's security principles, approach, guidelines, and standards. It sets the strategic direction, scope, and tone for all security efforts within the organization.
Security Posture is the security status of an enterprise's networks, information, and systems based on information security resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes.
Security Risk is the potential for losses or other adverse impacts to arise due to vulnerabilities that could be exploited by threats. These losses or impacts can be to the information or the systems that process, store, and transmit that information.
Secure Sockets Layer (SSL) / Transport Layer Security (TLS)
SSL and TLS are cryptographic protocols designed to provide communications security over a computer network. Websites use TLS to secure all communications between their servers and web browsers. SSL is the predecessor to TLS.
Security Testing is the process of evaluating and testing an information system, network, or web application to find vulnerabilities, weaknesses, or compliance issues that could be exploited or lead to a potential breach or loss of data, affecting the system's information security.
Separation of Duties
Separation of Duties (SoD) is a key concept of internal controls and is the most common way to prevent or detect internal fraud. The principle of SoD is that no employee or group should be in a position to both perpetrate and conceal errors or fraud in the normal course of their duties. In general, the flow of responsibilities should be organized so that the successful completion of a process requires the participation of two or more individuals or departments.
Social engineering is a tactic that adversaries use to trick you into revealing sensitive information. They can solicit a monetary payment or gain access to your confidential data. Social engineering can be combined with any of the threats listed above to make you more likely to click on links, download malware, or trust a malicious source.
Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also intend to install malware on a targeted user’s computer.
StateRAMP is an independent non-profit organization that provides a security framework similar to FedRAMP, but intended for use by state, local, tribal, and territorial governments. Its purpose is to standardize, streamline, and improve cybersecurity risk management.
Supply Chain Attack
A Supply Chain Attack is a cyber attack that seeks to damage an organization by targeting less-secure elements in the supply network.
System hardening is the process of securing a system by reducing its surface of vulnerability. This is typically accomplished by removing unnecessary software, unnecessary usernames or logins and the disabling or removal of unnecessary services.
Threat Hunting refers to the proactive search for malware or attackers lurking in a network. Unlike other forms of threat detection, threat hunting is unique in that it is performed by human analysts and involves the proactive identification of adversaries rather than waiting for automated alerts.
Threat Intelligence, in the context of cybersecurity, is knowledge that allows you to prevent or mitigate cyber attacks. It is the process of using tools, techniques and intelligence to understand and analyze potential threats that could harm the organization.
Transport Layer Security (TLS) / Secure Sockets Layer (SSL)
SSL and TLS are cryptographic protocols designed to provide communications security over a computer network. Websites use TLS to secure all communications between their servers and web browsers. SSL is the predecessor to TLS.
Two-Factor Authentication (2FA)
A security measure that requires two distinct methods, or factors, to verify a user's identity. This process provides a higher level of security than single-factor authentication (SFA), which typically involves only a password or passcode. The two factors in 2FA can include something the user knows, such as a username and password, and something the user has, like a smartphone app to approve authentication requests. The objective of 2FA is to enhance the protection of both the user's credentials and the resources the user can access.
Virtual Local Area Network (VLAN)
A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2). VLANs work by applying tags to network frames and handling these tags in networking systems – creating the appearance and functionality of network traffic that is physically on a single network but acts as if it is split between separate networks.
Virtual Private Network (VPN)
A VPN extends a private network across a public network and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. It provides a secure tunnel for your internet connection, protecting your data from attackers.
A vulnerability is a weakness in an information system, system security procedures, internal controls, or implementations that could be exploited by a threat source. Vulnerability management, the practice of identifying, classifying, prioritizing, and resolving vulnerabilities, is a crucial part of maintaining robust security. This often involves the use of automated vulnerability scanners and regular patch management.
An ongoing process of identifying, classifying, prioritizing, mitigating, and remediating vulnerabilities in software and hardware systems. This includes regular scanning for weaknesses, risk assessment to understand their impact, patch management to fix the vulnerabilities, and reporting to ensure transparency and continuous improvement. Effective vulnerability management helps protect systems against exploitation and reduces the potential attack surface.
Whaling is a specific kind of malicious hacking within the more general category of phishing, which involves hunting for data that can be used by the hacker. In general, phishing efforts are focused on collecting personal data about users. In whaling, the targets are high-ranking bankers, executives or others in powerful positions or job titles.
Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access. The strategy around Zero Trust boils down to "never trust, always verify."
Zero Trust Architecture
A security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access.
A cyberattack that occurs on the same day a vulnerability becomes known to the public and before a patch or solution is implemented. In these situations, the software developers have zero days to fix the issue, hence the term. These exploits are highly valuable to attackers, as they take advantage of vulnerabilities that are currently unprotected, making the systems susceptible to unauthorized actions.