Cybersecurity Terms

Access Control: restricting the usage of a resource – either physical or informational.

Attack Vector: path or means by which a vulnerability is exploited.

Availability: ensuring information is accessible to authorized users. Availability is the third component of the CIA Triad.

CIA Triad: model or construct used to guide information security policies and planning.

The Cloud: computing services hosted by a third part and accessed via the Internet. Modern cloud providers have a management infrastructure around those services to allow for identity and access management (IAM), access control, and advanced features.

Confidentiality: ensuring information is protected from unauthorized access. Confidentiality is the first component of the CIA Triad.

Cybersecurity: the protection of information technology systems, including computers, mobile devices, networks, and cloud services. Cybersecurity can be considered a subset of Information Security, although the two terms are often used synonymously.

Information Security (InfoSec): the practice of ensuring the confidentiality, integrity, and availability of information resources – both physical and electronic. The  construct of confidentiality, integrity, and availability is known as the CIA Triad.

Insider Threat: employee or independent contractor who uses authorized access in an inappropriate way, causing damage or loss to the organization.

Inside Threat: accounts or systems inside a corporate resource that has been compromised by a bad actor.

Integrity: ensuring information is reliable, correct, and protected from unauthorized modification. Integrity is the second component of the CIA Triad.

Risk: the impact of a threat given its likelihood and consequences of happening. Risk = Threat x Likelihood x Severity.

Threat: circumstance or event that could cause damage or danger. Threats can be man-made or natural events.

Vector: path or means by which a vulnerability is exploited. Also known as Threat Vector and Attack Vector.

Vulnerability: flaw or weakness causing exposure to a threat.

2FA: Two Factor Authentication; see MFA

AES: Advanced Encryption Standard developed by NIST; AES-256 is the current preferred encryption method

ASIS: Professional organization for security professionals, previously known as the American Society for Industrial Security

ASLR: Address Space Layout Randomization; ASLR is a technical function built into operating systems that deters attacks against system memory by changing where certain critical information is stored

COOP: Continuity of Operations Planning; often associated with test alerts and responses

DEP: Data Execution Prevention; DEP is a technical function built into operating systems that deters attacks against system memory by preventing the execution of code in restricted memory locations

DKIM: Domain Keys Identified Mail; DKIM is an optional setting that allows a receiving email server to verify the sending email server

DLP: Data Loss Prevention; DLP detects sensitive information and blocks its transmission based on defined keywords and rules

DMARC: Domain-based Message Authentication, Reporting and Conformance; DMARC is an optional extension of SPF and DKIM that allows a receiving email server authenticate email senders

DNS: Domain Name System; DNS is a global system that associates IP Addresses with human-friendly domain names

EAP/TLS: Extensible Authentication Protocol – Transport Layer Security; EAP/TLS is an IETF standard and the original method for authentication on wireless networks

EDR: Endpoint Detection & Response; an endpoint security solution that continuously monitors end-user devices to detect and respond to cyber threats like ransomware

FAQ: Frequently Asked Questions; support documents typically provided to customers

IAM: Identity and Access Management; IAM is a framework of policies and controls to enforce authorized access to information resrouces

IDS: Intrusion Detection System; an IDS monitors a computer network and alerts when suspicious or known bad activity is detected

IETF: Internet Engineering Task Force; originally a US government organization, the IETF is now a non-profit that develops and promotes Internet standards

IPS: Intrusion Prevention System; an IPS monitors a computer network and blocks suspicious or known bad activity

ISAC: Information Sharing and Analysis Center; a non-profit organization and public-private partnership for security information sharing; sector-specific ISACs exist

ISACA: Professional organization for security professionals, previously known as the Information Systems Audit and Control Association

ISSA: Professional organization for security professionals, previously known as the Information Systems Security Association

MDR: Managed Detection & Response; EDR with a human element added for incident response activities

MFA: Multi Factor Authentication; MFA is a method of authenticating a user by requiring multiple sets of criteria, such as a username & password combination AND a code provided via text message. Often referred to as Two Factor Authentication, as 2FA is the most common form of MFA

PII: Personally Identifiable Information; information that can be used to identify a specific individual, such as name, address, phone number, and account info

PIP: Performance Improvement Plan; a document identifying employee issues and course of action to correct, often tied to a review process

RFID: Radio-Frequency Identification; a wireless method of asset tracking

S/PII: Sensitive and Personally Identifiable Information; PII that is particularly sensitive, such as date of birth and Social Security Number

SCAP: Security Content Automation Protocol; SCAP is a method for applying automated vulnerability management

SIEM: Security Information and Event Management; a SIEM is an advanced form of log management enabling event correlation and alerting

SPF: Sender Policy Framework; SPF is an optional setting that allows a receiving email server detect email address forgery

TLA: Three-letter acronym

TTX: Table Top Exercise; a TTX is a simulation of a disruptive event and the response to it

UBA: User Behavior Analytics; UBA detects threats by analyzing human behavior in computer systems and detecting anomalies

UPS: Uninterruptible Power Supply; also known as battery backup

URL: Uniform Resource Locator; a URL is most commonly referred to as a “website address” and is used in Internet web browsers

VLAN: Virtual Local Area Network; a VLAN is a separate computer network; technically, it is a broadcast domain that is isolated at the data link layer

WIDS: Wireless Intrusion Detection System; a WIDS monitors a wireless network and alerts when suspicious or known bad activity is detected

XDR: Extended Detection & Response; extension of EDR capability to include networks, servers, back office application, and cloud services.