Cyber Security Glossary

Terms to know- SPEAK English not Jargon

Access Control: Governs the privileges that users have on computer or online services, and the information they store.

Antivirus: An application that understands what type of content you are opening and identifies threats within this content. It scans all documents, attachments, and applications to identify threats. It checks against a database of scans across the entire Internet to determine what is a threat and what is safe.

Anti-Spyware: Software that is designed to detect and remove unwanted programs that are installed on a computer without the user’s knowledge to collect information about them.

Assets: Company-owned equipment such as servers, switches, software, laptops, desktops, corporate mobile phones, as well as confidential company records and data. All assets are considered to be critical and need to be protected from illicit use, access, destruction, theft or damage resulting in loss and consequences for the organization.

Authentication: A method of determining whether an entity or data is genuine/valid or not.

Authorization: Permission to modify data or engage in transactions.

Backup: A copy of data stored on a computer or server that lessen the potential impact of a security incident, should it result in data loss/inaccessible data. If the data was backed up to an external entity, it would be accessible even if it was stolen during a ransomware or other security event.

Blacklist: A list of disapproved or suspicious applications, IP addresses, websites, etc.

Breach: A cyber security compromise. It differs from a cyber-attack in that it is more precise, and there’s less malicious intent; in other words, data was probably released by a mistake, negligence, or another unintentional case.

Brute-Force Attack: A cyber-attack in which the strength of computer and software resources are used to overwhelm security defenses via the speed and/or frequency of an attack, or by gaining access through algorithmically attempting all combinations of login options until a successful one is found.

Business Continuity Management: Preparing for and maintaining business operations following a major business disruption or crisis such as a cyber-attack.

Common Vulnerability Scoring System (CVS): The CVS system provides a way to examine the characteristics of a vulnerability and produce a number that reflects its severity. The number can be translated into a qualitative representation (low, medium, high and critical) in order to help organizations assess and prioritize their vulnerability management process.

Compliance Audit: A compliance audit is a comprehensive review of an organization’s compliance to regulatory guidelines. Independent accounting, security or IT consultants evaluate the strength and thoroughness of compliance preparations. They then prepare a report to outline any breaches and makes recommendations to remediate the issue.

Compliance Audit Solution: A solution that helps an organization to maintain compliance with various regulatory guidelines.

Cryptography: Techniques for secure communication including encryption algorithms and digital signatures that prevent third parties or the public from reading private messages.

Cyber-attack: A security compromise caused by malicious intent.

Data Loss Prevention (DLP): The act of making sure that end users do not send sensitive, confidential or critical information outside the corporate network. The term is also associated with software products that help a network administrator control what data end users can access and transfer outside the firewall.

Defense in Depth: The use of multiple security layers to protect the information assets in an organization. The strategy is based on the idea that it is more difficult for an attacker to defeat a multiple layered defense system than to penetrate a single barrier. Every defense can be broken, and the best way to protect yourself is to have layers:

  • Antivirus software
  • Firewalls
  • Anti-spyware programs
  • Hierarchical passwords
  • Intrusion detection
  • Biometric verification

Domain Name System (DNS): The Internet’s equivalent of a phonebook. Every domain on the Internet is assigned an Internet Protocol (IP) address, and all IP addresses are stored in the DNS. Computers and other devices access websites based on IP address, and the actual domain name (i.e., google.com) is only meant for the user, as it is easier to remember than a string of numbers.

Domain Name System Blocking: A common method of denying access to certain websites. Each website has its own IP address and the DNS blocker is equipped for removing the record of the numbers for websites that have been blocked.

Domain Name System Gateway: A solution that scans the domains across the Internet, and based on categories, determines if the end user is allowed to access the website, or if it should be blocked due to a harmful nature or a potential threat to the IT system.

Email Spam Filtering: The process of organizing emails according to specified criteria including filtering threatening or unwanted e-mails into a spam folder. This also includes advertisement e-mails being placed in their own folder, and e-mails from people being placed in the main mailbox folder.

Entry Point: A potential path a hacker could take to break into an IT system’s network.

Encryption: The use of an algorithm to convert plain text into cipher text; data scrambled to the point it becomes unreadable and therefore the information is hidden. For security or privacy, end-to-end encryption is the process of encrypting data while it is passed through a network.

FINRA: The Financial Industry Regulatory Authority, Inc. is a private corporation that acts as a self-regulatory organization. FINRA’s mission is to protect investors by making sure the United States securities industry operates fairly and honestly. FINRA regulates trading in equities, corporate bonds, security futures, and options.

Firewall: A network security device that monitors incoming and outgoing traffic and decides to allow or block specific traffic based on a define set of security policies. They are the first line of defense in network security.

HIPAA: (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding medical information.

Host-based intrusion detection systems (HIDS): A system that monitors important operating system files

Identity: For security purposes, an individual’s unique data.

Information Security: Defined as protecting any information contained in any system (computerized or hard copy) from unauthorized access, use, disclosure, disruption, modification or destruction. It is done to provide confidentiality (preserving authorized restrictions on information), integrity (ensuring data has not been improperly accessed or replicated and remains authentic) and availability (guaranteeing timely and reliable access to and use of information). Collectively, these three concerns are typically referred to as CIA.

Intrusion Detection Server (IDS): A system that monitors cyber intrusions and attacks. It is placed in front of a firewall, where it monitors incoming traffic for malicious activity or policy violations and determines if there are any threats. It looks at unusual traffic and determines if the website should be blocked or not according to corporate policies.

Intrusion Prevention Sensor (IPS): a network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits. The IPS sits directly behind the firewall. Unlike the IDS it takes automated actions against unwanted traffic, including:

  • Sending an alarm to the administrator (as would be seen in an IDS)
  • Dropping the malicious packets
  • Blocking traffic from the source address
  • Resetting the connection

Macro Virus: Malware (malicious software) that uses the macro capabilities of common applications such as spreadsheets and word processors to infect data.

Malware: Short for malicious software, is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content and other software. Malware is defined by its malicious intent, acting against the requirements of the computer user—and so does not include software that causes unintentional harm due to some deficiency.

Mobile Device Management: A type of security software used by an IT department to monitor, manage and secure employees’ mobile devices (laptops, smartphones, tablets, etc.) that are deployed across multiple mobile service providers and across multiple mobile operating systems being used in the organization.

National Vulnerability Database: NVD is the US government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP).

Network intrusion detection systems (NIDS): A system that analyzes incoming network traffic.

NIST: National institute of Security for Technology—a segment in the department of commerce that recommends ways for federal agencies to recover from cyber events.

Non-Signature Based: An antivirus system that is based on behavior. It analyses user behavior to determine if anything they are viewing or downloading could potentially be a threat to the system.

Open DNS: A company and service which extends the Domain Name System (DNS) by adding features such as phishing protection and optional content filtering in addition to DNS lookup, if its DNS servers are used.

Patch: A patch is a software update to an operating system, application or other function that directly addresses and corrects a particular vulnerability. Patches often improve system usability or performance.

Password Management: Software that stores all the passwords one uses for their various accounts and helps the end-user to gain access to their accounts easily.

PCI Compliance: The Payment Card Industry Data Security Standard (PCI DSS) is regulation that applies to companies of any size that accept credit card payments. If your company intends to accept card payments, and store, process and transmit cardholder data, you must host your data securely with a PCI compliant hosting provider.

Penetration Test (Pen Test): A penetration test is the act of purposely trying to exploit a vulnerability to get into the system, to determine if it would be possible for a hacker to do the same thing.

Perimeter Defense: A layer of defense against attacks to the network. It works to protect the firewall from external attacks.

Periodic Vulnerability scanning: Probing and examination of entry points to determine if there is a way for a hacker to enter in the system.

Phishing: The attempt to obtain sensitive information such as usernames, passwords and credit card details (and, indirectly, money) for malicious reasons, by disguising as a trustworthy entity in an electronic communication. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter personal information at a fake website, the look and feel of which are almost identical to the legitimate one. Communications purporting to be from social web sites, auction sites, banks, online payment processors or IT administrators are often used to lure victims. Phishing emails may contain links to websites that are infected with malware.

Proxy Server: A server that acts as an intermediary between users and other servers, validating user requests.

Ransomware: A type of malware that limits or prevents a user’s access to their system. The malicious software may either lock the computer’s screen or the user’s files—often through encryption—until a ransom is paid, typically using an encrypted digital currency like bitcoin. Like other types of malware, ransomware can be spread through email attachments, infected software, infected external storage devices or compromised websites, although a growing number of ransomware attacks have used remote desktop protocols. Its motive is almost always monetary.

Restore: the recovery of data following significant data loss from computer failure or a cyber-attack.

Risk: A risk is the potential for loss, damage, or destruction of an asset as a result of a threat that has managed to exploit a vulnerability.

Risk Assessment: The process of identifying, analyzing, and evaluating risk.

Security Information Event Management (SIEM): The process of providing an analysis of the security alerts generated by network hardware and applications to detect suspicious activities.

Security Perimeter: A well-defined boundary in which security controls are enforced.

Signature based antivirus: Looks at signature for every application to determine if it is known to be good or bad. It is able to detect and remove malware that has already infiltrating a computer system. The problem with the signature-based approach is that it leaves you vulnerable between the time a brand-new threat appears and the time the security vendors develop a signature for it.

SSO/Authentication Technologies: Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications.

Threat: A threat is a possible danger that has the ability to harm an IT environment by exploiting a vulnerability and destroying an asset. For example, a hacker could deploy a harmful code that would become a threat to the IT environment.

Updates: Software vendors push updates of software to user’s computers to improve security protections. Users must be diligent about installing updates when they become available or risk not having the proper controls in place.

Virtual Private Network (VPN): Links between computers or local area networks across different locations using a wide area network that cannot access or be accessed by other users of the wide area network.

Vulnerability: A weakness in a security process that enables attackers to potentially harm the network. When a vulnerability is identified, sometimes a new patch or configuration is needed to resolve the issue.

Whitelist: A list of approved applications, IP addresses, websites, etc.