Cyber Defense Group
Cybersecurity Glossary

Air Gap

The physical separation or isolation of a system from other systems or networks

Asset

A person, structure, facility, information, records, information technology systems and resources, material, process, relationships, or reputation that has value.

Attack

An attempt to gain unauthorized access to system services, resources, information or an attempt to compromise system integrity. The intentional act of attempting to bypass one or more security services or controls of an information system.

Attack Surface

The attack surface of a software environment is the sum of the different points where an unauthorized user can try to enter data to or extract data from an environment. Keeping the attack surface as small as possible is a basic security measure.

Audit

An Audit is the examination and evaluation of an organization’s information technology infrastructure, policies and operations.

Audit Readiness Assessment

Report detailing all gaps against a framework based on interviews and evidence review. Assist with strategies and planing for addressing gaps prior to audit.

Blue Team

Related to Pen Tests – Blue Team defends the organization from the “attacks” attempting to find vulnerabilities.

Bot

A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under remote the command and control of a remote administrator.

Botnet

A collection of computers compromised by malicious code and controlled across a network.

California Consumer Privacy Act (CCPA)

The California Consumer Privacy Act (CCPA) is a state statute intended to enhance privacy rights and consumer protection for residents of the state of California in the United States. Read More Here

California Privacy Rights Act (CPRA)

The California Privacy Rights Act of 2020, also known as Proposition 24, is a California ballot proposition that was approved by a majority of voters after appearing on the ballot for the general election on November 3, 2020. Read More Here

Chief Information Security Officer (CISO)

A chief information security officer (CISO) is the senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.

CIS-18

CIS-18 is a set of 18 prioritized safeguards to mitigate the most prevalent cyber-attacks against today’s modern systems and networks. They were created by the Center for Internet Security, and they’re designed to help organizations of all sizes improve their cybersecurity posture.

Cloud Security Assessment

A cloud security assessment (CSA) is a process that evaluates an organization’s cloud infrastructure for vulnerabilities, weaknesses, and potential threats. CSAs are critical to help organizations mitigate risks, ensure the security of cloud-based systems, and stay current with evolving threats.

Confidentiality

Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.

Cybersecurity

Cybersecurity is the art of protecting networks, devices, and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity, and availability of information. It seems that everything relies on computers and the internet now— communication (e.g., email, smartphones, tablets), entertainment (e.g., interactive video games, social media, apps ), transportation (e.g., navigation systems), shopping (e.g., online shopping, credit cards), medicine (e.g., medical equipment, medical records), and the list goes on. How much of your daily life relies on technology? How much of your personal information is stored either on your own computer, smartphone, tablet or on someone else’s system? – CISA

Cybersecurity as a Service (CSaaS)

Cybersecurity as a Service (CSaaS) in an outsourced model of providing cybersecurity management to a third-party vendor. CSaaS provides robust and all-encompassing protection for your business’s digital operations through people and processes. This service covers every aspect of your cybersecurity needs and offers recommendations to enable your business to monitor, prevent, and rapidly respond to threats.

From managing third-party risks and integrating DevSecOps to conducting thorough vulnerability assessments and proactive threat management, our customizable solutions align precisely with your unique business objectives. With the expertise of seasoned professionals from various industries, you can ensure compliance and a fortified cybersecurity posture, all at a fraction of the cost of an in-house cybersecurity team.

Cybersecurity Insurance

Cyber insurance, also known as cyber liability insurance or cyber risk insurance, is a contract that helps businesses reduce the risk of cyber attacks and data breaches. It protects businesses from the financial costs of internet-based threats that can affect their IT infrastructure, information policy, and governance. Cyber insurance covers losses that result from cyberattacks, data breaches, cyberterrorism, and regulatory violations.

Cybersecurity Risk Assessment

A full security assessment report that includes client interviews, a technical assessment, and executive presentation.

Data

Data are a set of values of qualitative or quantitative variables about one or more persons or objects.

Data Breach

The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information.

Data Loss Prevention (DLP)

Data Loss Prevention (DLP) is a cybersecurity strategy that helps organizations detect and prevent data breaches, exfiltration, or destruction. DLP can help organizations protect sensitive data, such as intellectual property and personally identifiable information (PII), and comply with industry and data privacy regulations.

It’s a set of procedures and mechanisms to stop sensitive data from leaving a security boundary.

Data Security Posture Management (DSPM)

Data Security Posture Management (DSPM) serves as a cybersecurity framework designed to safeguard organizational data against unauthorized access, misuse, or theft. Employing an array of security measures like data encryption, access control, and data loss prevention (DLP), it continuously oversees, enhances, and fine-tunes security protocols. DSPM solutions prove invaluable across diverse security landscapes, including ensuring data security within intricate cloud setups and detecting insider threats effectively.

Denial of Service (DoS)

An attack that prevents or impairs the authorized use of information system resources or services.

Distributed Denial of Service (DDoS)

DDoS attacks are a subclass of denial of service attacks. A DDoS attack involves multiple connected online devices, collectively known as a botnet, which are used to overwhelm a target website with fake traffic

Education and Training

The training of personnel within pertinent subject domain; develop, plan, coordinate, deliver, and/or evaluate training courses, methods, and techniques as appropriate.

Encryption

Data encryption is a way of translating data from plaintext (unencrypted) to ciphertext (encrypted). Users can access encrypted data with an encryption key and decrypted data with a decryption key.

Endpoint Detection and Response (EDR)

EDR, also known as endpoint threat detection and response, is a cyber technology that continually monitors and responds to mitigate cyber threats.

Extended Detection and Response (XDR)

Extended Detection and Response (XDR) is a (SaaS)-based, vendor-specific, security threat detection and incident response tool that natively integrates multiple security products into a cohesive security operations system that unifies all licensed components.

Firewall

A hardware/software device or a software program that limits network traffic according to a set of rules of what access is and is not allowed or authorized.

Forensic Analysis

Forensic analysis can be described as a detailed process of detecting, investigating, and documenting the reason, course, and consequences of a security incident.

Gap Assessment

Gap Assessment is an in-depth review that helps organizations determine the difference between the current state of their information security to specific industry requirements.

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU)

Hacker

An unauthorized user who attempts to or gains access to an information system.

Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.

Identity & Access Management

The methods and processes used to manage subjects and their authentication and authorizations to access specific objects.

Incident Response (IR)

Incident response (IR) is the effort to quickly identify an attack, minimize its effects, contain damage, and remediate the cause to reduce the risk of future incidents.

Information Security Policy

An aggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information.

InfoSec

Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management.

Inside(r) Threat

One or more individuals with the access and/or inside knowledge of a company, organization, or enterprise that would allow them to exploit the vulnerabilities of that entity’s security, systems, services, products, or facilities with the intent to cause harm.

International Organization for Standardization (ISO 27001)

International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) is an international standard on how to manage information security. The standard was originally published jointly by the International Organization for Standardization and the International Electrotechnical Commission in 2005 and then revised in 2013

Key Logger

Software or hardware that tracks keystrokes and keyboard events, usually surreptitiously/secretly, to monitor actions by the user of an information system.

Key Pair

Two mathematically related keys having the property that one key can be used to encrypt a message that can only be decrypted using the other key.

Malware

Software that compromises the operation of a system by performing an unauthorized function or process.

Managed Detection and Response (MDR)

Next generation antivirus/antimalware systems that no only block signature based threats but also can learn and block behavior based threats. These usually also have a system “Digital Video Recorder” in which you can replay recent activities on the system to see where an infection originated and how it spread/what it did. Logs are also usually much richer as well than a traditional Audio/Visual system.

Mitigation

Implementing appropriate risk-reduction controls based on risk management priorities and analysis of alternatives.

MITRE ATT&CK®

MITRE ATT&CK® stands for MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK). The MITRE ATT&CK® framework is a curated knowledge base and model for cyberadversary behavior, reflecting the various phases of an adversary’s attack lifecycle and the platforms they are known to target.

Managed Services Provider (MSP)

A Managed Service Provider (MSP) offers network, application, infrastructure, and security services through consistent support and active management on customers’ premises, their own data center, or a third-party data center. MSPs may combine their services with others, like a security MSP providing system administration on top of third-party cloud Infrastructure as a Service (IaaS). Pure-play MSPs typically focus on specific vendors or technologies. While originally centered on infrastructure services, the MSP role now encompasses continuous management, maintenance, and support across various service types. This is your traditional managed IT services company.

Managed Security Services Provider (MSSP)

A Managed Security Service Provider (MSSP) delivers outsourced monitoring and management of security devices and systems. They offer various services such as managed firewall, intrusion detection, virtual private network, vulnerability scanning, and antivirus services. MSSPs operate high-availability security operation centers, either in-house or through data center providers, to provide 24/7 services. This reduces the need for enterprises to hire, train, and retain extensive security personnel while maintaining a strong security posture.

Network

The Infrastructure including hardware (e.g., hubs, bridges, switches, multiplexers, routers, cables, proxy servers, and protective distributor systems) and software that permit the sharing and transmission of all spectrum transmissions of information to support the security of information and information systems.

Network Resilience

The ability of a network to: (1) provide continuous operation (i.e., highly resistant to disruption and able to operate in a degraded mode if damaged); (2) recover effectively if failure does occur; and (3) scale to meet rapid or unpredictable demands.

NIST

NIST Cybersecurity Framework (CSF) is a set of guidelines for mitigating organizational cybersecurity risks, published by the US National Institute of Standards and Technology (NIST). The framework provides a high level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes in addition to guidance on the protection of privacy.

Operations Technology

The hardware and software systems used to operate industrial control devices.

OSINT Report

Open source intelligence (OSINT) is the act of gathering and analyzing publicly available data for intelligence purposes. Our intelligence researchers leverage open source data to better understand the threat landscape and help defend organizations from known risks within their IT environment.

Password

A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization.

Payment Card Industry (PCI)

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. The PCI Standard is mandated by the card brands but administered by the (PCI) Security Standards Council

Penetration Test (Pen Test)

A penetration test, or pen test, is an attempt to evaluate the security of an IT infrastructure by safely trying to exploit vulnerabilities. These vulnerabilities may exist in operating systems, services and application flaws, improper configurations or risky end-user behavior. Such assessments are also useful in validating the efficacy of defensive mechanisms as well as end-user adherence to security policies. – Core Security website
Grey Box Testing is a software testing technique to test a software product or application with partial knowledge of internal structure of the application. The purpose of grey box testing is to search and identify the defects due to improper code structure or improper use of applications.
Black Box testing involves testing a system with no prior knowledge of its internal workings. A tester provides an input, and observes the output generated by the system under test. Black box testing exercises a system end-to-end.
White Box testing, sometimes referred to as crystal or oblique box pen testing, involves sharing full network and system information with the tester, including network maps and credentials.

Penetration Testing

Testing a target’s security through practical penetration techniques and providing a thorough report of any successful penetration. Tests follow the Offensive Security Certified Professional (OSCP) model.

Personally Identifiable Information (PII)

PII or Personal Identifiable Information is any data that can be used to clearly identify an individual. Some examples that have traditionally been considered personally identifiable information include, mailing address, email address and phone numbers.

Phishing

A digital form of social engineering to deceive individuals into providing sensitive information.

Protected Health Information (PHI)

Protected health information (PHI), also referred to as personal health information, is the demographic information, medical histories, test and laboratory results, mental health conditions, insurance information and other data that a healthcare professional collects to identify an individual

Quarterly Business Review (QBR)

Quarterly Business Review is a quarterly meeting to review deliverable items and discuss any concerns and next steps.

Ransomware

Ransomware is malware that employs encryption to hold a victim’s information at ransom. A user or organization’s critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access.

Red Team

Related to Pen Tests – The red team “attacks,” trying to find vulnerabilities and determining security risks for the organization.

Reverse Engineering

Reverse engineering is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accomplishes a task with very little insight into exactly how it does so

Risk

The potential for an unwanted or adverse outcome resulting from an incident, event, or occurrence, as determined by the likelihood that a particular threat will exploit a particular vulnerability, with the associated consequences.

Risk Assessment

Risk Assessment is the appraisal of risks facing an entity, asset, system, or network, organizational operations and includes determining the extent to which adverse circumstances or events could result in harmful consequences.

SDLC Security Assessment

Review of current configurations, procedures, tools, and policies around the CI/CD Pipeline. Will culminate in a report with recommendations for improvement, if any.

Secret

A secret refers to a private piece of information that acts as a key to unlock protected or sensitive resources. Examples of secrets include passwords, certificates, SSH keys, and encryption keys.

Secure Shell Protocol (SSH)

Secure Shell Protocol, or SSH, is a cryptographic network protocol for operating network services securely over an unsecured network.

Secure Software Development Lifecycle (SSDLC)

Secure Software Development Lifecycle is a collection of best practices which focuses on incorporating security into every step of the SDLC.

Security Debt

Security debt is a variant of technical debt that occurs when organizations do not invest enough money or resources into security efforts upfront.

Security Event vs. Security Incident

A security event is any observable occurrence that is relevant to information security. This can include attempted attacks or lapses that expose security vulnerabilities. A security incident is a security event that results in damage or risk to information security assets and operations.

Security Information and Event Management (SIEM)

Security Information and Event Management. This is collecting all of your important log sources for correlation, alerting, and response. Log retention is also important but a separate factor in your overall incident response and log management strategies.

Security Operations Center (SOC)

Security Operations Center – not to be confused with SOC 2. A SOC is where all of your security tool logs, alerts, and data comes in and is processed and responded to.

Security Operations Center (SOC 2)

SOC 2 is a voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data. The standard is based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.

Security Policy

A rule or set of rules that govern the acceptable use of an organization’s information and services to a level of acceptable risk and the means for protecting the organization’s information assets.

Social Engineering and/or Phishing Test

One time test of employees at the organization and how they respond to potentially malicious or suspicious external communications.

Spoofing

The deliberate inducement of a user or resource to take incorrect action. (e.g., impersonating, masquerading, piggybacking, and mimicking).

Spyware

Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.

Tabletop Exercise

Tabletop Exercise is a Cybersecurity mock drill in the simplest definition. It is a cyberattack simulation exercise. An attack scenario that is extremely relevant to the business is simulated during the workshop.

Threat

A threat is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application.

Threat Actor (TA)

A threat actor is an individual who locates and attacks technological vulnerabilities—via information systems, networks, domains, devices, and other potentially breachable windows— and then leverages stolen data to accomplish a variety of goals, most commonly for financial gain.

Threat Assessment

The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or manmade, that have or indicate the potential to harm life, information, operations, and/or property.

Threat Hunting

Threat hunting is the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions.

Trojan Horse

A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.

Unauthorized Access

Any access that violates the stated security policy.

Virtual Chief Information Security Officer (vCISO)

A Virtual Chief Information Security Officer (vCISO) helps organizations to protect their infrastructure, data, people and customers. A vCISO is a top security expert that builds the client organization’s cybersecurity program. The Virtual CISO works with the existing management and technical teams.

Virus

A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer.

Vulnerability or Vuln

The state of an Information system or assets being exposed to the possibility of being attacked.

White Team

Related to Pen Tests – The group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of information systems.

Worm

A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.

Yara Rules

YARA rules are used to classify and identify malware samples by creating descriptions of malware families based on textual or binary patterns.