Cybersecurity Glossary

I'm always looking for definitions for common cybersecurity terms so I thought it is high time I put one together for our blog. Cybersecurity definition in one place, simples.

Access control mechanism

Definition: Security measures designed to detect and deny unauthorized access and permit authorized access to an information system or a physical facility.

Attack signature

Definition: A characteristic or distinctive pattern that can be searched for or that can be used in matching to previously identified attacks. It also encompasses an automated set of rules for identifying a potential threat (such as an exploit or the presence of an attacker tool) and possible responses to that threat.

Blue Team

Definition: A group that defends an enterprise's information systems when mock attackers (i.e., the Red Team) attack, typically as part of an operational exercise conducted according to rules established and monitored by a neutral group (i.e., the White Team). It is also a group that conducts operational vulnerability evaluations and recommends mitigation techniques to customers who need an independent technical review of their cybersecurity posture.

Bot

Definition: A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under remote the command and control of a remote administrator.

Data loss prevention *

Definition: A set of procedures and mechanisms to stop sensitive data from leaving a security boundary.

Denial of service (DDoS)

Definition: An attack that prevents or impairs the authorized use of information system resources or services.

Exfiltration *

Definition: The unauthorized transfer of information from an information system.

Firewall

Definition: A hardware/software device or a software program that limits network traffic according to a set of rules of what access is and is not allowed or authorized.

ICT supply chain threat

Definition: A man-made threat achieved through exploitation of the information and communications technology (ICT) system’s supply chain, including acquisition processes.

Information system resilience

Definition: The ability of an information system to: (1) continue to operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (2) recover effectively in a timely manner.

Integrated risk management

Definition: The structured approach that enables an enterprise or organization to share risk information and risk analysis and to synchronize independent yet complementary risk management strategies to unify efforts across the enterprise.

Intrusion detection

Definition: The process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred.

Macro virus

Definition: A type of malicious code that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute, replicate, and spread or propagate itself.

Malicious applet

Definition: A small application program that is automatically downloaded and executed and that performs an unauthorized function on an information system.

Malicious code

Definition: Program code intended to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system.

Malicious logic  

Definition: Hardware, firmware, or software that is intentionally included or inserted in a system to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system.

Non-repudiation

Definition: A property achieved through cryptographic methods to protect against an individual or entity falsely denying having performed a particular action related to data. Provides the capability to determine whether a given individual took a particular action such as creating information, sending a message, approving information, and receiving a message.

Network resilience

Definition: The ability of a network to: (1) provide continuous operation (i.e., highly resistant to disruption and able to operate in a degraded mode if damaged); (2) recover effectively if failure does occur; and (3) scale to meet rapid or unpredictable demands.

Passive attack  

Definition: An actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations.

 Phishing

Definition: A digital form of social engineering to deceive individuals into providing sensitive information.

Precursor

Definition: An observable occurrence or sign that an attacker may be preparing to cause an incident.

Red Team

Definition: A group authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s cybersecurity posture.

Security program management

Definition: In the NICE Workforce Framework, cybersecurity work where a person: Manages information security (e.g., information security) implications within the organization, specific program, or other area of responsibility, to include strategic, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and other resources (e.g., the role of a Chief Information Security Officer).

Situational awareness  

Definition: Comprehending information about the current and developing security posture and risks, based on information gathered, observation and analysis, and knowledge or experience.

Spoofing

Definition: Faking the sending address of a transmission to gain illegal [unauthorized] entry into a secure system. In other words, the deliberate inducement of a user or resource to take incorrect action. Note: Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing.

Spyware

Definition: Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.

Systems security architecture

Definition: In the NICE Workforce Framework, cybersecurity work where a person: Develops system concepts and works on the capabilities phases of the systems development lifecycle; translates technology and environmental conditions (e.g., law and regulation) into system and security designs and processes.

Trojan horse

Definition: A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.

Vulnerability assessment and management

Definition: In the NICE Workforce Framework, cybersecurity work where a person: Conducts assessments of threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.

White team

Definition: A group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of information systems.

Spear Phishing

Definition: Spear phishing describes a type of phishing attack that targets specific victims. But instead of sending out an email to millions of email addresses, cyber attackers send out a very small number of crafted emails to very specific individuals, usually all at the same organization. Because of the targeted nature of this attack, spear phishing attacks are often harder to detect and usually more effective at fooling the victims. 

Code injection

Definition: The code injection technique is usually used by online attackers to change the course of execution of a computer program. This method is used by online criminals to spread malicious software by infecting legitimate websites with malicious code. 

Dormant code

Definition: Modern, advanced malware often has modular structure, including multiple components. One of them is dormant code, which means that the malware needs specific triggers to execute the task is was created for. This type of behavior is coded into the malware to it can bypass signature-based detection in products such as traditional antivirus and anti-malware solutions. There is also another reason for using dormant code: since advanced malware, such as ransomware or financial malware, usually rely on extern infrastructure to download components for infection, the malware can remain dormant and undetected if it can’t reach its Control and Command servers to execute further. 

Exploit kit

Definition: Exploit kits (EKs) are computer programs designed to find flaws, weaknesses or mistakes in software apps (commonly known as vulnerabilities) and use them to gain access into a system or a network. They are used in the first stages of a cyber-attack, because they have the ability to download malicious files and feed the attacked system with malicious code after infiltrating it. 

Honeypot

This a program used for security purposes which is able to simulate one or more network services that look like a computer’s ports. When an attacker tries to infiltrate, the honeypot will make the target system appear vulnerable. In the background, it will log access attempts to the ports, which can even include data like the attacker’s keystrokes. The data collected by a honeypot can then be used to anticipate incoming attacks and improve security in companies. 

Obfuscation

Definition: In cyber security, obfuscation is a tactic used to make computer code obscure or unclear, so that humans or certain security programs (such as traditional antivirus) can’t understand it. By using obfuscated code, cyber criminals make it more difficult for cyber security specialists to read, analyze and reverse engineer their malware, preventing them for finding a way to block the malware and suppress the threat. 

Packet sniffer

Definition: This is a type of software designed to monitor and record traffic on a network. It can be used for good, to run diagnostic tests and troubleshoot potential problems. But it can also be used for malicious purposes, to snoop in on your private data exchanges. This includes: your web browsing history, your downloads, the people you send emails to, etc. 

Proprietary Information (PROPIN)

Definition: Proprietary information is made of all the data that is unique to a company and ensures its ability to stay competitive. This can include customer details, technical information, costs and trade secrets. If cyber criminals compromise or reveal this information, the impact on the company can be quite severe, as we’ve seen in major data breaches. 

Replay attacks

Definition: This type of attack uses authentication data that cyber criminals have previously gathered to re-transmit this confidential information. The purpose is to gain unauthorized access or produce other malicious effects. 

Zombie

Definition: A zombie computer is one connected to the Internet, that in appearance is performing normally, but can be controlled by a hacker who has remote access to it and sends commands through an open port. Zombies are mostly used to perform malicious tasks, such as spreading spam or other infected data to other computers, or launch of DoS (Denial of Service) attacks, with the owner being unaware of it. 

Blind drop

Definition: A drop that is well hidden and is designed to run while unattended, until an attacker comes to collect the data. In the case of remote access Trojans, can also refer to file hidden locally. 

Keylogger

Definition: A program that logs user input from the keyboard, usually without the user's knowledge or permission. 

Rootkit

Definition: Code that plugs into and changes the low-level functions of an operating system. Used by malware to hide itself from users and even the operating system itself.