Cyber Security Glossary {Jargon}
Translating the technical side of security into something more relatable
We’re a Cyber Security Solutions Provider … we help protect computers, systems & data from digital attacks & we help our customers understand where they might be vulnerable and what they might need.
We ‘get’ the ‘jargon’ but not everyone does, cyber security is something that should be on all businesses agenda’s but due to resources, budgets, understanding & priorities it is often relegated to the bottom of the list.
Ann Johnson, Corporate Vice President at Microsoft wrote a blog post about the The language of InfoSec, where she talks about the language we use in technology to communicate and how it can be alienating.
Cyber security should be at the top of ALL business agenda’s as something that needs to be implemented to ensure businesses and processes are safe – are we not alienating all those businesses that don’t have the resources and technical know-how because of the language we use?
We need to translate the technical side of security to something more relatable so that it’s more accessible to everyone – hopefully this glossary of terms is a start.
A
AGENTLESS
It’s easier to explain ‘Agent’ first. ‘Agent’ is a process or service that is installed to a machine in order for an activity to be performed on it.
‘Agentless’ means an ‘Agent’ isn’t required, systems are updated/used/processed with push technology/accessed remotely from a central point so there is less impact on the machine that the activity is being performed on.
AI (Artificial Intelligence)
Tasks performed by computers that would usually (previously) have been performed by human intelligence e.g. making decisions, problem solving. They tend to be more accurate as they negate human error and can be available 24×7. They’re very useful for detecting spam, detecting fraud and are automated – meaning quicker responses to potential security breaches.
API (Application Programming Interface)
The process of sending requests and receiving responses from applications, databases and devices … & a toolset that programmers can use to create software.
Basically, the engine under the hood (source: MuleSoft Videos – watch this, it explains it so much better than we can).
APT (Advanced Persistent Threat)
An intruder (or teams of intruders) gain access to a network & remain undetected for a period of time, performing a prolonged and targeted cyber attack – a ‘persistent threat’.
B
BAS (Breach & Attack Simulation)
Organisations are able to test their cyber resilience by continually (& automatically) simulating attacks likely to be deployed by cyber criminals, helping them find vulnerabilities and fix them.
BLUE TEAM
Blue teams use their skills to defend cyber attacks, they analyse systems to ensure security, identify flaws and verify the effectiveness of an organisations security going forward.
They work in opposition to a Red Team.
The Red Team v Blue Team concept was originally used by the military to test force readiness.
BOT
Automated programmes designed to perform a specific task (like a roBOT) for other programs or users. They are used frequently in chat systems to communicate. They can be ‘good’ or ‘bad’ depending on what they are used for.
BYOD (Bring Your Own Device)
Allowed to use your own personal devices rather than official business owned (& usually regulated) devices – use your own phone, use your own laptop, use your own tablet – you get the gist! They can cause problems if not regulated and make your business more vulnerable to attacks.
C
Pronounced Cas-Bee. A software tool or service that sits between your own infrastructure and a cloud service infrastructure, securing the data flow & enforcing policies between them, like a gatekeeper.
CLOUD COMPUTING
Delivering computer services through the internet, on-demand rather than it being stored directly on your computer/device. The services are delivered and used over the Internet and typically paid for by the customer on a pay-per-use business model although there are free ‘Cloud Computing’ services such as gmail. It’s important the data that flows between them is secured.
Amazon Web Services explain it pretty well in this video.
CSPM (Cloud Security Posture Management)
The continual monitoring of cloud security accounts to reduce the likelihood of a successful attack and provide steps to remediate any potential compliance violations and data breaches, often automated.
CYBER ATTACK
Random or targeted malicious attempts to gain access to networks & data to destroy, steal, manipulate and use against individuals and organisations.
D
DDoS (Distributed Denial-of-Service)
A malicious attempt to stop a server, service or network by flooding it with traffic from multiple sources so that it is unavailable to its users. Often used to take down websites and online services.
DLP (Data Loss Prevention)
The use of monitoring procedures and tools to stop sensitive data being sent outside of a company.
E
ENCRYPTION
The process of data being converted into secret code. The original information, known as plain text, is converted into what is known as ciphertext. It can only be read by someone who is authorised to convert it back to plaintext (decryption).
ENDPOINT
A communication device on a network such as a laptop, computer, server, mobile. The nature of them as an endpoint also creates a point of entry that can be exploited.
EMM (Enterprise Mobility Management)
A set of processes, people and devices that manage corporate and employee owned mobile devices, mobile applications and wireless networks to ensure they are used safely & security breaches are prevented.
ETHICAL HACKING
Legally breaking into computers and devices to test an organisations security, also known as pen testing. The purpose is to identify any vulnerabilities.
F
FORENSICS
Detecting and analysing the evidence of a cyber crime.
H
HACKERS
Unauthorised users access a computer or device to steal, alter, delete, re-issue data, without your knowledge or consent. Their motivation tends to be financial, to protest about something, to gather information or to show off their skillset.
I
INCIDENT RESPONSE
Managing the aftermath of a cyber attack or security breach to reduce costs and recovery time.
IN-MEMORY
A type of database that relies primarily on memory for data storage rather than disk. In-memory cyber attacks (also known as fileless attacks) focus on getting data in & out of the systems memory, they’re difficult to detect & remove.
INSIDER THREAT
A type of malicious activity that comes from inside an organisation, such as from an employee, former employee, contractor etc. – someone that has authorised use but misuses it to cause damage.
IIoT (Industrial Internet of Things)
(see IoT below). Internet enabled devices used in manufacturing and industrial processes e.g. sensors, actuators, to make companies more productive and efficient. These used to be closed systems but now they are online they are more susceptible to cyber attacks.
IoT (Internet of Things)
Devices that are connected to the internet that turn on and off and transmit data such as Alexa, smart watches, speakers, doorbells, alarm clocks, baby monitors, toys etc. They are susceptible to cyber attacks.
M
MALWARE
Short for MAL(icious) (soft)WARE. Any program or file which is intentionally designed to cause damage without the users consent e.g. viruses, ransomware, spyware.
MAN-IN-THE-MIDDLE ATTACK
A person hijacks communication between 2 people and eavesdrops or relays and/or alters it without either parties knowledge.
MITRE ATT&CK
I’m so impressed with this … this is something I learnt whilst compiling this glossary and I literally rolled my eyes at the term MITRE ATT&CK before I understood it …
MITRE are an American not-for-profit organisation.
They developed ATT&CK (Adversarial Tactics, Techniques & Common Knowledge) – a globally accessed knowledge database, based on real world observations of attackers behaviours, it’s used by threat hunters, red teams & defenders.
Their mission is to make the world a safer place by bringing communities together to develop more effective cyber security.
ATT&CK is available for anyone to use, there is no charge.
N
A security solution that continually scans networks to discover hidden threats, analyse them and respond accordingly to prevent security breaches.
P
PATCH MANAGEMENT
A strategy for managing the installation of code changes on existing applications and systems to ensure they are up-to-date. It’s necessary security in terms of preventing low level cyber attacks.
Also known as penetration testing and ethical hacking – it’s an authorised simulated cyber attack on computer systems to check how secure they are.
PHISHING
Pronounced ‘fishing’, is an attempt to trick you into passing on sensitive information such as your date of birth, credit card details or passwords by disguising themselves as someone you know. A type of man-in-the-middle attack.
PAM (PRIVILEGED ACCESS MANAGEMENT)
A privileged account is a user account that has more privileges than ordinary users, therefore a potential higher security risk. PAM is the use of software and strategies to control that privileged access.
As per PAM (see above) but administrators are provided the exact level of privileges needed, when they’re needed, for as long as they’re needed, and the environment is returned to a no-access-by-default state immediately upon completion.
R
RANSOMWARE
A form of malware (see above). A type of cyber attack that takes over the victims device & doesn’t allow access until the user pays a monetary fee.
RED TEAM
Red teams work in opposition to a Blue Team (see above), they test the effectiveness of an organisations security policy using ethical hacking and help them overcome any bias.
The Red Team v Blue Team concept was originally used by the military to test force readiness.
ROOTKIT
Malicious software that installs itself to a machine to allow the hacker to access it remotely, unbeknown to the user. It remains hidden & hard to detect.
RUN-TIME
The period of time that a program runs for, starting when a program is opened and stopping once it is closed.
S
SECURITY POSTURE
The status of a companies (cyber) security – the controls and measures that are in place to protect your software, hardware, information, assets etc. and how well you can detect & respond to attacks. It should be constantly changing.
SENSITIVE DATA
Any data that needs to be secured from unauthorised access that a business considers to be confidential, and that is bound by regulatory compliance initiatives such as the GDPR.
Pronounced SIM. It’s a software solution that combines Security Information Management (SIM) and Security Event Management (SEM). Data is collected from a variety of sources and analysed to detect trends, discover threats and investigate alerts.
SEM carries out real-time system monitoring & reporting on security related events.
SIM retrieves and analyses log data and generates a report on threats and events.
A centralised unit that deals with security issues on an organisational and technical level. It monitors and analyses activity on networks, servers, endpoints, databases, applications, websites, and other systems so that it is able to detect & respond to threats. It manages your risk more effectively.
SOCIAL ENGINEERING
The art of manipulating people into performing actions or divulging confidential information that put you/your business at risk e.g. an email from a trusted source asking you to click on a link, responding to a question you haven’t asked. They rely on human error to create a security breach.
STRUCTURED DATA
Structured data is comprised of clearly defined data types that are easy to enter, define, search & analyse e.g. date, name, email, credit card number etc.
T
THREAT INTELLIGENCE
The gathering of information to help understand the threats your organisation has had, currently has or might have and using this information to improve your response to attacks.
TWO-FACTOR AUTHENTICATION (2FA)
An authentication method that adds an additional layer of security, the user is granted access when they successfully present 2 or more pieces of information e.g. entering a password and a passcode that is sent via a text message.
U
UNSTRUCTURED DATA
Information that doesn’t fit into a typical database format and is not easily searchable e.g. email messages, word processing documents, videos, audio files, powerpoint presentations, surveillance data etc.
V
VULNERABILITY MANAGEMENT
All software contains vulnerabilities and you are responsible for securing the software your business uses. Management of it includes identifying, evaluating, responding and reporting on vulnerabilities in your systems and the software that runs on them.
W
Web applications can be exploited by hackers and tend to hold sensitive information, they need to be tested continually for functionality, usability, compatibility, performance & security to protect them from cyber attacks.
Z
ZERO-DAY
A security vulnerability where there are zero days between the time the vulnerability is discovered and the first attack. Manufacturers have not had a chance to release patches to secure them.
Cyber Security Glossary – we’d love to expand on this list and we’re continually learning so send us your terms, we’ll do some research and add them in. Thank you.
thanks for info