A to Z Cyber Security Glossary
The process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities.
Advanced Persistent Threat / APTAdvanced persistent threat is a user or a program that has highly sophisticated techniques and intends to pursue them with a malicious intent. It is deployed by cyber-criminals who have a high level of expertise and important resources to infiltrate a network. They usually use this type of attack to target large organizations seeking to retrieve economic or financial information. In some cases, they might even try to use this form of attack to stop or block a company's program or agenda.
AdversaryOne who opposes or prevents the incoming threats.
AdwareAdware is a type of software that delivers ads on your system. Adware is software distributed to the user free of cost with advertisements embedded into them. As such, it displays advertisements, and redirects your queries to sponsor’s websites. Adware helps advertisers collect data for marketing purposes, without your permissions to do so. A user can disable ad pop-ups by purchasing a registration key.
After-Action Report (AAR)It is a detailed report with an analysis of past happened events with findings and necessary recommendations for the action plans.
AI and ML in CybersecurityCreating the required Mathematical algorithms to bring in intelligence into the Cybersecurity process.
All Source IntelligenceIt is used to describe intelligence products, organizations, and activities which rely on all available sources of intelligence collection information.
ANTI - APTPT Anti-APT detects and prevents targeted attacks. It enables detecting attacker presence on the network with maximum speed and recreating a full picture for thorough investigation. Detects attackers both on the perimeter and inside infrastructure.
Anonymizing proxyAn anonymizing proxy is a way to hide your online activity and/or make it really difficult to be disclosed by third parties, like countries that apply Internet censorship. These proxy servers act like an intermediary connection between your computer and the final target. From an outsider's point of view, they access those web locations and hide your computer's IP from further identification. Usually, they are used to access freely Internet content under strict censorship.
Anti-malwareThe general usage of this term - Anti-malware - refers to a number of software programs and applications that are capable to detect and remove malware from individual systems or from larger networks. Though the term is usually used in connection with classic antivirus products, the anti-malware abilities can include anti-spyware, anti-phishing or anti-spam solutions. Lately, the term has spread to name specialized software that fights data stealing malware delivered by online criminals.
Anti-spamAnti-spam term or better said the anti-spam techniques are employed by special software programs that fight spam, which is unsolicited e-mail. The spam problem needs to be solved not only at the individual level of each user, but at an even greater level, that of system administrators that need to secure thousands of computers from spam. Spamming attempts become a greater problem for everybody because this is one of the main ways to deliver the most dangerous malware in the wild and additional phishing threats.
Anti-spoofingAnti-spoofing techniques are used in order to stop the DDoS (Distributed Denial-of-Service) attacks that affect so many websites. To deliver these attacks, hackers are "spoofing" IP addresses, from where they send a great number of requests. When the website server attempts to reply to the requests, it gets stalled by waiting to access servers that actually do not exist. In this case again, it is difficult to detect the source of the attacks, therefore the only available solution is to use a software that can detect these fake IP addresses and refuse the connection.
Antispyware softwareA program that specializes in detecting and blocking or removing forms of spyware.
Antivirus softwareanti-virus (anti-malware) — A security program designed to monitor a system for malicious software. Once malware is detected, the AV program will attempt to remove the offending item from the system or may simply quarantine the file for further analysis by an administrator. It is important to keep AV software detection databases current in order to have the best chance of detecting known forms of malware.
Application and Network A&PAttack and Penetrating the applications and network with the perspective of an ethical hacker.
Application SecurityApplication security is a process of enhancing the security of applications by developing, detecting, and fixing security gaps.
APT (Advanced Persistent Threat)A security breach that enables an attacker to gain access or control over a system for an extended period of time usually without the owner of the system being aware of the violation. Often an APT takes advantage of numerous unknown vulnerabilities or zero day attacks, which allow the attacker to maintain access to the target even as some attack vectors are blocked.
Artificial IntelligenceMachine-learning and deep-learning techniques will make complex cyber-attacks easier to carry out, allowing for more focused, quicker, and destructive attacks. The influence of AI in cyber security is expected to decrease the cyber risks in near future.
Asset ManagementProcess of collecting and updating all the data available at any source which provides information about assets.
ATM Security ReviewYou can avoid the majority of problems by using an ATM in a good location. 1 ATMs located inside of bank branches are generally the safest: The bank is locked at night, the machine is under 24-hour video surveillance, and guards may be present during banking hours.It appears that almost all banks have taken a conscious decision to withdraw security guards/caretakers at their ATM Kiosks in an effort to reduce overheads, which has backfired. "Such decision of the bank management has drained out crores of rupees through sophisticated cyber-attacks on ATMs that far outweigh the so-called savings from the withdrawal of guards/caretakers.
AttackAn attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity.
AttackerAn individual, group, organization, or government that executes an attack.
Attack surfaceThe set of ways in which an adversary can enter a system and potentially cause damage.
Attack SignatureA specific pattern of information can be used to identify the attack on a web application and its component.
Attack Surface MitigationAn attack surface is a metric or the count of vulnerabilities that can be exploited to launch a cyber attack. Attack surface mapping is termed as the entry point of access that a threat actor can explore the organizational network in order to perform malicious activities. Organizations could mitigate Attack surfaces using security technologies and security practices.
Attack VectorA hacker's primary method of achieving his malicious goal to map the entry points and map how to gain access to compromise the target asset or the network.
AttestationAn official verification that makes proof of something or evident.
AuthenticatorA way for a person to confirm his or her identity to a computer system such as a password, a fingerprint or biometrics.
AuthenticationThe process of verifying the identity or other attributes of an entity (user, process, or device). This process is used to allow access to an online location or resource to the right individual by validating the identification.
AuthorizationGranting official permission to users to access information security resources or to do relevant activities.
Autorun wormAutorun worms are malware programs that use the Windows AutoRun feature to launch automatically when the device, usually a USB drive, is plugged into a PC. AutoPlay, a similar technology has been used recently to deliver the infamous Conficker worm. Microsoft has set on new systems the AutoRun setting to off, so this issue should disappear in the future.
A backdoor Trojan is a way to take control of a system without permission. Usually, a backdoor Trojan poses as a legitimate program spreading though phishing campaigns and fooling users into clicking a malicious link or accessing malware on a website. Once the system is infected, the Trojan can access sensitive files, send, and receive data online and track the browsing history. To avoid this type of infection, you should keep the system up to date with the latest patches and have strong anti-malware protection.
BackupA duplicate of physical or virtual data that can be quickly recovered if it is accidentally destroyed or lost as a part of a data loss prevention strategy.
BCP (Business Continuity Planning)A business management plan used to resolve issues that threaten core business tasks (also known as Business Continuity Management). The goal of BCP is to prevent the failure of mission critical assets when they have been harmed by a breach or security incident.
Behavior monitoringObserving activities of users, information systems, and processes and measuring the activities against organizational policies and rule, baselines of normal activity, thresholds, and trends.
BGP (Border Gateway Protocol) HijackingIt is an activity of cybercriminals by redirecting/rerouting the internet traffic to other networks it does not own.
Black boxA method of penetration testing in which the hacker is given no prior information other than a target network or computer system to hack.
Block chain SecurityBlockchain technology produces a structure of data with inherent security qualities. ... Blockchain technology enables decentralization through the participation of members across a distributed network. There is no single point of failure and a single user cannot change the record of transactions.
Block CipherBlock cipher is the method where it creates the plaintext bits to ciphertext bits blocks to encrypt data of any size.
Blackhat hackerSkilled computer users with malicious intents, they seek to compromise the security of a person or organization for personal gain. Blackhat hackers frequently specialize, for example in malware development, spam delivery, exploit discovery, DDoS attacks and more. Not all Blackhat hackers use the malware they developed or the exploits they discover. Some just find them and sell the know-how to the highest bidder. Their favorite targets are financial information (such as credit card data or bank accounts), personal information (like email accounts and passwords), as well as sensitive company data (such as employee/client databases).
BlacklistA blacklist is a list of spam-sending emails or other unwanted service providers. Blacklists assist consumers and businesses in preventing unsolicited communications from flooding their inboxes.
Blended ThreatA blended threat is a widely-used term that describes an online attack that spreads by using a combination of methods, usually a combination of worms, trojans, viruses and other malware. This combination of malware elements that uses multiple attack vectors increases the damage and makes individual systems and networks difficult to defend.
Blue TeamA group that defends an enterprise's information systems when mock attackers (i.e., the Red Team) attack, typically as part of an operational exercise conducted according to rules established and monitored by a neutral group (i.e., the White Team).
Boot sector malwareA boot sector malware can replicate the original boot sector of the system, so that at the following system boot-up, the malware may become active. This way, the boot kit in the boot sector manages to hide its presence before the operating system can load up. This is a clear advantage for the malware, which is loaded before the system and the anti-malware solution. Since it loads before the security solution, it can even disable it and make it useless against it.This type of infection is usually difficult to clean.
BotInternet bots or web bots are software programs that perform automated tasks and specific operations. Though some bots serve harmless purposes in video games or online locations, there are a number of bots that can be employed in large networks, from where they can deliver malicious ads on popular sites or launch distributed online attacks against a number of designated targets.
Bot MasterBotmaster is one who commands and controls the botnets for remote process execution.
Browser hijackingBrowser hijacking is the process of changing the default homepage or search engine in your web browser by a malicious program without your permission. The user can notice that the affected changes cannot be reversed, and a security tool needs to be used against this type of software. It is not considered a serious threat to the overall system security, but it needs to be addressed fast since web browsing is affected.
Brute force attackA brute force attack is a technique used by hackers in which a high number of keywords or password combinations are tested in order to gain access to a site or a network. This is one of the main reasons users should set strong passwords.
Buffer overflowA buffer overflow takes place when a program or an application tries to store excess data in a temporary storage area (a buffer) and that extra information overflows into other parts of a computer's memory. This is something hackers took advantage from and these types of attacks can lead to unauthorized code running or system crashes.
BotnetA collection of computers compromised by malicious code and controlled across a network.
BugAn unexpected and relatively small defect, fault, flaw, or imperfection in an information system or device.
Bug BountyA bug bounty is a vulnerability reward program, giving rewards to security analysts for finding and reporting the bug in software products, applications, etc.
Bulk EncryptionBulk encryption is a set of security protocols that provide the necessary means to encrypt and decrypt data transmissions in order to offer protection from security breaches and online theft.
Business Impact AnalysisBusiness Impact Analysis is an important key element of an organization's business continuity plan that detects vulnerabilities and analyzes their operational and financial impact on the overall business plan. According to the analysis, strategies are planned to minimize the detected risks.
BYOD (Bring Your Own Device)A company's security policy dictating whether or not workers can bring in their own devices into the work environment, whether or not such devices can be connected to the company network and to what extent that connection allows interaction with company resources.
A cache is a technology to store data and allow future requests to be served at a higher speed. This high-speed storage method is usually used for web pages and online documents, like HTML pages and images, to increase the loading speed and avoid unwanted lag.
Cache CrammingCache cramming is a technique to trick a browser into running malicious Java code from the local disk, instead of the Internet. The execution of local code (which runs with less permissions) enables online criminals access the target computer.
CatfishingCommon on social networking and online dating sites. Sometimes a catfish’s sole purpose is to engage in a fantasy but sometimes the catfish’s intent is to defraud a victim, seek revenge or commit identity theft.
Chat Bot or Message streaming securityHere the testing is performed on the control effectiveness of a chat or a messaging application.
Chief Information Officer (CIO)The Chief Information Officer is the title name of the person that is responsible for the information technology system in a company. The job responsibilities include planning the technology architecture, align corporate network to the business developed and develop a secure financial management system for the company.
CISOCISO (Chief Information Security Officer) is a senior-level executive job in a company, in the IT or cyber security department. A CISO’s responsibilities include ensuring and maintaining adequate protection for the company’s assets and technology, in terms of both strategy and development, to mitigate and manage cyber security risks. CSO (Chief Security Officer) is another name used for the same job.
Code injectionThe code injection technique is usually used by online attackers to change the course of execution of a computer program. This method is used by online criminals to spread malicious software by infecting legitimate websites with malicious code.
Cloud computingA model for enabling on-demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
ClickjackingA malicious technique by which a victim is tricked into clicking on a URL, button or other screen object other than that intended by or perceived by the user. Clickjacking can be performed in many ways; one of which is to load a web page transparently behind another visible page in such a way that the obvious links and objects to click are facades, so clicking on an obvious link actually causes the hidden page's link to be selected.
Cloud Access Security Brokers (CASB)Cloud Access Security Brokers (CASB) is software at premises or cloud that placed between cloud service users and cloud service providers.
Cloud SecurityIt is a method of securing the stored data, application, and infrastructure online via cloud computing from both external and internal cybersecurity threats.
Cloud Security ReviewCloud security, also known as cloud computing security, consists of a set of policies, controls, procedures and technologies that work together to protect cloud-based systems, data, and infrastructure. ... From authenticating access to filtering traffic, cloud security can be configured to the exact needs of the business.The cloud can be a wild place. With dozens of acronyms, hundreds of products and even more rule sets, it is difficult enough to set up a simple working environment, let alone a secure one. Practically, the ease of deploying cloud services means it is also very easy to make mistakes — even too easy. Most startups and SaaS vendors operate in the cloud for obvious reasons. While many of our clients reach out to us to perform black-box penetration tests for their platforms, they don’t put much attention in their entire cloud environment; rather, they only focus on the customer-facing "public" portion of it, usually a web-based dashboard or some REST API exposed to their customers, which is only the tip of the iceberg.
CND (Computer Network Defense)The establishment of a security perimeter and of internal security requirements with the goal of defending a network against cyberattacks, intrusions and other violations. A CND is defined by a security policy and can be stress tested using vulnerability assessment and penetration testing measures.
ComplianceIt is a process of matching or fulfilling all the set of rules, standards, and laws set by the regulatory authorities.
Compliance to CSA (Cloud Security Alliance) StandardCloud Security Alliance (CSA) is a not-for-profit organization with the mission to "promote the use of best practices for providing security assurance within cloud computing, and to provide education on the uses of cloud computing to help secure all other forms of computing."
Computer AbuseComputer abuse is the unethical use of a computer to launch online attacks, like phishing and malware delivery campaigns, sabotage and cyberwar activities.
Computer ForensicsComputer forensics is connected to digital forensic science and is the practice by which digital data is collected and analysed for legal purposes. The main goal is to identify, analyse and present facts about digital information. The conclusions can be used in fight against cybercrime or for civil proceedings.
Computer Emergency Response Team (CERT)An organization that studies computer and network INFOSEC in order to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer other information to help improve computer and network security.
Computer Incident Response Team (CIRT)The Computer Incident Response Team investigates network security incidents that occur when unauthorized access takes place to network resources or protected data. Their job is to analyse how the incident took place and provide a response, by discovering how the breach occurred and what information has been lost.
ConfidentialityConfidentiality is the need to ensure that information is disclosed only to those who are authorized to view it.
CookieA cookie is a small text file which is placed on your computer when you visit a website. This cookie allows the website to keep track of your visit details and store your preferences. These cookies were designed to be helpful and increase the website speed the next time you access that location. At the same time, they are very useful for advertisers who can match the ads to your interests after they see your browsing history.
CrimewareCrimeware is distinct from adware or spyware and it's created for identity theft operations that use social engineering schemes to gain access to a user's online accounts. Crimeware is a growing issue for networks' security, as numerous types of malware look to steal valuable data from the systems. The retrieved information may be sent to other interested parties for a certain price.
CRLF InjectionA Carriage Return Line Feed (CRLF) injection is a vulnerability attack where an attacker tries to inject a CRLF sequence into an unexpected input field of an application.
Cross origin resource sharing (CORS)It is an HTTP header-based mechanism that enables the server to indicate from different domains, via browsers.
Cross Site Scripting (XSS)Cross site scripting is an attack on trusted and otherwise secure websites, by injecting malicious scripting. Attackers target websites that do not filter user inputs for strings or common characters in a script.
CryptographyIt is a technique to create and use codes for the protection of assets from threats.
CryptosystemsIt encrypts and decrypts the algorithms, group of plain and cipher text, and set of keys.
CSOCSO (Chief Security Officer) is a top-level executive in charge of ensuring the security of a company’s personnel, financial, physical and digital assets. A CSO has both security and business-oriented objectives, as he is responsible for aligning cyber protection with the company’s business goals. All security strategies, tactics and programs have to be directed and approved by the CSO. CISO (acronym for Chief Information Security Officer) is another name used for the same job.
CVE (Common Vulnerabilities and Exposures)An online database of attacks, exploits and compromises operated by the MITRE organization for the benefit of the public. It includes any and all attacks and abuses known for any type of computer system or software product. Often new attacks and exploits are documented in a CVE long before a vendor admits to the issue or releases an update or patch to resolve the concern.
Cyber AttackAny attempt to violate the security perimeter of a logical environment. An attack can focus on gathering information, damaging business processes, exploiting flaws, monitoring targets, interrupting business tasks, extracting value, causing damage to logical or physical assets or using system resources to support attacks against other targets. Cyber attacks can be initiated through exploitation of a vulnerability in a publicly exposed service, through tricking a user into opening an infectious attachment, or even causing automated installation of exploitation tools through innocent website visits.
Cyber EspionageThe unethical act of violating the privacy and security of an organization in order to leak data or disclose internal/private/confidential information. Cyberespionage can be performed by individuals, organization or governments for the direct purpose of causing harm to the violated entity to benefit individuals, organizations or governments.
Cyber InsuranceIt is a policy designed by the insurance company to cover business liability/ costs of security failures due to internet-based risks.
Cyber IncidentA cyber incident takes place when there is a violation of a security policy imposed on computer networks and the direct results affect an entire information system.
Cyber EspionageCyber espionage is spying on the computer systems of an organization with the help of a virus to steal or destroy data, information, etc. Such spying is unauthorized and happens in a clandestine matter.
Cyber SecurityCyber security is a general term that refers to the possibility of organizing a defensive strategy against online criminals and their malicious actions. A complete cyber security strategy includes multiple tools and methods to protect an operating system from classical viruses and trojans, spyware, financial and data stealing malware. At the same time, online security is important and needs to be protected with other means, like VNP software and backup solutions.
Cyber Security Compliance ReviewCybersecurity, Compliance means creating a program that establishes risk-based controls to protect the integrity, confidentiality, and accessibility of information stored, processed, or transferred. However, cybersecurity compliance is not based in a stand-alone standard or regulation.
Cyber Security RoadmapThe Public Power Cybersecurity Roadmap is a strategic plan designed to help public power utilities develop a stronger, sustainable state of security that is continually monitored and improved upon.
Cyber WarfareIt is digital attacks by one country or international organization to damage another nation's computers or network infrastructure.
Cyber WeaponThe term "cyber-weapon" refers to an advanced and sophisticated piece of code that can be employed for military or intelligence purposes. The term has recently emerged from the military area to name malicious software that can be used to access enemy computer networks.
The dark web refers to websites and online content that exists outside the reach of traditional earch engines and browsers. This content is hidden by encryption methods (in most cases, these sites use the Tor encryption tool to hide their identity and location) and can only be accessed with specific software, configuration settings or pending approval from their admins. The dark web is known for being a hub for illegal activities (drug and crime transactions, dark hat hacking and so on).
Dark Web MonitoringIt is the process of searching, hunting for and keeping track of the information found on a portion of the internet not accessible via normal means.
Database Activity MonitoringDAM is a database security technology for monitoring and analyzing database activities and also is an effective technology for protecting sensitive databases from external attacks by cybercriminals.
Database SecurityDatabase security is securing databases from malicious activity, unauthorized access, and digital threats.
Data AssetA data asset is a piece of information that contains valuable records. It can be a database, a document or any type of information that is managed as a single entity. Like any asset, the information involved contains financial value that is directly connected to the number of people that have access to that data and for this reason it needs to be protected accordingly.
Data Aggregation and CorrelationCollecting data from the target assets of the organization and implementing a correlation across multiple events that would otherwise go undetected, in order to trigger an alert and take necessary actions to mitigate the cyber risk.
Data Analytics & Behaviour ProfilingData analytics helps individuals and organizations make sense of the raw and unstructured data. Data analysts typically analyze raw data for insights and trends. Behavioural profiling is about identifying and measuring the characteristics and preferences of endpoints.
Data ClassificationData classification is the process of separating and organizing data into relevant groups (“classes”) based on their shared characteristics, such as their level of sensitivity and the risks they present, and the compliance regulations that protect them. To protect sensitive data, it must be located, then classified according to its level of sensitivity and tagged. Then enterprises must handle each group of data in ways that ensure only authorized people can gain access, both internally and externally, and that the data is always handled in full compliance with all relevant regulations.
Data DestructionIt is a process of removing, deleting, or destroying the stored data on different devices.
Data EncryptionA method of securing private information by encoding it such that no one else may see or access it. One must need a decryption key to decode the encoded (encrypted) file in order to read it.
Data IntegrityData integrity refers to information property that has not been altered or modified by an unauthorized person. The term is used to refer to information quality in a database, data warehouse or other online locations.
Data LeakageData leakage describes a data loss of sensitive information, usually from a corporation or large company, that results in unauthorized personnel access to valuable data assets. The sensitive data can be company information, financial details or other forms of data that puts the company name or its financial situation at risk.
Data Leakage PreventionData loss prevention (DLP), per Gartner, may be defined as technologies which perform both content inspection and contextual analysis of data sent via messaging applications such as email and instant messaging, in motion over the network, in use on a managed endpoint device, and at rest in on-premises file servers or ...
Data LossData loss is a process in which information is destroyed by failure or neglect in transmission, processing or sometimes by cyber criminal hands. To prevent data loss, IT teams install backup and recovery equipment to avoid losing important information.
Data Privacy FrameworkData privacy, sometimes also referred to as information privacy, is an area of data protection that concerns the proper handling of sensitive data including, notably, personal data but also other confidential data, such as certain financial data and intellectual property data, to meet regulatory requirements as well .The NIST Privacy Framework is a voluntary tool developed in collaboration with stakeholders intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals' privacy.
Data SecurityIt is a method of protecting the data from theft, loss, or leakage.
Data TheftData theft describes illegal operations in which private information is retrieved from a company or an individual. Usually, the stolen data includes credentials for online accounts and banking sites, credit card details or valuable corporate information. In the last years these types of operations have increased, and it has now become necessary to protect data by additional security means.
DarknetThe dark net is part of the deep web, but it refers to websites that are specifically used for nefarious reasons.
DecipherTo convert enciphered text to plain text by means of a cryptographic system.
DeceptionDeception or falsehood is an act or statement which misleads, hides the truth, or promotes a belief, concept, or idea that is not true. It is often done for personal gain or advantage. Deception can involve dissimulation, propaganda and sleight of hand as well as distraction, camouflage or concealment.
Deception TechnologyIt is cyber defense practice that detects, analyzes, and prevents the cybercriminal who managed to infiltrate a network from doing any significant damage.
Defense in Depth ArchitectureDefense-in-depth security architecture is based on controls that are designed to protect the physical, technical and administrative aspects of your network. Physical controls – These controls include security measures that prevent physical access to IT systems, such as security guards or locked doors.
DevSecOpsDevSecOps has the aim to integrate security practices into DevOps software, application, and infrastructure from start.
Digital CertificateA means by which to prove identity or provide authentication commonly by means of a trusted third-party entity known as a certificate authority. A digital certificate is based on the x.509 v3 standard. It is the public key of a subject signed by the private key of a certificate authority with clarifying text information such as issuer, subject identity, date of creation, date of expiration, algorithms, serial number and thumbprint (i.e. hash value).
Digital ForensicsDigital Forensics is a science of finding recovery and analysis from digital media like computers, mobile, servers, etc. that can be used in court.
Digital Rights Management (DRM)Digital Rights Management (DRM) manages and controls the copyright digital material from being shared on different digital platforms.
Digital Risk ManagementManaging the risk of digital threats and developing sustainable digital risk strategies for businesses.
Distributed Denial of Service (DDoS)A Distributed Denial of Service (DDoS) attack is a malicious attempt for the web server or system crash to make unavailability of online service by overwhelming it with data/traffic.
DMARC (Domain Message Authentication Reporting and Conformance)DMARC (Domain Message Authentication Reporting and Conformance) is an email authentication protocol designed for improving and monitoring the security of a given domain from fraudulent email.
Domain Name System (DNS)Domain Name System (DNS) database where Internet domain names and their corresponding Internet Protocol (IP) addresses are saved and translate human-readable domain names to machine-readable addresses.
Dynamic Code reviewIt is the process by which the executable code is check during the loading or compilation time for vulnerabilities.
Deep WebThe deep web is a similar concept to the dark web but has a less shady nature. The world wide web content which is not indexed by traditional search engines is known as the deep web and preferred by certain groups for its increased privacy levels. However, unlike the dark web, the deep web doesn’t require its users to be particularly tech-savvy and is not hidden by sophisticated methods; all you need is to know the address of the website you want to access.
Denial of service attack (DDoS)This type of online attack is used to prevent normal users from accessing an online location. In this case, a cyber criminal can prevent legitimate users from accessing a website by targeting its network resources and flooding the website with a huge number of information requests.
DialerA dialer in the information security world is a spyware device or program that is used to maliciously redirect online communication. Such a software disconnects the legitimate phone connection and reconnects to a premium rate number, which results in an expensive phone bill received by the user. It usually installs itself on the user's system.
Digital SignatureA digital signature is a technique used to encrypt and validate the authenticity and integrity of a message, software or digital document. The digital signature is difficult to duplicate by a hacker, that's why it is important in information security.
Disaster Recovery Plan (DRP)A Disaster Recovery Plan is the process of recovery of IT systems in the event of a disruption or disaster.
DNS Cache PoisoningDNS cache poisoning is a method used by online criminals to launch online attacks. This method supposes the domain name system's modification, which results in returning an incorrect IP address. The purpose is to divert traffic to a malicious server, which is controlled by hackers. That's why the DNS is considered poisoned, and it should be taken down by the authorities.
DNS hijackingDNS hijacking or DNS redirection is an online attack that overrides a computer's TCP/IP settings to direct communication to a malicious server controlled by cyber criminals.
Document malwareDocument malware takes advantage of vulnerabilities in applications that let users read or edit documents.
Domain HijackingDomain hijacking is an attack by which an attacker takes over a domain by first blocking access to the domain's DNS server and then putting his own server up in its place.
Domain shadowingDomain shadowing is a malicious tactic used by cyber criminals to build their infrastructure and launch attacks while remaining undetected. First, attackers steal and gather credentials for domain accounts. Using these stolen credentials, they log into the domain account and create subdomains which redirect traffic towards malicious servers, without the domain owner having any knowledge of this. Domain shadowing allows cyber attackers to bypass reputation-based filters and pass their malicious traffic as safe.
Dormant codeModern, advanced malware often has modular structure, including multiple components. One of them is dormant code, which means that the malware needs specific triggers to execute the task is was created for. This type of behavior is coded into the malware to it can bypass signature-based detection in products such as traditional antivirus and anti-malware solutions. There is also another reason for using dormant code: since advanced malware, such as ransomware or financial malware, usually rely on extern frastructure to download components for infection, the malware can remain dormant and undetected if it can’t reach its Control and Command servers to execute further.
DridexDridex is a strain of financial malware that uses Microsoft Office macros to infect information systems. Dridex is engineered to collect and steal banking credentials and additional personal information and its fundamental objective is banking fraud.
Drive-by attackA drive-by attack is the unintentional download of a virus or malicious software (malware) onto your system. A drive-by attack will usually take advantage of (or “exploit”) a browser, app, or operating system that is out of date and has a security flaw.
Due diligenceDue diligence compels organizations to develop and deploy a cyber security plan to prevent fraud, abuse, and deploy means to detect them if they occur, in order to maintain confidential business data safe.
DumpSecDumpSec is a security tool that dumps a variety of information about a system's users, file system, registry, permissions, password policy, and services.
Dumpster divingDumpster Diving is obtaining passwords and corporate directories by searching through discarded media.
Dyreza / DyreDyreza (also called Dyre) is a banking Trojan (financial malware) that appeared in 2014, whose behavior is similar to the ZeuS family, although there is no connection between Dyreza and ZeuS. The malware hides in popular web browsers that millions of users employ to access the web and aims to retrieve sensitive financial information every time the victim connects to a banking website. Dyreza is capable of key logging, circumventing SSL mechanisms and twofactor authentication, and is usually spread through phishing emails.
Network Eavesdropping or network sniffing is an attack that aims to capture information transmitted over a network by other computers. The objective is to acquire sensitive information like passwords, session tokens, or any kind of confidential information
EavesdroppingThe act of listening in on a transaction, communication, data transfer or conversation. Eavesdropping can be used to refer to both data packet capture on a network link (also known as sniffing or packet capture) and to audio recording using a microphone (or listening with ears).
E- Learning ModulesAn e-module is a 10 – 15 minute e-learning platform that has no more than one or two learning concepts and incorporates a blend of teaching and assessment tools that may include video clips, direct instruction, gaming elements and social media.MOOCs (Massive Online Open Courses), e.g. Coursera or Futurelearn. Virtual learning environment (VLE), such as Learn or Blackboard. Video streaming services, such as YouTube. Virtual instructor-led training (VILT), e.g. WebEx or webinars.
Email SecurityEmail security is a term for describing different procedures and techniques for protecting email accounts, content, and communication against unauthorized access, loss or compromise. Email is often used to spread malware, spam and phishing attacks.
Embedded SecurityEmbedded systems security is an approach to prevent malicious or unauthorized access to embedded components and software within IoT devices.
End PointAn endpoint is a remote computing device that communicates back and forth with a network to which it is connected. Examples of endpoints include: Desktops. Laptops. Smartphones.
Endpoint Detection and ReponseEndpoint detection and response (EDR), also known as endpoint threat detection and response (ETDR), which continuously monitors to gather and analyze the security threats and response for protection of computer workstations and other endpoints.
Endpoint SecurityEndpoint Security is a method of protecting endpoints of end-user devices like computer workstations, mobile, tab, or any other from being exploited by malicious actors.
Encrypted NetworkA network on which messages are encrypted using a special algorithm in order to prevent unauthorized people from reading them.
EncryptionEncryption is a process of maintaining data integrity and confidentiality by converting plain data into a secret code with the help of an algorithm. Only authorized users with a key can access encrypted data or cipher text.
End-to-End EncryptionThis process involves using communications encryption to make information unavailable to third parties. When being passed through a networking, the information will only be available to the sender and the receiver, preventing ISPs or application service providers to discover or tamper with the content of the communication.
End-to-End SecurityThe way of ensuring that data transmitted through an information system stays secure and safe from origin point to destination.
Enterprise Risk ManagementThe methods and processes that organizations use to identify and manage cyber security risks that could endanger its corporate mission. As part of this plan, the organization will also establish a plan to protect its assets and a plan to react in case a cyber security risk becomes reality.
ExploitAn exploit is taking advantage of a weakness or a flaw in the system to intrude, attack it..
Exploit kitExploit kits (EKs) are computer programs designed to find flaws, weaknesses, or mistakes in software apps (commonly known as vulnerabilities) and use them to gain access into a system or a network. They are used in the first stages of a cyber-attack, because they have the ability to download malicious files and feed the attacked system with malicious code after infiltrating it.
Exploit kits-as-a-serviceExploit kits as-a-service are a relatively recent business model employed by cyber criminals in which they create, manage and sell or rent exploit kits which are accessible and easy to use in cyber-attacks. Exploit kits-as-a-service don’t require much technical expertise to be used, they are cheaper (especially if rented), they’re flexible and can be packed with different types of malware, offer broader reach, are usually difficult to detect and can be used to exploit a wide range of vulnerabilities. This business model makes it very profitable for exploit kit makers to sell their malicious code and increase their revenues.
External Security TestingSecurity testing conducted from outside the organization’s security perimeter.
Fake antivirus malware
Rogue antivirus or rogue security is a form of computer malware that simulates a system infection that needs to be removed. The users are asked for money in return for removal of malware, but it is nothing but a form of ransomware.
False positiveA false positive is identified when a security solution detects a potential cyber threat which is, in fact, a harmless piece of software or a benign software behavior. For example, your antivirus could inform you that there's a malware threat on your PC, but it could happen that the program it's blocking is safe.
Facilitation on Standard's CompliancesFacilitation skills are the abilities you use to provide opportunities and resources to a group of people that enable them to make progress and succeed. Some examples include being prepared, setting guidelines, being flexible, active listening and managing time.facilitation techniques. Begin your meetings with a quick check-in. Review desired outcomes and agenda items. Assign meeting roles. Practice active listening. Synthesize the main themes to reframe the conversation.
File BinderFile binders are applications used by online criminals to connect multiple files together in one executable that can be used in launching malware attacks.
File Integrity MonitoringFIM collects critical changes to the data from the system at the time the change occurs, to make it easier to investigate and correlate changes.
Firewall Rules ReviewThe process to check the effectiveness of the firewall configuration with the industry best practices.
Flow AnalysisFlow analysis is the generic name for all analytical techniques that are based on the introduction, processing, and detection of liquid samples in flowing media.
Financial MalwareFinancial malware is a category of specialized malicious software designed to harvest financial information and use it to extract money from victims’ accounts. Because it is a rather new type of malware, it is also very sophisticated and it can easily bypass traditional security measures, such as antivirus. Financial malware is capable of persisting in the affected system for a long time, until it gathers the information associated with financial transactions and it can start to leak money from the targeted account. Banking fraud cyber crimes are one of the most serious cyber threats in the current risk landscape.
FirewallA firewall is a network security system designed to prevent unauthorized access to public or private networks. Its purpose is to control incoming and outgoing communication based on a set of rules.
Flip buttonIn the malware world, a flip button appears when spyware or adware solutions trick users into following various actions and installing malicious software on the system.
FloodingFlooding is a security attack used by hackers against a number of servers or web locations. Flooding is the process of sending a large amount of information to such a location in order to block its processing power and stop its proper operation.
Forensic SpecialistA forensic specialist in IT security is a professional who identifies and analyses online traffic and data transfer in order to reach a conclusion based on the discovered information.
Form GrabberMalware designed to record sensitive information that the targeted user provides in forms on the Internet. These malwares particularly target the victim’s financial information.
It is a hardware device which acts as a gate between two telecommunication network.
GDPRGDPR stands for General Data Protection Regulation which is the law of the European union for businesses for personal data protection and privacy of EU citizens.
GDPR AuditsThe focus of the GDPR audit is to determine whether the organisation has implemented adequate policies and procedures to regulate the processing of personal data. Recommend changes in controls, policies, procedures and IT platforms.
GovernanceGovernance, in the cyber security field, is the act or process of governing the strategies, and tactics to manage and control security risk.
Governance, Risk, and Compliance (GRC)GRC which integrates all three discipline in one framework for betterment organization at managing the risk and achieve business objectives.
Graduated SecurityGraduated security is a framework where information security is implemented on several levels based on risk and security threats.
Gray BoxA method of penetration testing in which the hacker is given some information about the internal details of the target network in order to provide a quick summary of some specific strengths and weaknesses in that network’s security
A hacker is generally regarded as a person who manages to gain unauthorized access to a computer system in order to cause damage. But keep in mind that there are two types of hackers: Whitehat hackers, who do penetration testing and reveal their results to help create more secure systems and software, and Blackhat hackers, who use their skills for malicious purposes.
HacktivismAttackers who hack for a cause or belief rather than some form of personal gain. Hacktivism is often viewed by attackers as a form of protest or fighting for their perceived "right" or "justice". However, it is still an illegal action in most cases when the victim's technology or data is abused, harmed or destroyed.
Hardware SecurityHardware Security in which tangible or physical devices are used instead of software installed in the system for the protection of vulnerability.
Heartbleed vulnerabilityHeartbleed is a security bug that appeared in 2014, which exposed information that was usually protected by SSL/TLS encryption. Because of a serious vulnerability that affected the OpenSSL library, attackers could steal data that was kept confidential by a type of encryption used to secure the Internet. This bug caused around 500.000 web servers (17% of all severs on the Internet) to be exposed to potential data theft.
HoaxA hoax is a false computer virus warning. You may receive such hoaxes via email, instant messaging or social media. Before acting on it, be sure to go online and check the validity of the claim. Also, when you have proof that it's fake, it's a good idea to inform the sender as well. Remember that such hoaxes can lead to malicious websites which can infect your devices with malware.
HoneymonkeyThis is an automated system designed to simulate the actions of a user who’s browsing websites on the Internet. The purpose of the system is to identify malicious websites that try to exploit vulnerabilities that the browser might have. Another name for this is Honey Client.
HoneypotA Honeypot is a security mechanism that creates a virtual trap to lure attackers. An intentionally compromised computer system allows attackers to exploit vulnerabilities so security analysts can study those attacks and improve the security policies and implement defenses.
HTTPS scanningThis is another name of a Man-in-the-Middle attack. Scanning HTTPS (Hypertext Transfer Protocol Secure) content allows the attackers to decrypt, analyze, and re-encrypt content between websites that use SSL (Secure Sockets Layer) for security and a user’s browser. This type of attack is usually used to snoop in on information exchanges and steal confidential data.
Hybrid attackA Hybrid Attack builds on the dictionary attack method by adding numerals and symbols to dictionary words.
Identity theft refers to the process of stealing someone’s personal identification data and using it online in order to pose as that person. Hackers can make use of a person’s name, photos, papers, social security number and so on, to gain financial advantage at this person’s expense (by obtaining credit or by blackmailing), or as a means of damaging the person’s reputation etc.
Identity and Access ManagementIdentity and access management (IAM) is a framework of business processes, policies and technologies that facilitates the management of electronic or digital identities. With an IAM framework in place, information technology (IT) managers can control user access to critical information within their organizations.
Identity and Access Management (IAM)Identity and Access Management (IAM) is a platform which supports organization for managing roles and access privileges of a network.
Identity CloningA form of identity theft in which the attacker takes on the identity of a victim and then attempts to live and act as the stolen identity. Identity cloning is often performed in order to hide the birth country or a criminal record of the attacker in order to obtain a job, credit or other secured financial instrument.
Identity ManagementIt is a process to recognize and authenticate the person who has appropriate access to technology resources.
Implementation Support for Regulatory RequirementsA regulatory requirement is a rule that a government entity imposes on an organization. Some federal and state laws govern virtually all organizations. Regulations govern how organizations manage their business and employees and how they interact with customers, among many other areas.Identify applicable regulations. Determine which laws and compliance regulations apply to the company's industry and operations. ... Determine requirements. ... Document compliance processes. ... Monitor changes, and determine whether they apply.
Incident Investigation & ForensicsAnalyzing and confirming high-priority incidents and determine root cause and scope with the forensic and investigation capabilities.
Incident ResponseThe activities that address the short-term, direct effects of an incident and may also support short-term recovery.
Incident Response PlanA set of procedures to be followed in the event of a cyber attack in order to minimise the damage and the impact caused by the attack.
Insider Threat Detection & MitigationInsider threat detection is about identifying disgruntled employees and is about noticing employees who may commit a cyber crime. To combat the insider threats, organizations can implement a proactive, prevention-focused mitigation program to detect and identify threats.
Industrial Control System (ICS) SecurityICS security is all about strengthening the cybersecurity of industrial types of equipment that have computer-controlled systems.
Information AssuranceThis is a set of measures designed to protect and defend data and information systems by ensuring that they are always available, that their integrity is safe, that they’re confidential and authentic (non-repudiation principle). These measures include having a data backup to restore information in case of an unfortunate event, having cyber security safeguards in place and ensuring that detection and reaction capabilities are featured.
Information Flow ControlThis is an important safeguard in companies, created to ensure that data transfers in an information system comply with the security policy and are as safe as possible.
Information SecurityThe tactics, tools, measures and actions taken to protect data and information systems against unauthorized access, use, disclosure, disruption, modification, or destruction. Its purpose is to ensure the confidentiality, integrity, and availability of the data and information systems.
Information Rights ManagementInformation Rights Management (IRM) is a form of IT security technology used to protect documents containing sensitive information from unauthorized access. ... IRM protects files from unauthorized copying, viewing, printing, forwarding, deleting, and editing.
Information Security Architecture ReviewSecurity architecture reviews are non-disruptive studies that uncover systemic security issues in your environment. They are ideally suited for organizations wanting to maximize their return on any security technology investment by evaluating their needs and validating the security of their existing deployments.
Information Security PolicyA must-have for any company, this includes up the directives, regulations, rules, and practices that define how an organization should manage, protect and distribute information.
Information Security RiskA risk in this category can be evaluated according to how and how much it threatens a company’s operations (including mission, functions, brand, reputation) or assets, employees, partners etc. A risk is based on the potential for cyber criminals to gain unauthorized access and use it to collect confidential data, disclose it to the public or to unauthorized parties, modify it or destroy it, thus disrupting the organization’s activity.
Information Security Risk AssessmentA security risk assessment identifies, assesses, and implements key security controls in applications. It also focuses on preventing application security defects and vulnerabilities. Carrying out a risk assessment allows an organization to view the application portfolio holistically—from an attacker's perspective.
Information Systems AuditAn information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure and business applications.
Information System ResilienceA resilient information system is a system that can continue to work even while under attack, even if becomes degraded of weakened. Moreover, it has to be able to recover from a successful attack fast and regain operational capabilities, at least for the core functions.
Information Systems Security (INFOSEC)One of the most used terms in cyber security, INFOSEC, is the protection of information systems against unauthorized access or attempts to compromise and modify data, whether it’s stored data, processed data or data that’s being transmitted. The necessary measures to detect, document and counter these threats are also included in INFOSEC.
Inside ThreatThe insider threat usually refers to employees or other people with authorized access who can potentially harm an information system by destroying it or parts of it, by disclosing or modifying confidential information and by causing denial of service.
IntegrityIntegrity is the need to ensure that information has not been changed accidentally or deliberately, and that it is accurate and complete.
Intellectual PropertyThis refers to useful artistic, technical or industrial information, concepts, ideas or knowledge that clearly show that they’re owned by someone who has control over them, either in physical form or in representation.
Internal Security TestingThis type of testing is conducted from inside an organization, to examine the resilience and strength of a company’s security perimeter and defences.
Internet of Things (IOT) SecurityIt is and set of approaches to reduce the risk involved in IoT devices and their connected network.
Intrusion Prevention Systems (IPS)Intrusion Prevention Systems (IPS) that used for mitigation enhancements, focused on the source of a cyber threat, that is integrated with intrusion detection capabilities.
IOT Security AssessmentIoT security assessments rigorously evaluate IoT ecosystems to ensure the efficacy of security controls, this includes: IoT architecture and design review. Security analysis of devices. Firmware reverse engineering and binary exploitation. Connected interface security analysis.
Internet WormInternet worms were created by researchers in the 1980s to find a reliable way of growing the Internet through self-replicating programs that can distribute themselves automatically through the network. An Internet worm does exactly that: it distributes itself across the web by using the computers’ Internet connection to reproduce.
IntrusionIntrusion refers to the act of getting around a system’s security mechanisms to gain unauthorized access.
Intrusion Detection Systems (IDS)This is a security management system set up to actively protect computer and networks. It works by analyzing information from various areas of a computer/network o spot potential security breaches. These breaches can be either caused by intrusions (external attacks) and misuse (insider attacks).
IRDAI Compliance AssessmentsA business incorporated in India has to fulfill a specific set of compliance, filings, and returns as prescribed under the provisions of various corporate and tax laws. In simple words, compliance means following rules and orders applicable to the entity Search.
IP FloodThis is a Denial-of-Service attack which aims to send a host an avalanche of pings (echo request packages) that the protocol implementation cannot manage. This causes a system to fail and send a denial-of-service error.
IP SpoofingThis is a tactic used by cyber criminals to supply a false IP address that masquerades a legitimate IP. This helps the attacker gain an unfair advantage and trick the user or a cyber security solution that’s in place.
IS Awareness TrainingsSecurity awareness training involves providing formal cybersecurity education to your workforce about a variety of threats to information security and technology and your company's policies and procedures for addressing them.
IS Program ManagementIt is used to refer to the simultaneous and seamless coordination and management of various related existent projects with the overall goal of improving an organization's performance.
ISO 20000ISO/IEC 20000 is an international IT standard that allows companies to demonstrate excellence and best practices in IT service management systems.
ISO 22301ISO 22301 is the international standard for Business Continuity Management (BCM). ... To do so, the standard provides a practical framework for setting up and managing an effective business continuity management system. ISO 22301 aims to safeguard an organization from a wide range of potential threats and disruptions.
ISO 27001ISO/IEC 27001 describes the internationally accepted model for managing information security management systems.
A form of Android-focused mobile device attack that enables an attacker to be able to initiate the execution of arbitrary code on a compromised device. A JBOH attack often takes place or is facilitated through compromised or malicious apps.
Any means by which the keystrokes of a victim are recorded as they are typed into the physical keyboard. A keylogger can be a software solution or a hardware device used to capture anything that a user might type in including passwords, answers to secret questions or details and information from e-mails, chats and documents.
KeyloggingThrough keylogging, cyber criminals can use malicious software to record the keystrokes on a users’s keyboard, without the victim realizing it. This way, cyber criminals can collect information such as passwords, usernames, PIN codes and other confidential data.
KovterKovter is a Trojan whose primary objective is performing click-fraud operations on the PC it compromises. However, in 2015 Kovter incorporated new cloaking tricks in order to evade detection, which is why cyber criminals started using it to deliver other types of malware, such as ransomware, or to recruit PCs into botnets
KPIs and Performance MetricsKey Performance Indicators help define your strategy and clear focus. Metrics are your “business as usual” measures that still add value to your organization but aren't the critical measure you need to achieve. Every KPI is a metric, but not every metric is a KPI.
A potentially unethical practice of redirecting a link to a middle-man or aggregator site or location rather than the original site which the link seemed to indicate it was directed towards. For example, a news aggregation service may publish links that seem as if they point to the original source of their posted articles, but when a user discovers those links via search or through social networks, the links redirect back to the aggregation site and not the original source of the article.
Likelihood of OccurrenceThis defines the probability of a specific threats to exploit a given vulnerability, based on a subjective analysis.
Logic BombThis is a piece of code that a miscreant can insert into software to trigger a malicious function when a set of defined conditions are met.
Low ImpactThis level of impact of a cyber threat or cyber-attack on an organization shows that there could be a loss of confidentiality, integrity, or availability, but with limited consequences. This includes reducing the capabilities of the organization, while still retaining the ability to function, but also other minor damages, financial loss or harm to people.
This type of virus attached itself to documents and uses macro programming options in a document application (such as Microsoft Word or Excel) to execute malicious code or propagate itself.
MDMMobile device management (MDM) is security software that enables IT departments to implement policies that secure, monitor, and manage end-user mobile devices. This not only includes smartphones, but can extend to tablets, laptops, and even IoT (Internet of Things) devices.
Malicious AppletThis is a small application that is automatically downloaded and executed, being capable of performing an unauthorized action/function on an information system.
Malicious CodeThis is a type of software camouflaged to seem useful and suitable for a task, but which actually obtains unauthorized access to system resources or fools a user into executing other malicious actions.
MalvertisementThis is an online ad infected with malicious code that can even be injected into a safe, legitimate website, without the website owner’s knowledge. This is short for “malware advertisement".
MalvertisingThis is also called “malicious advertising” and it refers to how malware is distributed through online advertising networks. This type of technique is widely use to spread financial malware, data-stealing malware, ransomware and other cyber threats.
MalwareMalware is a short term used for malicious software. Malware is defined as any software that is used to interrupt or disrupt computer operations, gather sensitive information, or gain access to certain files or programs.
Malware-as-a-serviceThis type of malware is developed by cyber criminals to require little or no expertise in hacking, to be flexible, polymorphic, offer a broader reach and often comes packed with ready-coded targets. Malware-as-a-service can be bought or rented on the deep web and in cyber criminal communities, and sometimes can even include technical support from its makers and their team, which they run as a business. The main purpose behind it is making as much money as possible.
Man-in-the-middle AttackThrough this attack, cyber criminals can change the victim’s web traffic and interpose themselves between the victim and a web-based service the victim is trying to reach. At that point, the attacker can either harvest the information that’s being transmitted via the web or alter it. This type of attack is often abbreviated to MITM, MitM, MIM, MiM or MITMA..
Mazar BOTMazar BOT is a strain of malware targeting Android devices which first emerged in February 2016. The malware spreads through SMSs sent to random numbers, which include a link shortened through a URL shortner service (such as bit.ly). Once clicked, the link installs the Mazar BOT malware on the affected device, gaining the ability to write, send, receive and read SMS, access Internet connections, call phones, erase the phone it’s installed on and many more. Mazar BOT doesn’t run on smartphones running Android with the Russian language option. Spoofing has also been observed in Mazar BOT attacks.
Mobile phone malwareThis type of malware targets mobile phones, tablets and other mobile devices, and it aims to disrupt their normal functions, cause system damage or data leakage and/or data loss.
Moderate ImpactWhen this type of impact is estimated or observed on an information system, it means that confidentiality, integrity, or availability have suffered a significant blow. The organization may record barely working primary functions and significant damage to its assets, finances and individuals.
Multifactor AuthenticationThis type of authentication uses two or more factors to achieve authentication. These factors can include something the users knows (a password or a PIN), something the user has (an authentication token, an SMS with a code or a code generator on the phone/tablet) and/or something the user is (biometric authentication methods, such as fingerprints or retina scans).
Network and Cloud Architecture review
The methodology to test the effectiveness of the network and cloud components in the network infrastructure.
Network and IT Security AuditA network security audit helps to determine the effectiveness of network security to resolving underlying network security issues. Network security audits are critical to understanding how well your organization is protected against security threats, whether they are internal or external.
Network SniffingThis is a technique that uses a software program to monitor and analyse network traffic. This can be used legitimately, to detect problems and keep an efficient data flow. But it can also be used maliciously, to harvest data that’s transmitted over a network.
Non-repudiationA property achieved through cryptographic methods to protect against an individual or entity falsely denying having performed a particular action related to data.
This type of attack can happen when an attacker manages to gain access to data through offline means, such as eavesdropping, by penetrating a system and stealing confidential information or looking over someone’s shoulder and obtaining credentials to secret data.
Outside ThreatThis refers to an unauthorized person from outside the company’s security perimeter who has the capacity to harm an information system by destroying it, modifying or stealing data from it and disclosing it to unauthorized recipients, and/or causing denial of service.
Outsider ThreatsThe likelihood or potential that an outside entity, such as an ex-employee, competitor or even an unhappy customer, may pose a risk to the stability or security of an organization. An outsider must often gain logical or physical access to the target before launching malicious attacks.
OWASP (Open Web Application Security Project)An Internet community focused on understanding web technologies and exploitation metrics. Their goal is to help anyone with a website improve the security of their site through defensive programming, design and configuration. Their approach includes understanding attacks in order to know how to defend against them.
This is a type of software designed to monitor and record traffic on a network. It can be used for good, to run diagnostic tests and troubleshoot potential problems. But it can also be used for malicious purposes, to snoop in on your private data exchanges. This includes: your web browsing history, your downloads, the people you send emails to, etc.
Parasitic virusesA type of virus that’s capable of associating itself with a file or inserting itself into a file. To remain undetected, this virus will give control back to the software it infected. When the operating system looks at the infected software, it will continue to give it rights to run as usual. This means that the virus will be able to copy itself, install itself into memory or make other malicious changes to the infected PC. Although this type of virus appeared early on in the history of computer infections, it’s now making a comeback.
Passive attackThis is a type of attack during which cyber criminals try to gain unauthorized access to confidential information. It’s called passive because the attacker only extracts information without changing the data, so it’s more difficult to detect as a result.
Password crackingPassword cracking is the process of trying to guess or crack passwords to gain access to a computer system or network. Crackers generally use a variety of tools, scripts, or software to crack a system password. Password cracks work by comparing every encrypted dictionary word against the entries in the system password file until a match is found.
Password sniffingThis is a tactic used by cyber criminals to harvest passwords. They do this through monitoring and snooping in on network traffic to retrieve password data. If the password is sent over an unencrypted connection (for example, you put in a password on a website that isn’t protected by a security certificate – doesn’t start with https), it’s even easier for attackers to get their hands on your passwords.
PatchA patch is a small software update released by manufacturers to fix or improve a software program. A patch can fix security vulnerabilities or other bugs, or enhance the software in terms of features, usability and performance.
Patch ManagementThe management activity related to researching, testing, approving and installing updates and patches to computer systems, which includes firmware, operating systems and applications. A patch is an update, correction, improvement or expansion of an existing software product through the application of new code issued by the vendor. Patch management is an essential part of security management in order to prevent downtime, minimize vulnerabilities and prevent new untested updates from interfering with productivity.
PatchingPatching is the process of updating software to a different version. It is also referred to as updating the software to the latest version available and is key in removing bugs of the previous version.
PCI DSS Readiness AuditA PCI DSS readiness assessment, also known as a “gap analysis,” finds gaps in your organization's PCI compliance and recommends the proper controls to put in place proactively, so you can better understand key areas of weakness and respond to rapidly evolving security compliance obligations.
PKI (Public Key Infrastructure)A security framework (i.e. a recipe) for using cryptographic concepts in support of secure communications, storage and job tasks. A PKI solution is a combination of symmetric encryption, asymmetric encryption, hashing and digital certificate-based authentication.
Policy and Procedure DocumentationDocumented policies and procedures are critical components of an effective compliance management system. ... Policies and procedures help create consistency and standards within an organization, and are key in training new employees.
POS (Point of Sale) IntrusionAn attack that gains access to the POS (Point of Sale) devices at a retail outlet enabling an attacker to learn payment card information as well as other customer details. POS intrusions can occur against a traditional brick-and-mortar retail location as well as any online retail websites.
Privilege Identity ManagementPrivileged Identity Management (PIM) is a service in Azure Active Directory (Azure AD) that enables you to manage, control, and monitor access to important resources in your organization. These resources include resources in Azure AD, Azure, and other Microsoft Online Services such as Microsoft 365 or Microsoft Intune.
PayloadA payload is the actual application data a packet contains. It is part of the transmitted data which is the fundamental purpose of the transmission. In summary, payload refers to the actual intended message in a transmission.
Pen testA colloquial term for penetration test or penetration testing.
PenetrationIn cyber security, penetration occurs when a malicious attacker manages to bypass a system’s defenses and acquire confidential data from that system.
Penetration TestingThis is a type of attack launched a network or computer system in order to identify security vulnerabilities that can be used to gain unauthorized access to the network’s/system’s features and data. Penetration testing is used to help companies better protect themselves against cyber-attacks.
Personal FirewallThis is a type of firewall that’s installed and runs on personal computers. A firewall is a network security system designed to prevent unauthorized access to public or private networks. Its purpose is to control incoming and outgoing communication based on a set of rules.
PharmingThis is a type of online scam aimed at extracting information such as passwords, usernames and more from the victim. Pharming means redirecting Internet traffic from a legitimate website to a fake one, so victims can put in their confidential information and attackers can collect it. This type of attacks usually targets banking and ecommerce websites. What makes it difficult to detect is that, even if the victim types in the right URL, the redirect will still take the user to the fake website, operated by IT criminals.
PhishingPhishing is an attempt to acquire sensitive information such as usernames, passwords, and credit card details by impersonating as a trustworthy entity. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
PlaintextThis is how ordinary text is called before it’s encrypted or after being decrypted. When someone says that your passwords are stored in plaintext, it means that they can be read by anyone snooping into your private information, because the passwords aren’t encrypted. This is a big lapse in cyber security, so watch out for it.
Polymorphic codePolymorphic code is capable of mutating and changing while maintaining the initial algorithm. Each time it runs, the code morphs, but keeps its function. This tactic is usually used by malware creators to keep their attacks covert and undetected by reactive security solutions.
Polymorphic malwarePolymorphic malware is capable of transforming itself into various derivative versions that perform the same function and have the same objective. By using obfuscated code and constantly changing their code, polymorphic malware strains can infect information systems without being detected by solutions such as traditional malware, which is a key asset in the perspective of cyber criminals.
Pop-up adPop-up ads are windows used in advertising. They appear on top of your browser window when you’re on a website, and they’re often annoying because they are intrusive. While they’re not malicious by nature, sometimes they can become infected with malware, if a cyber attacker compromises the advertising networks that’s serving the pop-up.
Potential ImpactWhen a cyber security risk is assessed, the loss of the 3 essential factors is considered: confidentiality, integrity and availability. If a risk becomes a cyber-attack, it can have low, moderate or high impact.
Proprietary Information (PROPIN)Proprietary information is made of all the data that is unique to a company and ensures its ability to stay competitive. This can include customer details, technical information, costs and trade secrets. If cyber criminals compromise or reveal this information, the impact on the company can be quite severe, as we’ve seen in major data breaches.
Proxy serverA proxy server is a go-between a computer and the Internet. Proxies are used to enhance cyber safety because they prevent attackers from invading a computer/a private network directly.
A trending form of ransomware specifically intended to encrypt cloud emails and attachments.
RansomwareRansomware is the one of the wide range of targets in recent days, companies with significant financial credibility are the most probable targets, since the attackers will be rewarded via ransom money. The major targets of ransomware attacks are those who provide infrastructure and database storage, as well as local government entities and healthcare institutions.
RecoveryThe activities after an incident or event to restore essential services and operations in the short and medium term and fully restore all capabilities in the longer term.
RBI Compliance Assessment for Banks and NBFCsIt include Chartered Accountants Certification for transactions prescribed under FEMA/ RBI regulations, making prescribed applications to Reserve Bank of India for various FEMA and RBI regulated transactions, advisory services related to FEMA/RBI matters.The compliance function is to help the bank in managing its compliance risk, which can be defined as the risk of legal or regulatory sanctions, financial loss, or loss to prominence a bank may suffer as a result of its failure to fulfil with all applicable laws, regulations, codes of conduct and standards of good ..
Readiness AssessmentsMeasuring readiness is a systematic analysis of an organization's ability to undertake a transformational process or change. A readiness assessment identifies the potential challenges that might arise when implementing new procedures, structures, and processes within a current organizational context.
Red TeamA group authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s cyber security posture.
Red Team exerciseAn exercise, reflecting real-world conditions, that is conducted as a simulated attempt by an adversary to attack or exploit vulnerabilities in an enterprise's information systems.
Red Team & Phishing ExercisesRed team exercises use various techniques including phishing and social engineering aimed directly at your employees or their usernames and passwords, in addition to watering hole attacks and drive-by downloads that target specific users and their PC using an internet browser or installing malware on a site visited by ...Simulated phishing or a phishing test is where deceptive emails, similar to malicious emails, are sent by an organisation to their own staff to gauge their response to phishing and similar email attacks.
Real-time reactionThis is a type of immediate reaction and response to a spotted compromise attempt. This is done in due time so the victim can ensure protection against unauthorized network access.
RedundancyAdditional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process.
Remote accessThis happens when someone uses a dedicated program to access a computer from a remote location. This is a norm for people who travel a lot and need access to their company’s network. But cyber criminals can also use remote access to control a computer they’ve previously hacked into.
Remote access Trojan / RATRemote Access Trojans (RATs) use the victim’s access permissions and infects computers to give cyber attackers unlimited access to the data on the PC. Cyber criminals can use RATs to exfiltrate confidential information. RATs include backdoors into the computer system and can enlist the PC into a botnet, while also spreading to other devices. Current RATs can bypass strong authentication and can access sensitive applications, which are later used to exfiltrate information to cybercriminal-controlled servers and websites.
Remote diagnostics / maintenanceThis is a maintenance service carried on by authorized companies/individuals who use the Internet to communicate with the company’s network.
Residual riskThis is a type of risk that remains after all available security measures and tactics have been applied. Because there is no such thing as 100% cyber security, a residual risk remains for each identifiable cyber threat.
Reverse engineeringAcquiring sensitive data by disassembling and analysing the design of a system component. This is one of the most valuable activities in cyber security intelligence gathering.
Risk assessmentThis is a risk analysis process that defines an organization’s cyber security risks and their potential impact. Security measures are then suited to match the importance and potential impact of the risks identified because of the risk assessment.
Risk managementThis is the process by which an organization manages its cyber security risks to decrease their potential impact and take the adequate measures to avoid cyber-attacks. Doing a risk assessment is also part of the process, as well as the risk mitigation strategy and all the procedures that must be applied in order to ensure proper defences against cyber threats. This is a continuous process and should be viewed as a cycle.
Reverse ProxyReverse proxies take public HTTP requests and pass them to back-end webservers to send the content to it, so the proxy can then send the content to the end-user.
Risk mitigationThis is the process by which risks are evaluated, prioritized and managed through mitigation tactics and measures. Since any company has a dynamic environment, a periodical revision should be a defining characteristic of the risk mitigation process.
Rogue security softwareRogue security software (usually antivirus) is a common Internet scam used by cyber criminals to mislead victims and infect their PCs with malware. Malicious actors could also use fake antivirus to trick victims into paying money or extort them (like ransomware does) into paying for having the rogue software removed. So please only buy security software from trusted vendors or from the software makers themselves.
RoguewareThis is a type of deceitful malware which claims to be a trusted and harmless software program (such as antivirus). Cyber criminals use rogueware to harvest data from their victims or to trick them intro paying money. Often, rogueware also includes adware functions, which adds a burden and a potential risk to the infected PC.
Role Based Access ControlRole based access control assigns users to roles based on their organizational functions and determines authorization based on those roles.
Root cause analysisThis is the process used to identify the root causes for certain security risks in an organization. This must be done with the utmost attention to detail and by maintaining an objective perspective.
RootkitA collection of tools (programs) that a hacker uses to mask intrusion and obtain administrator level access to a computer or computer network. For example, rookit malware is capable of covering up the fact that a PC has been compromised. By gaining administrator rights on the affected PC (through exploits or social engineering), attackers can maintain the infection for a long time and are notoriously difficult to remove.
A sandbox is an isolated environment on a network that mimics end-user operating environments. Sandboxes are used to safely execute suspicious code without risking harm to the host device or the corproate network.
SafeguardsThis refers to a set of protection measures that have to meet an information system’s core security requirements, in order to ensure confidentiality, integrity, and availability. This includes everything from employee security to ensuring the safety of physical structures and devices, to management limitations and more.
SAP FUNCTIONALITY REVIEWSAP Basis Configurations provide system-level controls to secure an SAP system. These configuration settings can be set up to be in line with your specific security requirements. The Soterion Basis Review Manager will inspect your SAP Basis Configuration against a set of rules that are based on industry best practices.
SAP GRC REVIEWSAP Governance, Risk, and Compliance (SAP GRC) is a powerful SAP security tool that can be used to ensure your company meets data security and authorization standards. One tool in the solution that helps this is SAP GRC Access Control.Governance, risk and compliance (GRC) refers to a strategy for managing an organization's overall governance, enterprise risk management and compliance with regulations. Think of GRC as a structured approach to aligning IT with business objectives, while effectively managing risk and meeting compliance requirements.
SCADA (Supervisory Control and Data Acquisition)A complex mechanism used to gather data and physical world metrics as well as perform measurement or management actions of the monitored systems for the purposes of automatic large complex real-world processes such as oil refining, nuclear power generation or water filtration. SCADA can provide automated control over very large complex systems whether concentrated in a single physical location or spread across long distances.
SCADA ReviewSupervisory Control and Data Acquisition (SCADA) is a system that aims to monitor and control field devices at your remote sites. SCADA systems are critical as it helps maintain efficiency by collecting and processing real-time data. SCADA is a centralized system that monitors and controls the entire area.
ScarewareThis is a type of malware (or rogueware) that employs social engineering to intimidate and confuse the victims through shock, anxiety, fear and time reistrictions. The objective is to maliciously persuade the victims into buying unwanted software. The software could be rogue security software, ransomware or other type of malware. For example, malicious actors often try to manipulate users that their computer is infected with a virus and that the only way to get rid of it is to pay for, download and install a fake antivirus, which, of course, turns out to be the malware itself.
ScavengingThis is the action of trying to find confidential or sensitive data by searching through a system’s data residue.
SEBIThe Securities and Exchange Board of India (SEBI) is the leading regulator securities markets in India, analogous to the Securities and Exchange Commission in the U.S. SEBI has wide-ranging regulatory, investigative, and enforcement powers, including the ability to impose fines on violators.
Secure ConfigurationsSecure configuration refers to security measures that are implemented when building and installing computers and network devices in order to reduce unnecessary cyber vulnerabilities. Security misconfigurations are one of the most common gaps that criminal hackers look to exploit.
Security & Compliance ReportingIt ensures information security across all the corporate assets and experience hassle free Compliance with various industry mandates like HIPAA, SOX, GLBA, FISMA, PCI DSS, and ISO.
Security Awareness TrainingIt is the process of providing formal cyber security education to the entire workforce of the organization about a variety of information security threats and company’s policies and procedures to detect and respond to cyber threats.
Security CampaignsSecurity awareness campaigns are aimed at truly anchoring information security awareness in the company's culture. This means that every employee automatically considers security aspects in every decision and action in the company.
Security Hardening Baselines DocumentationA hardening process establishes a baseline of system functionality and security. The goal of hardening a system is to remove any unnecessary functionality and to configure what is left in a secure manner.ystems hardening is a collection of tools, techniques, and best practices to reduce vulnerability in technology applications, systems, infrastructure, firmware, and other areas. The goal of systems hardening is to reduce security risk by eliminating potential attack vectors and condensing the system's attack surface.
Security PolicyA set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources.
Security controlsThis is a set of safeguards designed to avoid and mitigate the impact of cyber security risks that an organization has.
Session HijackingTake over a session that someone else has established.
Session KeyIn the context of symmetric encryption, a key that is temporary or is used for a relatively short period of time. Usually, a session key is used for a defined period of communication between two computers, such as for the duration of a single connection or transaction set, or the key is used in an application that protects relatively large amounts of data and, therefore, needs to be re-keyed frequently.
Security impact analysisAn organization should always conduct a security impact analysis to determine if certain changes to the information systems have influenced and impacted its security state.
Security requirementsSecurity requirements are derived from multiple sources and make up for the security necessities of an information system, in order to ensure confidentiality, integrity, and availability of the information that’s managed, transmitted or stored in the system. The sources for security requirements can be legislation, directives, policies, standards, best practices, regulations, procedures or other business necessities.
Server Hardening and BaseliningThis is the methodology to create a Minimum Security Baseline (MSB) hardening standard specific to the environment to mitigate critical risks.
SIEM ImplementationA SIEM (Security Information & Event Management) is a platform for managing security incidents. It allows the collection of system logs and machine data from across your IT environment to help identify unusual or suspicious activity — and then reports an alert in real time if it finds anything suspicious.
Sensitive InformationThis type of information is defined by the fact that not everyone can access it. Sensitive information is data that is confidential for a certain category of users, who can view, access and use this data. This type of information is protected for reasons either related to legal aspects or ethical ones. Examples include: personal identification numbers, health information, education records, trade secrets, credit card information, etc.
SignatureIn cyber security, a signature is an identifiable, differentiating pattern associated with a type of malware, an attack or a set of keystrokes which were used to gain unauthorized access to a system. For example, traditional antivirus solutions can spot, block and remove malware based on their signature, when the antivirussees that a piece of software on your PC matched the signature of a malicious software stored in their database.
SkimmingSkimming happens when a malicious actor uses a tag reader in an unauthorized manner, in order to collect information about a person’s tag. The victim never knows or accepts to be skimmed. For example, card skimming is an illegal practice which consists of the illegal collection of data from a card’s magnetic stripe. This information can then be copied onto a blank card’s magnetic stripe and used by malicious actors to make purchases and withdraw cash in the name of the victim.
SmurfThe Smurf attack works by spoofing the target address and sending a ping to the broadcast address for a remote network, which results in a large amount of ping replies being sent to the target.
SnifferA sniffer is a tool used to monitor traffic over a network. It can be used legitimately, to detect issues with the data flow. But it can also be used by malicious actors, to harvest data that’s transmitted over a network.
SO3The SOC 3 is a public report of internal controls over security, availability, processing integrity, and confidentiality. SSAE 18 / ISAE 3402 Type II. The AICPA created the Statement on Standards for Attestation Engagements No. 18 (SSAE 18) to keep pace with globally recognized international accounting standards.
SOC1Service Organization Control- report is written documentation of the internal controls that are likely to be relevant to an audit of a customer’s financial statements.SOC reports are Service Organization Control reports.Trust Services Principles have to do with criteria dealing with security, availability, processing integrity, confidentiality, and privacy. Those Principles work with SOC 2 and SOC 3 reports.These reports are restricted in use when your issue a SOC 1 or a SOC 2 report. They are only to be read by the user organizations who rely upon your services.A SOC 1 Report (System and Organization Controls Report) is a report on Controls at a Service Organization which are relevant to user entities' internal control over financial reporting.
SOC2SOC 2 is an auditing procedure that ensures your service providers securely manage your data to protect the interests of your organization and the privacy of its clients. For security-conscious businesses, SOC 2 compliance is a minimal requirement when considering a SaaS provider.
Social engineeringA euphemism for non-technical or low-technology means - such as lies, impersonation, tricks, bribes, blackmail, and threats - used to attack information systems.
Software Asset Management ReviewSoftware Asset Management is the business strategy for reclaiming budget and maximizing savings by actively controlling and automating procurement, usage, and deployment of software licenses.A software licensing audit or software compliance audit is an important sub-set of software asset management and component of corporate risk management. When a company is unaware of what software is installed and being used on its machines, it can result in multiple layers of exposure.
SpamSpam is made up of unsolicited emails or other types of messages sent over the Internet. Spam is often used to spread malware and phishing, which is why you should never open, reply to or download attachments from spam messages. Spam cam come your way in the form of emails, instant messages, comments, etc.
Spam filtering softwareThis is a type of program which can analyse emails and other types of messages (i.e. instant messages) to weed out spam. If spam filtering software decides to categorize a message as spam, it’ll probably move that message to a dedicated folder.
Spear phishingSpear phishing is a cyber-attack that aims to extract sensitive data from a victim using a very specific and personalized message. This message is usually sent to individuals or companies, and it’s extremely effective, because it’s very well planned. Attackers invest time and resources into gathering information about the victim (interests, activities, personal history, etc.) in order to create the spear phishing message (which is usually an email). Spear phishing uses the sense of urgency and familiarity (appears to come from someone you know) to manipulate the victim, so the target doesn’t have time to double check the information.
Specialize Trainings on Secure CodingSecure coding training that actually inspires developers to want to learn. Build secure coding skills rapidly at scale across the widest range of language:frameworks, through a proven, hyper-relevant learning platform that makes security key to how coders think.
SSAE18SSAE 18, Service Organizations (often referred to as SSAE 18 or SOC; and previously known as SSAE 16 or SAS 70) contains the rules for conducting an attestation of a service organization's internal controls and issuing a System and Organization Controls' (SOC) report.
Static Code reviewIt is the process by which the source code is reviewed for critical vulnerabilities at the time of development.
Supply Chain AttackSupply Chain attack is a cyber-attack which affects the organization by targeting less-secure elements in the supply network. Such attacks continue to infiltrate into the supply chain through third party systems and services.
SpillageInformation spillage happen when data is moved from a safe, protected system to another system, which is less secure. This can happen to all types of data, from health information to financial or personal data. If the system the data is moved to is less secure, people who should not have access to this information may be able to access it.
Spoofing (Email)This is a compromise attempt during which an unauthorized individual tries to gain access to an information system by impersonating an authorized user. For example, email spoofing is when cyber attackers send phishing emails using a forged sender address. You might believe that you’re receiving an email from a trusted entity, which causes you to click on the links in the email, but the link may end up infecting your PC with malware.
Spy-phishingThis is a type of malware that employs tactics found in both phishing and spyware. By combining these cyber threats, spy-phishing is capable of downloading applications that can run silently on the victim’s system. When the victims open a specific URL, the malware will collect the data the victim puts into that website and send it to a malicious location (like a web server). This technique is used to extend the duration of the phishing attack, even after the phishing website has been taken down.
SpywareSoftware that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner. Spyware monitors and stores the victim’s Internet activity (keystrokes, browser history, etc.) and can also harvest usernames, passwords, financial information and more. It can also send this confidential data to servers operated by cyber criminals, so it can be used in consequent cyber-attacks.
SQL injectionThis is a tactic that used code injection to attack applications which are data-driven. The maliciously injected SQL code can perform several actions, including dumping all the data in a database in a location controlled by the attacker. Through this attack, malicious hackers can spoof identities, modify data or tamper with it, disclose confidential data, delete and destroy the data or make it unavailable. They can also take control of the database completely.
SSL / Secure Sockets LayerSSL comes from Secure Sockets Layer, which is an encryption method to ensure the safety of the data sent and received from a user to a specific website and back. Encrypting this data transfer ensures that no one can snoop on the transmission and gain access to confidential information, such as card details in the case of online shopping. Legitimate websites use SSL (start with https) and users should avoid inputting their data in websites that don’t use SSL.
StealwareThis is a type of malware which is capable of transferring data or money to a third, malicious party. This type of malware usually targets affiliate transactions. It then uses an HTTP cookie to redirect the commission earned by an affiliate marketer to an unauthorized third party.
Strong authenticationThis is a specific requirement that calls for employing multiple authentication factors from different categories and sophisticated technology to verify an entity’s identity. Dynamic passwords, digital certificates, protocols and other authentication elements are part of strong authentication standards. This is especially applied in banking and financial services, where access to an account has to be tied to a real person or an organization.
Supply chain attackThis type of attack aims to inflict damage upon an organization by leveraging vulnerabilities in its supply network. Cyber criminals often manipulate with hardware or software during the manufacturing stage to implant rootkits or tie in hardware-based spying elements. Attackers can later use these implants to attack the organization they’re after.
Suppression measureThis can be any action or device used to reduce the security risks in an information system. This is part of the risk mitigation process, aimed at minimizing the security risks of an organization or information system.
Suspicious files and behaviorSuspicious behavior is identified when files exhibit an unusual behavior pattern. For example, if files start copying themselves to a system folder, this might be a sign that those file have been compromised by malware. Traditional antivirus solutions incorporate this type of detection to spot and block malware.
Symmetric cryptographyA branch of cryptography in which a cryptographic system or algorithms use the same secret key (a shared secret key).
Symmetric keyA symmetric key is a cryptographic key that is used in a symmetric cryptographic algorithm.
System administrator / SysadminThe sysadmin, how it’s also called, is a person in charge of all the technical aspects of an information system. This includes aspects related to configuration, maintenance, ensuring reliability and the necessary resources for the system to run at optimal parameters while respecting a budget and more.
System integrityThis state defines an information system which is able to perform its dedicated functions at optimal parameters, without intrusion or manipulation (either intended or not).
The intentional activity of modifying the way an information system works, in order to force it to execute unauthorized actions.
Targeted threatTargeted threats are singled out because of their focus: they are usually directed at a specific organization or industry. These threats are also designed to extract sensitive information from the target, so cyber criminals take a long time to prepare these threats. They are carefully documented, so the chances for successful compromise can be as big as possible. Targeted threats are delivered via email (phishing, vishing, etc.), they employ Zero Days and other vulnerabilities to penetrate an information system, and many more. Government and financial organizations are the most frequent targets for this type of cyber threats.
ThreatIn cyber security, a threat is a possible security violation that can become certainty if the right context, capabilities, actions and events unfold. If a threat becomes reality, it can cause a security breach or additional damages.
Threat ActorSynonym(s): Threat Agent
Threat agentAn individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.
Threat analysisThis refers to the process of examining the sources of cyber threats and evaluating them in relation to the information system’s vulnerabilities. In the NICE Framework, cyber security work where a person: Identifies and assesses the capabilities and activities of cyber criminals or foreign intelligence entities; produces findings to help initialize or support law enforcement and counterintelligence investigations or activities.
Threat assessmentThe product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations, and/or property.
Threat eventA threat event is defined as a potentially harmful situation for an information system that can have unwanted consequences.
Threat modelA threat model is a process that is used to optimize network security by identifying the key objectives and vulnerabilities, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system or network.
Threat monitoringThreat monitoring is a continuous process. During this process, security audits and other information in this category are gathered, analysed and reviewed to see if certain events in the information system could endanger the system’s security.
Threat scenarioA threat scenario draws information from all available resources and focuses on three key elements: Vulnerabilities, Threats and Impact. This helps associate a specific cyber threat to one or more threat sources and establish priorities.
Threat shiftingIt is the process of adapting protection measures in response to cyber attackers’ everchanging tactics. Countermeasures must be constantly updated to meet the challenges posed by polymorphic malware.
Threat sourceThreat source refers to the objective and method used by cyber attackers to exploit a security vulnerability or a certain context in order to compromise an information system. Triggering a system vulnerability may happen accidentally or on purpose.
Thick client AssessmentA thick client is a heavy, fat or rich client where the processing happens in the client end rather than in the server end.
Threat Hunting & DetectionProactively hunting for cyber threats that are lurking undetected in a corporate network. Cyber threat hunting digs deep to find malicious actors in the environment that have slipped past the initial endpoint security defenses.
Threat Intelligence AdvisoryThreat intelligence is knowledge that allows to prevent or mitigate from cyber attacks. Threat intelligence advisories describe the members of Advanced Persistent Threat (APT) groups, how they work and how to recognize their tactics, techniques and procedures.
Threat MitigationIt is the act of reducing the severity or seriousness of the impact of a threat in case of a successful exploitation.
Time-dependent passwordThis type of password can be either valid for a limited amount of time or it can be valid for use during a specific interval in a day. Time-dependent passwords are most often generated by an application and are part of the two-factor or multi-factor authentication mechanisms.
TokenIn security, a token is a physical electronic device used to validate a user’s identity. Tokens are usually part of the two-factor or multi-factor authentication mechanisms. Tokens can also replace passwords in some cases and can be found under the form of a key fob, a USB, an ID card or a smart card.
TOR (The Onion Router)Free software designed to make it possible for users to surf the Internet anonymously, so their activities and location cannot be discovered by government agencies, corporations, or anyone else.
Triple wrappedTriple wrapped describes any data that has been signed with a digital signature, encrypted, and then signed again is called triple wrapped.
Tracking cookieThis type of cookies are places on users’ computers during web browsing sessions. Their purpose is to collect data about the user’s browsing preferences on a specific website, so they can then deliver targeted advertising or to improve the user’s experience on that website by delivering customized information.
Traffic analysisDuring this process, the traffic on a network is intercepted, examined and reviews in order to determine traffic patterns, volumes and extract relevant statistics about it. This data is necessary to improve the network’s performance, security and general management.
Traffic Encryption Key (TEK)This is a term specific to network security, which depicts the key used to encrypt the traffic within a network.
Trojan (Trojan horse)A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program. Trojans can be used to spy on a user’s activity (web browsing, computer activity, etc.), to collect and harvest ensitive data, to delete files, to download more malware onto the PC and more.
Typhoid adwareThis is a cyber security threat that employs a Man-in-the-middle attack in order to inject advertising into certain web pages a user visits while using a public network, like a public, nonencrypted WiFi hotspot. In this case, the computer being used doesn’t need to have adware on it, so installing a traditional antivirus can’t counteract the threat. While the ads themselves can be non-malicious, they can expose users to other threats. For example, the ads could promote a fake antivirus that is malware or a phishing attack.
When someone gains unauthorized access, it means that they’ve illegally or illegitimately accessed protected or sensitive information without permission.
Unauthorized disclosureThis happens when sensitive, private information is communicated or exposed to parties who are not authorized to access the data.
URL injectionA URL (or link) injection is when a cybercriminal created new pages on a website owned by someone else, that contain spammy words or links. Sometimes, these pages also contain malicious code that redirects your users to other web pages or makes the website's web server contribute to a DDoS attack. URL injection usually happens because of vulnerabilities in server directories or software used to operate the website, such as an outdated WordPress or plugins.
Vendor Security Audit
vendor Security Assessments are an ignored facet of cyber security. However, most companies rely on third-party vendors for some form of service. The vendors in question can be SaaS providers or IaaS providers, providing software or infrastructure services.Regardless, engaging with third party vendors is a reality for today’s businesses. However, there are some caveats to doing so. While, businesses can be certain about their own security posture, that cannot be said about the vendors. Usually, there is little to no evidence about the vendors’ security infrastructure. Due to this, businesses can find themselves and their confidential data at risk.The objective of Vendor Audit is to develop an audit function comprising of qualified resources to effectively perform compliance audits to ensure that the contracts are being executed in accordance with the intent and address the net benefit to include cost recoveries, process improvement savings, fraud prevention and ...
Virtual CISO servicesA Virtual Chief Information Security Officer (vCISO) helps organizations to protect their infrastructure, data, people and customers. A CISO is a top security expert that builds the client organization's cybersecurity program. The Virtual CISO works with the existing management and technical teams.CISO-as-a-Service brings business and operational alignment, consistency and confidence to organizations' cybersecurity program. It is an essential and critical investment for the enterprise to evaluate and strengthen the effectiveness of the cybersecurity program and drive regulatory compliance.
Virtual Private Network / VPNA VPN, short for Virtual Private Network, uses the Internet public infrastructure to connect to a private network. VPNs are usually created and owned by corporations. By using encryption and other security means, a VPN will hide your online activity from attackers and offer extra shield when you want to safely navigate online.
VirusVirus is a malicious program usually attached to a legitimate or harmless program. When the program runs, the virus gets executed and performs activities that harm infected machines and their data. A virus can copy itself and spread to other files.
Virus hoaxA computer virus hoax is a message that warns about a non-existent computer virus threat. This is usually transmitted via email and tells the recipients to forward it to everyone they know. Computer hoaxes are usually harmless, but their intent is not innocent, since they exploit lack of knowledge, concern or ability to investigate before aking the action describedin the hoax.
VishingA form of phishing attack which takes place over VoIP. In this attack, the attacker uses VoIP systems to be able to call any phone number with no toll-charge expense. The attacker often falsifies their caller-ID in order to trick the victim into believing they are receiving a phone call from a legitimate or trustworthy source such as a bank, retail outlet, law enforcement or charity. The victims do not need to be using VoIP themselves in order to be attacked over their phone system by a vishing attack.
VulnerabilityA vulnerability, also known as a security vulnerability, is a flow or error in a software or operating system that can let hackers take control of the affected machine and use it for illegal activities. Vulnerabilities have to solved as soon as they are discovered, before a cyber criminal takes advantage and exploits them.
A web application firewall (WAF) protects web applications from a variety of application layer attacks such as cross-site scripting (XSS), SQL injection, and cookie poisoning, among others. ... With the right WAF in place, you can block the array of attacks that aim to exfiltrate that data by compromising your systems.
Web bugA web bug, also called a web beacon or pixel tag, is a small, transparent GIF image, usually not bigger than 1 pixel. It's embedded in an email or webpage and is usually used in connection with cookies. Web bugs are designed to monitor your activity and they load when you open an email or visit a website. Most common uses are marketing-related: for email tracking (to see if readers are opening the emails they receive, when they open them), web analytics (to see how many people visited a website), advertisement statistics (to find out how often an ad appears or is being viewed), IP addresses gathering, type of browser used.
Website SpoofingWebsite spoofing refers to creating a fake site that looks exactly like a trusted and popular website, in order to collect personal or financial information from users. Spoofed websites are created using legitimate logos, colors, designs, etc., to make them look realistic.
Whale PhishingWhale phishing is a campaign that is aimed particularly at wealthier individuals. It is also known as whaling.
Whitehat HackerAlso known as ethical hackers, they uses their abilities to identify security weaknesses in systems in a way that will allow the system’s owners to fix the weakness.
White Hat / Black HatWhite hat:b> Penetrates a network to obtain sensitive data with the owner's permission, making it totally lawful. This approach is commonly used to check for infrastructure lelve security flaws. Black hat:b> Hackers who breach into a network to acquire information that will be used to threaten the owner or users without their authorization are known as black hats which is completely against the law.
WhitelistA list of entities that are considered trustworthy and are granted access or privileges.
Wireless security assessmentThe methodology to test the control effectiveness in the wireless infrastructure of the organization.
Workshops for Senior Managementleaders influence the behavior of others by describing a better vision of the future. ... Those leadership skills can be taught in a workshop or program. The most effective leadership workshops include training and coaching, then more training and coaching, to reinforce desired behaviors over time.
WormA worm is a stand-alone malware that can self-replicate itself. Unlike a virus, it does not require a ‘host program’ to attach itself to. It spreads by placing its functional copies in email attachments, instant messages, networks, flash drives, etc. A worm can be used to distribute Trojans, viruses, spam, phishing emails, and other forms of malware. Worms may also include "payloads" that damage host computers, commonly designed to steal data, delete files, send documents via email or install backdoors.
A Zero Day or Zero Hour attack are attacks that use vulnerabilities in computer software that cyber criminals have discovered and software makers have not patched (because they weren't aware that those vulnerabilities exist). These are often exploited by cyber attackers before the software or security companies become aware of them. Sometimes, Zero Days are discovered by security vendors or researchers and kept private until the company patches the vulnerabilities