Cyber Terms & Resources

Acronyms

Acronym Description
3DESTriple Data Encryption Standard
ACLAccess Control List
ADPAutomated Data Processing
AESAdvance Encryption Standard
AHAuthentication Header
AISAutomated Information System
AOArea of Operations
APTAdvanced Persistent Threat
BCPBusiness Continuity Plan
BIABusiness Impact Analysis
BoDBeginning of Day
BYODBring Your Own Device
CACertificate Authority
CIOChief Information Officer
CISOChief Information Security Officer
CSOChief Security Officer
CAPECCommon Attack Pattern Enumeration and Classification
CERTComputer Emergency Response Team
DESData Encryption Standard
DHSDepartment of Homeland Security
DRPDisaster Recovery Plan
DACDiscretionary Access Control
DNSDomain Name System
ECCElliptical Curve Cryptography
EFTElectrionic Funds Transfer
ESPEncapsulation Security Payload
EWElectronic Warfare
FISMAFederal Information Security Act
FTPFile Transfer Protocol
FOForward Observer
GRCGovernance Risk Management and Compliance
HIPPAHealth Insurance 
HTTPHypertext Transfer Protocol
HTTPSHypertext Transfer Protocol Secure
IDSIntrusion Detection System
IaaSInfrastructure as a Service
IANAInernet Assigned Numbers Authority
ICMPInternet Control Message Protocol
IDSIntrusion Detection System
IETFInternet Engineering Task Force
IGInterior Guard
IPInternet Protocol
IPSIntrusion Prevention System
IPSecInternet Protocol Security
IPXInternetwork Packet Exchange
ISInformation Systems
ISOInternational Standards Organization
ISPInternet Service Provider
KRIKey Risk Indicator
LANLocal Area Network
LDAPLightweight Directory Access Protocol
MACMandatory Access Control
MAC AddressMedia Access Control
MANMetropolitan Access Network
Acronym Description
NATNetwork Address Translation
NetBIOSNetwork Basic Input/Output System
NICNetwork Interface Control
NIAPNational Information Assurance Partnership
NISTNational Institute for Standards and Technology
NNTPNetwork News Transfer Protocol
OpSecOperational Security
OSOperating System
OSIOpen Systems Interconnect
OWASPOpen Web Application Security Project
PaaSPlatform as a Service
PINPersonal Identification Number
PKIPublic Key Infrastructure
POTSPlain Old Telephone Service
PSTNPublic Switched Telephone Network
RARegistration Authority
RASRemote Access Service
ROIReturn On Investment
RPORecovery Point Objective
RTORecovery Time Objective
SaaSSoftware as a Service
SCADASupervisory Control and Data Acquisition
SDLCSoftware Development Life Cycle
SDOService Delivery Objectives
SecaaSSecurity as a Service
SETSecure Electronic Transaction
SETSocial-Engeneer Toolkit
SFASingle Factor Authentication
SLAService Level Agreement
S/MIMESecure Multipurpose Internet Mail Extension
SMTPSimple Mail Transfer Protocol
SoDSegregation/Seperation of Duties
SoDStart of Day
SPXSequenced Packet Exchange
SSHSecure Shell
SSLSecure Socket Layer
TCOTotal Cost of Ownership
TCPTransmission Control Protocol
TCP/IPTransmission Control Protocol/Internet Protocol
TKIPTemperal Key Integrety Protocol
TLSTransport Layer Security
URLUniform Resource Locator
UDPUser Datagram Protocol
VLANVitrual Local Area Network
VPNVirtual Private Network
VoIPVoice Over Internet Protocol
WANWide Area Network
WAPWi-Fi Protected Access
WAP2Wi-Fi Protected Access II
WEPWired Equivalent Privacy
WLANWireless Local Area Network
XSSCross-site Scripting

Resources

CNSSI 4009, National Information Assurance (IA) Glossary, June 2006.
CISSPÆ All-in-One Exam Guide, Forth Edition, Shon Harris, The McGraw-Hill Companies, 2008.
Official (ISC)2 Æ Guide To The CISSPÆ CBK by Harold F. Tipton, et. al., Auerbach Publications, 2006.
Official (ISC)2 Æ Guide To The CISSPÆ Exam by Susan Hansche, et. al., Auerbach Publications, 2004.
NIST SP 800-16, Information Technology Security Training Requirements: A Role- and Performance-Based Model, April 1998.
NIST SP 800-30, Risk Management Guide for Information Technology Systems, July 2002.
NIST SP 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems, May 2004.
NIST SP 800-53, Rev. 2, Recommended Security Controls for Federal Information Systems, December 2007.
NIST SP 800-64 Rev. 1, Security Considerations in the Information System Development Life Cycle, June 2004.
NIST SP 800-61, Computer Security Incident Handling Guide, January, 2004.
NIST SP 800-65, Integrating IT Security into the Capital Planning and Investment Control Process, January 2005.
NIST SP 800-67, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, May 2004.
NIST SP 800-77, Guide to IPsec VPNs, December 2005.
FIPS 46-3, Data Encryption Standard (DES), October 1999.
FIPS 140-2, Security Requirements for Cryptographic Modules, May 2001.
FIPS 180-2, Secure Hash Standard (SHS), August 2002.
FIPS 185, Escrowed Encryption Standard, February 1994.
FIPS 186-2, Digital Signature Standard (DSS), January 2000.
FIPS 197, Advanced Encryption Standard, November 2001.
FIPS 198, The Keyed-Hashed Message Authentication Code (HMAC), March 2002.
FIPS 199, Standards for Security Categorization of Federal Information and Information Systems, December 2003.
FIPS 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006.
Information Assurance Technical Framework (IATF), Release 3.1, NSA IA Solutions Technical Directors, September 2002.
ISO/IEC 15408-1:2005, Evaluation Criteria for IT Security ñ Part 1: Introduction and General Model, 2005.
ISO/IEC 15408-2:2005, Evaluation Criteria for IT Security ñ Part 2: Security Functional Requirements, 2005.
ISO/IEC 15408-3:2005, Evaluation Criteria for IT Security ñ Part 3: Security Assurance Requirements, 2005.
BS ISO/IEC 17799:2005, Code of Practice for Information Security Management, 2005.
Control Objectives for Information and related Technology (COBIT), Release 4.0, IT Governance Institute, 2005.
ISO/IEC 21827, Systems Security Engineering ñ Capability Maturity Model (SSE-CMMÆ), 2002.
ISO/IEC 27001, Information Security Management Systems ñ Requirements, 2005.
Draft MIL-STD-499C, Systems Engineering, Aerospace Corporation, April 15, 2005.
ISO/IEC 15288:2008(E), IEEE Std 15288-2008, Systems and Software Engineering ñ System Life Cycle Processes, February 1, 2008.
IEEE STD 1220-2005, IEEE Standard for Application and Management of the Systems Engineering Process, September 9, 2005.
IEEE/EIA 12207.0-1996, Industrial Implementation of International Standard ISO/IEC 12207:1995 Software Life Cycle Processes, March 1998.
IEEE/EIA 12207.1-1997, Industrial Implementation of International Standard ISO/IEC 12207:1995 Software Life Cycle ProcessesóLife Cycle Data, April 1998.
IEEE/EIA 12207.2-1997, Industrial Implementation of International Standard ISO/IEC 12207:1995 Software Life Cycle ProcessesóImplementation Considerations, April 1998.
DoD 5200.28-STD, Department of Defense Trusted Computer System Evaluation Criteria, December 1985. (a.k.a. Orange Book).
NCSC-TG-003, Version-1 A, Guide to Understanding Discretionary Access Control in Trusted Systems, September 30, 1987. (a.k.a. Neo-Orange Book).
Information Technology Security Evaluation Criteria (ITSEC), Version 1.2, June 1991.

Glossary

ACCESS CONTROL

The process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities

ADVANCED PERSISTENT THREAT (APT)

An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception).

AIR GAP

To physically separate or isolate a system from other systems or networks.

ATTACK PATH

The steps that an adversary takes or may take to plan, prepare for, and execute an attack.

ATTACK PATTERN

Similar cyber events or behaviors that may indicate an attack has occurred or is occurring, resulting in a security violation or a potential security violation.

ATTACK SIGNATURE

A characteristic or distinctive pattern that can be searched for or that can be used in matching to previously identified attacks.

AUTHENTICATION

The process of verifying the identity or other attributes of an entity (user, process, or device).

AUTHORIZATION

A process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource.

BACKDOOR

A backdoor is a tool installed after a compromise to give an attacker easier access to the compromised system around any security mechanisms that are in place.

BEHAVIOR MONITORING

Observing activities of users, information systems, and processes and measuring the activities against organizational policies and rule, baselines of normal activity, thresholds, and trends.

BLACKLIST

A list of entities that are blocked or denied privileges or access.

BLUE TEAM

A group that defends an enterprise’s information systems when mock attackers (i.e., the Red Team) attack, typically as part of an operational exercise conducted according to rules established and monitored by a neutral group (i.e., the White Team).

BOT

A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under the command and control of a remote administrator.

BUG

An unexpected and relatively small defect, fault, flaw, or imperfection in an information system or device.

CHECKSUM

A value that is computed by a function that is dependent on the contents of a data object and is stored or transmitted together with the object, for the purpose of detecting changes in the data.

CIP

Critical Infrastructure Protection. The North American Electric Reliability Corporation (NERC), which FERC directed to develop Critical Infrastructure Protection (CIP) cyber security reliability standards.

CIPHERTEXT

Data or information in its encrypted form.

CLOUD COMPUTING

A model for enabling on-demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

COMPUTER (DIGITAL) FORENSICS

The processes and tools to create a bit by bit copy of a an electronic device (collection and acquisition) for the purpose of analyzing and reporting evidence; gather and preserve evidence that is legally defensible and does not alter the original device or data.

CONTINUITY OF OPERATIONS PLAN

A document that sets forth procedures for the continued performance of core capabilities and critical operations during any disruption or potential disruption.

CRITICAL INFRASTRUCTURE

The systems and assets, whether physical or virtual, so vital to society that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters.

CRYPTANALYSIS

The operations performed in defeating or circumventing cryptographic protection of information by applying mathematical techniques and without an initial knowledge of the key employed in providing the protection.

CSIRT

Cyber Security Incident Response Team

CYBER MUNITIONS

Technology system that has a purpose of causing harm and destruction by altering the running state of another system without permission.

DATA BREACH

The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information.

DATA LOSS PREVENTION

A set of procedures and mechanisms to stop sensitive data from leaving a security boundary.

DATA MINING

The process or techniques used to analyze large sets of existing information to discover previously unrevealed patterns or correlations.

DENIAL OF SERVICE (DOS)

An attack that prevents or impairs the authorized use of information system resources or services.

DIGITAL FORENSICS

The processes and specialized techniques for gathering, retaining, and analyzing system-related data (digital evidence) for investigative purposes.

DIGITAL RIGHTS MANAGEMENT (DRM)

A form of access control technology to protect and manage use of digital content or devices in accordance with the content or device provider’s intentions.

DIGITAL SIGNATURE

A value computed with a cryptographic process using a private key and then appended to a data object, thereby digitally signing the data.

DISTRIBUTED DENIAL OF SERVICE (DDOS)

A denial of service technique that uses numerous systems to perform the attack simultaneously.

DMZ

DeMilitarized Zone. A physical or logical subnetwork where publicly facing internet connections occur; a subnetwork where an organization’s external- facing services are exposed to an untrusted network (i.e. internet).

DOXING

The process or technique of gathering personal information on a target or subject, and building a dossier with the intent to cause harm.

DYNAMIC ATTACK SURFACE

The automated, on-the-fly changes of an information system’s characteristics to thwart actions of an adversary.

ELECTRONIC SIGNATURE

Any mark in electronic form associated with an electronic document, applied with the intent to sign the document.

ENTERPRISE RISK MANAGEMENT

A comprehensive approach to risk management that engages people, processes, and systems across an organization to improve the quality of decision making for managing risks that may hinder an organization’s ability to achieve its objectives.

EVENT LOGS

The computer-based documentation log of all events occurring within a system.

EXFILTRATION

The unauthorized transfer of information from an information system.

EXPLOIT

A technique to breach the security of a network or information system in violation of security policy.

EXPOSURE

The condition of being unprotected, thereby allowing access to information or access to capabilities that an attacker can use to enter a system or network.

FIREWALL

A physical appliance or software designed to control inbound and/or outbound electronic access.

HASH VALUE

A numeric value resulting from applying a mathematical algorithm against a set of data such as a file.

HASHING

A process of applying a mathematical algorithm against a set of data to produce a numeric value (a ”hash value”) that represents the data. The result of hashing is a value that can be used to validate if a file has been altered. Frequently used hash functions are MD5, SHA1 and SHA2

IDENTITY AND ACCESS MANAGEMENT

The methods and processes used to manage subjects and their authentication and authorizations to access specific objects.

INCIDENT

An occurrence that actually or potentially results in adverse consequences to an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences.

INCIDENT HANDLER (CYBER SECURITY)

The person assigned to lead a team of subject matter experts in cyber security and how to respond to adverse security events.

INDUSTRIAL CONTROL SYSTEM

An information system used to control industrial processes such as manufacturing, product handling, production, and distribution or to control infrastructure assets.

INTEGRITY

The property whereby information, an information system, or a component of a system has not been modified or destroyed in an unauthorized manner.

INTRUSION DETECTION

The process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred.

KEYLOGGER

Software or hardware that tracks keystrokes and keyboard events, usually surreptitiously / secretly, to monitor actions by the user of an information system.

MACRO VIRUS

A type of malicious code that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute, replicate, and spread or propagate itself.

MALWARE

Software that compromises the operation of a system by performing an unauthorized function or process.

MITIGATION

The application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences.

MOVING TARGET DEFENSE

The presentation of a dynamic attack surface, increasing an adversary’s work factor necessary to probe, attack, or maintain presence in a cyber target.

MSSP

Managed Security Service Provider

NIST

National Institute of Standards and Technology. The 800 series (NIST 800) covers cyber and information security.

OPEN SOURCE

Denoting software whose original source code is made free and available with no restrictions on use, selling, distribution or modification of the code.

OPEN SOURCE INTELLIGENCE

Intelligence collected from publicly available sources

OPEN SOURCE TOOLS

Tools that are made with open source code.

OPERATIONAL EXERCISE

An action-based exercise where personnel rehearse reactions to an incident scenario, drawing on their understanding of plans and procedures, roles, and responsibilities.

PACKET CAPTURES

The process of collecting, or capturing, network packets as they are being sent and received; used in diagnosing and solving network problems.

PENETRATION TESTING (PEN TEST)

An evaluation methodology whereby assessors actively probe for vulnerabilities and attempt to circumvent the security features of a network and/or information system.

PHISHING

A digital form of social engineering to deceive individuals into providing sensitive information.

PRIVATE KEY

A cryptographic key that must be kept confidential and is used to enable the operation of an asymmetric (public key) cryptographic algorithm.

PUBLIC KEY

The publicly-disclosed component of a pair of cryptographic keys used for asymmetric cryptography.

RDP

Remote Desktop Protocol. A Microsoft protocol through which a desktop or server may be accessed by a remote client.

RECOVERY

The activities after an incident or event to restore essential services and operations in the short and medium term and fully restore all capabilities in the longer term.

RED TEAM

A group authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s cybersecurity posture.

REDUNDANCY

Additional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process.

RESILIENCE

The ability to adapt to changing conditions and prepare for, withstand, and rapidly recover from disruption.

RESPONSE

The activities that address the short-term, direct effects of an incident and may also support short-term recovery.

RISK MANAGEMENT

The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.

ROAMING PROFILE

A configuration in which the user profile within the domain is stored on a server and allows authorized users to log on to any computer within a network domain and have a consistent desktop experience.

ROOTKIT

A set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges, and conceal the activities conducted by the tools.

SCRIPTKIDDIE

An unskilled or non-sophisticated individual using pre-made hacking techniques and software to attack networks and deface websites.

SECURITY AUTOMATION

The use of information technology in place of manual processes for cyber incident response and management.

SECURITY POLICY

A rule or set of rules that govern the acceptable use of an organization’s information and services to a level of acceptable risk and the means for protecting the organization’s information assets.

SIEM

System Incident and Event Management. Tools and processes that collect data generated from devices and services to perform real time and historical correlated analysis to detect security, compliance and service levels events.

SIGNATURE

A recognizable, distinguishing pattern.

SITUATIONAL AWARENESS

Comprehending information about the current and developing security posture and risks, based on information gathered, observation and analysis, and knowledge or experience.

SOFTWARE ASSURANCE

The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle, and that the software functions in the intended manner.

SPEARPHISHING

An email or electronic communications scam targeted towards a specific individual, organization, or business.

SPOOFING

Faking the sending address of a transmission to gain illegal or unauthorized entry into a secure system. Extended The deliberate inducement of a user or resource to take incorrect action. Note: Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing.

SPYWARE

Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.

TABLETOP EXERCISE

A discussion-based exercise where personnel meet in a classroom setting or breakout groups and are presented with a scenario to validate the content of plans, procedures, policies, cooperative agreements or other information for managing an incident.

THREAT AGENT

An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.

THREAT ASSESSMENT

The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations, and/or property.

TICKET

In access control, data that authenticates the identity of a client or a service and, together with a temporary encryption key (a session key), forms a credential.

TOPOLOGY DIAGRAM

A schematic diagram displaying how the various elements in a network communicate with each other. A topology diagram may be physical or logical.

TRAFFIC LIGHT PROTOCOL

A set of designations employing four colors (RED, AMBER, GREEN, and WHITE) used to ensure that sensitive information is shared with the correct audience.

TROJAN HORSE

A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.

VIRUS

A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer.

VULNERABILITY

A characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard. Extended Characteristic of location or security posture or of design, security procedures, internal controls, or the implementation of any of these that permit a threat or hazard to occur. Vulnerability (expressing degree of vulnerability): qualitative or quantitative expression of the level of susceptibility to harm when a threat or hazard is realized.

WHITE TEAM

A group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of information systems.

WHITELIST

A list of entities that are considered trustworthy and are granted access or privileges.

WORK FACTOR

An estimate of the effort or time needed by a potential adversary, with specified expertise and resources, to overcome a protective measure.

WORM

A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.

ZERO DAY

The Zero Day is the day a new vulnerability is made known. In some cases, a zero day exploit is referred to an exploit for which no patch is available yet. (Day one is day at which the patch is made available).
Comprehending information about the current and developing security posture and risks, based on information gathered, observation and analysis, and knowledge or experience.