This is a dictionary of terms I put together for IBM while serving as a Technical Product Marketing Manager. It uses industry-standard terminology, and there are no company secrets or proprietary terms. Feel free to use it in any way you need. I also included links to the reference pages on everything I could.
A | ||
| access | The ability to read, update, or otherwise use a resource. Access to protected resources is usually controlled by system software. | IBM |
| Access Control | The process of granting or denying specific requests: 1) for obtaining and using information and related information processing services; and 2) to enter specific physical facilities (e.g., federal buildings, military establishments, and border crossing entrances). | NIST |
| Access Control List (ACL) | A list of permissions associated with an object (e.g., computer hardware or software or a gate that provides ingress and egress to a physical facility). The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object. | CNSS |
| Account Management | Manages the current account and any associated accounts. Displays account informtion such as Name, Description of the Account, Type, Acct. ID, Identity Providers and whether or not Data Source Analytics are enabled. The page also allows you to edit account settings, manage users and see details on creation and modification of the information. | |
| administrator | A person responsible for administrative tasks such as access authorization and content management. Administrators can also grant levels of authority to users. | IBM |
| Advanced Persistent Threat (APT) | An adversary that possesses sophisticated levels of expertise and significant resources used to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (1) pursues its objectives repeatedly over an extended period of time; (2) adapts to defenders’ efforts to resist it; and (3) is determined to maintain the level of interaction needed to execute its objectives. | NIST |
| After-Action Report (AAR) | Summary of key post-exercise evaluation information, including the exercise overview and analysis of objectives and core capabilities. It is developed in conjunction with an improvement plan, which identifies specific corrective actions, assigns them to responsible parties, and establishes target dates for their completion. The lead evaluator and exercise planning team draft the AAR. | FEMA |
| agent | Any hardware component that is managed by the relative management system. Hardware components include appliances, scanners, network sensors, server sensors, and desktop sensors. | IBM |
| alert | A message or other indication that signals an event or an impending event that meets a set of specified criteria. See also rule. | IBM |
| All-Hazards | A threat or an incident, natural or manmade, that warrants action to protect life, property, the environment, and public health or safety, and to minimize disruptions of government, social, or economic activities. It includes natural disasters, cyber incidents, industrial accidents, pandemics, acts of terrorism, sabotage, and destructive criminal activity targeting critical infrastructure. | Presidential Policy Directive / PPD-21 |
| Antimalware (AM) | Antimalware is a type of software program created to protect information technology (IT) systems and individual computers from malicious software, or malware. Antimalware programs scan a computer system to prevent, detect and remove malware. The key to antimalware are the known malware definitrions which the antimalware software uses to detect known malicious software. | |
| AntiVirus (AV) | An antivirus product is a program designed to detect and remove viruses and other kinds of malicious software from your computer or laptop. Malicious software – known as malware – is code that can harm your computers and laptops, and the data on them. The key feature to antivirus are the known virus definitions which the software uses to identify known viruses and malware. | |
| API Keys | You can use API keys to authenticate programmatic requests to IBM Cloud Pak for Security services. To keep your key secure, delete it and create a new API key every 90 days. Learn how to authenticate requests using your API keys. The API key is a two part string, consisting of a unique identifier and a secret token, which is used for authentication to the API endpoint. The Unique Identifier is comparable to a user ID and has a set of access rights specific to an identity associated with it. The secret token, comparable to a password, is a code that is used together with the Unique Identifier to verify the identity of the calling process to the API. | |
| appliance | A hardware device with integrated software that is dedicated to a specific task or set of business requirements. | IBM |
| attack | Any attempt by an unauthorized person to compromise the operation of a software program or networked system. | IBM |
| Attestation | The validation of all aspects of a computer or system that relate to its safe, secure, and correct operation. | NRECA / Cooperative Research Network |
| Authentication | Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources. | NIST |
| Authorization | Verifying a user’s permissions (after a user has been authenticated) for accessing certain resources or functionality. | NRECA / Cooperative Research Network |
| Availability | Ensuring timely and reliable access to and use of information. Resiliency objectives extend the concept to refer to point-in-time availability (i.e., the system, component, or device is usable when needed) and the continuity of availability (i.e., the system, component, or device remains usable for the duration of the time it is needed). | NIST |
| Availability | With confidentiality and integrity, availability is considered part of the CIA Triad, which represents the three most crucial components of information security. | |
B | ||
| Bandwidth | The amount of information that can be passed through a communication channel in a given amount of time, usually expressed in bits per second. | ATIS |
| Bitcoin | An electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party. | Bitcoin.org |
| Black Sky Hazard/Event | A catastrophic event that severely disrupts the normal functioning of critical infrastructures in multiple regions for long durations. | EIS Council |
| Black Start | The restoration of a power station without reliance on the external power transmission system. Black start capabilities are often provided by small co-located diesel generators used to start larger generators, which in turn start the main power station generators. | Idaho National Laboratory |
| Blacklist | A list of entities that are blocked or denied privileges or access. | US-CERT |
| Blockchain | Tamper-resistant digital ledgers implemented in a distributed fashion (i.e., without a central repository) and usually without a central authority (i.e., a bank, company, or government). At their basic level, they enable a community of users to record transactions in a shared ledger within that community, such that under normal operation, no transaction can be changed once published. | NIST |
| Botnet | A collection of computers compromised by malicious code and controlled across a network. (See Command and Control.) | US-CERT |
| Botnet | The word botnet is a combination of the words robot and network. | |
| Boundary Protection | Monitoring and control of digital communications at the external perimeter of an information system to prevent and detect malicious and other unauthorized communications, using devices such as proxies, gateways, routers, firewalls, guards, and encrypted tunnels. Also referred to as perimeter protection. | NRECA / Cooperative Research Network |
| Bulk Electric System (BES) Cyber Asset | A Cyber Asset that, if rendered unavailable, degraded, or misused, would, within 15 minutes of its required operation, misoperation, or non-operation, adversely impact one or more facilities, systems, or equipment, which, if destroyed, degraded, or otherwise rendered unavailable when needed, would affect the reliable operation of the Bulk Electric System. Redundancy of affected facilities, systems, and equipment shall not be considered when determining adverse impact. Each BES Cyber Asset is included in one or more BES Cyber Systems. | NERC |
C | ||
| Case Management | This is the page that contains all of the cases that are open for forensic investigations into alerts occuring within the given environment. | |
| Case Management | Case Management is the collection of cases in a single app for collaboration and management. | QRadar |
| Cases | Qradar employs an app within the platform named cases. This app operates under the Case Management tab. | QRadar |
| certificate | In computer security, a digital document that binds a public key to the identity of the certificate owner, thereby enabling the certificate owner to be authenticated. A certificate is issued by a certificate authority and is digitally signed by that authority. | IBM |
| Cloud Security | Cloud security is a collection of procedures and technology designed to address external and internal threats to business security. Organizations need cloud security as they move toward their digital transformation strategy and incorporate cloud-based tools and services as part of their infrastructure. | |
| Cloud Security Posture Management (CPSM) | Cloud security posture management (CSPM) automates the identification and remediation of risks across cloud infrastructures, including Infrastructure as a Service (IaaS), Software as a Service (Saas), and Platform as a Service (PaaS). | |
| Cloud-Native Application Protection Platform (CNAPP) | Cloud-Native Application Protection Platform (CNAPP) is a cloud-native security model that encompasses Cloud Security Posture Management (CSPM), Cloud Service Network Security (CSNS), and Cloud Workload Protection Platform (CWPP) in a single holistic platform. | |
| Command and Control | A network of computers infected with malware that allows them to issue directives to other digital devices. C&C servers can create powerful networks of infected devices capable of carrying out distributed denial-of-service (DDoS) attacks, stealing data, deleting data or encrypting data in order to carry out an extortion scheme. | TechTarget |
| community | In SNMP, the relationship between an agent and one or more managers. The community describes which SNMP manager requests the SNMP agent should honor. | IBM |
| Compensating Control | A cybersecurity control employed in lieu of a recommended control that provides equivalent or comparable control. | DOE |
| Compensating Control | See Cybersecurity Controls. | |
| Confidentiality | Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. | NIST |
| Confidentiality | With integrity and availability, confidentiality is considered part of the CIA Triad, which represents the three most crucial components of information security. | |
| Connections | Are all the ports and protocols that enable QRadar ingest logs, interface with data collectors, data sources, edge gateways, threat intelligence sources and Qradar Proxy. Connections be uni-directional or bi-directional depending on the purpose and capabilities of the hardware/software terminating the connection. | |
| Connectivity | The minimum number of nodes or links whose removal results in losing all paths that can be used to transfer information from a source to a sink. | ATIS |
| Container Segmentation | Container segmentation involves isolating containers from each other and the host system to improve security and reduce the attack surface. Containerization is a widely used technology that allows multiple applications or services to run in separate containers on a single host system. Without proper segmentation, though, containers can potentially access each other’s data and configuration files, which can result in security vulnerabilities. | PANW |
| Container Segmentation Best Practices | Container isolation: Each container should be isolated from other containers running on the same host system to prevent unauthorized access. This can be achieved using container technologies like Docker and Kubernetes, which provide built-in isolation mechanisms. | PANW |
| Container Segmentation Best Practices | Network segmentation: Containers can be segmented from each other using network segmentation techniques. This involves creating separate networks for each container and configuring firewall rules to allow or deny traffic between containers. | PANW |
| Container Segmentation Best Practices | Role-based access control: Role-based access control (RBAC) can be used to define access policies for different containers based on user roles and permissions. This can help to ensure that containers are accessed only by authorized users and processes. | PANW |
| Container Segmentation Best Practices | Image signing: Container images can be digitally signed to ensure that only trusted images are deployed in production. This can help to prevent container images from being tampered with or altered, reducing the risk of security vulnerabilities. | PANW |
| Container Segmentation Best Practices | Runtime protection: Runtime protection tools can be used to monitor container activity and detect anomalies that may indicate a security breach. These tools can help to detect and prevent attacks in real-time, improving the security posture of containerized environments. | PANW |
| Container Segmentation Best Practices | Container segmentation helps to ensure the security of containerized applications and services. By isolating containers and applying access control policies, organizations can reduce the attack surface and prevent unauthorized access to sensitive data and resources. Container segmentation should be implemented as part of an overall security strategy that includes network security, access control, and runtime protection. | PANW |
| containerization | Containerization is a software deployment process that bundles an application’s code with all the files and libraries it needs to run on any infrastructure. Traditionally, to run any application on your computer, you had to install the version that matched your machine’s operating system. For example, you needed to install the Windows version of a software package on a Windows machine. However, with containerization, you can create a single software package, or container, that runs on all types of devices and operating systems. | |
| Contingency | The unexpected failure or outage of a system component, such as a generator, transmission line, circuit breaker, switch, or other electrical element. | NRECA / Cooperative Research Network |
| Correlation Rules | A correlation rule helps a SIEM solution in identifying which sequences of events would be an indication of anomalies to detect a security incident. | |
| Credential | Information passed from one entity to another to establish the sender’s access rights or to establish the claimed identity of a security subjective relative to a given security domain. | ATIS |
| Critical Assets | Facilities, systems, and equipment which, if destroyed, degraded, or otherwise rendered unavailable, would affect the reliability or operability of the bulk electric system. | NRECA / Cooperative Research Network |
| Critical Electric Infrastructure Information (CEII) | Information related to or proposed to critical electric infrastructure. | FERC |
| Critical Electric Infrastructure Information (CEII) | Generated by or provided to the Federal Energy Regulatory Commission or other Federal agency other than classified national security information, | |
| Critical Electric Infrastructure Information (CEII) | That is designated as critical electric infrastructure information by the Federal Energy Regulatory Commission or the Secretary of the Department of Energy pursuant to section 215A(d) of the Federal Power Act. | |
| Critical Infrastructure | The assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, public health or safety, or any combination thereof. | DHS |
| Cryptocurrency | A digital currency used as a medium of exchange, similar to other currencies. However, unlike other currencies, cryptocurrency operates independently of a central bank and uses encryption techniques and blockchain technology to secure and verify transactions. | US-CERT |
| Cryptocurrency | Examples include Bitcoin, Litecoin, Monero, Ethereum, and Ripple. | |
| Cyber Asset | Programmable electronic devices, including the hardware, software, and data in those devices. | NRECA / Cooperative Research Network |
| Cyber Attack | An attempt to infiltrate information technology systems, computer networks, or individual computers with a malicious intent to steal information, cause damage, or destroy specific targets within the system. | Idaho National Laboratory |
| Cyber Information Sharing and Collaboration Program (CISCP) | A program of the U.S Department of Homeland Security that enables actionable, relevant, and timely unclassified information exchange through trusted public-private partnerships across all critical infrastructure sectors. | DHS |
| Cyber Kill Chain | A theory developed by Lockheed Martin that identifies the various stages of a cyber attack: Reconnaissance, Weaponization, Delivery, Exploitation, Installation, C&C, and Actions on Objectives. Applying the theory helps cybersecurity professionals recognize and counteract attacks to protect their organization’s assets. | SANS Institute |
| Cyber Mutual Assistance Program | A framework to provide emergency cyber assistance within the electric power and natural gas industries. The program is composed of industry cyber experts who can provide voluntary assistance to other participating entities in advance of, or in the event of, a disruption of electric or natural gas service, systems, and/or IT infrastructure due to a cyber emergency. | Electricity Sector Coordinating Council |
| Cyber Security Incident Response Teams (CSIRTs) | A group of experts that assesses, documents, and responds to a cyber incident so that a network can not only recover quickly, but also avoid future incidents. | DHS |
| Cybersecurity | The ability to protect or defend the use of cyberspace from cyber attacks. | DOE |
| Cybersecurity | Cybersecurity is the protection of internet-connected systems such as hardware, software and data from cyberthreats. The practice is used by individuals and enterprises to protect against unauthorized access to data centers and other computerized systems. | |
| Cybersecurity | The 3 major types of cyber security are network security, cloud security, and physical security. Your operating systems and network architecture make up your network security. It can include network protocols, firewalls, wireless access points, hosts, and servers. | |
| Cybersecurity Capability Maturity Model (C2M2) | A model that helps organizations—regardless of size, type, or industry—evaluate, prioritize, and improve their own cybersecurity capabilities. | DOE |
| Cybersecurity Controls | The management, operational, and technical methods, policies, and procedures—manual or automated—(i.e., safeguards or countermeasures) prescribed to protect the confidentiality, integrity, and availability of a system and its information. | DOE |
| Cybersecurity Incident | An event occurring on or conducted through a computer network that actually or imminently jeopardizes the integrity, confidentiality, or availability of computers, information or communications systems or networks, physical or virtual infrastructure controlled by computers or information systems, or information resident thereon. A cyber incident may include a vulnerability in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source. | Presidential Policy Directive / PPD-41 |
| Cybersecurity Risk Information Sharing Program (CRISP) | A public-private data sharing and analysis platform that facilitates the timely bi-directional sharing of unclassified and classified threat information among energy sector stakeholders. | DOE |
| CybersecurityThreat Intelligence (CTI) | Threat intelligence is data that is collected, processed, and analyzed to understand a threat actor’s motives, targets, and attack behaviors. Threat intelligence enables us to make faster, more informed, data-backed security decisions and change their behavior from reactive to proactive in the fight against threat actors. Threat intelligence is evidence-based knowledge (e.g., context, mechanisms, indicators, implications and action-oriented advice) about existing or emerging menaces or hazards to assets. – Gartner | |
| Cyberspace | A global domain within the information environment consisting of the interdependent network of IT and ICS infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers. | DOE |
D | ||
| Darknets | Private, distributed file sharing networks where connections are made only between trusted peers. Darknets are distinct from other distributed networks as sharing is anonymous (i.e., IP addresses are hidden). | Cyber Risk Insurance Forum |
| dashboard | An interface that integrates data from a variety of sources and provides a unified display of relevant and in-context information. | IBM |
| Dashboards | Dashboards in QRadar are a part of the platform that provides near real-time visibility into the collected and correlated data. It allows security teams to monitor and analyze key data metrics and KPIs, providing the information necessary for data-driven decision-making regarding mitigation and remediation of incidents. | |
| Data Source Analytics | Tracking anonymous analytics helps improve the product and user experience. IBM is committed to protecting your personal information in compliance with applicable data protection laws. | QRadar |
| decrypt | To decipher data. | IBM |
| Defense-in-Depth | Cybersecurity strategy that integrates people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of the organization. | DOE |
| Denial of Service (DoS) | A cyber attack that occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor. A denial-of-service floods the targeted host or network with traffic until the target cannot respond or simply crashes, preventing access for legitimate users. DoS attacks can cost an organization both time and money while their resources and services are inaccessible. | DHS |
| destination | Any point or location, such as a program, node, station, printer, or a particular terminal, to which information is to be sent. | IBM |
| Distributed control system (DCS) | Control achieved by intelligence that is distributed about the process to be controlled, rather than by a centrally located single unit. | NIST |
| domain name server (DNS) | An Internet service that translates domain names into IP addresses. | IBM |
E | ||
| Edge Gateways | Edge gateways are devices that reside on a networks perimeter and translate information from the internet into a private network and viceversa. The devices can be any number of device types such as firewalls, routers, switches, SDWan devices and more. | |
| Electronic Security Perimeter (ESP) | The logical border surrounding a network to which systems are connected. | NERC |
| Encryption | Cryptographic transformation of data (called “plaintext”) into a form (called “ciphertext”) that conceals the data’s original meaning to prevent it from being known or used. If the transformation is reversible, the corresponding reversal process is called “decryption,” which is a transformation that restores encrypted data to its original state. | Idaho National Laboratory |
| End Point Detection and Response (EDR) | is an endpoint security solution that continuously monitors end-user devices to detect and respond to cyber threats like ransomware and malware. EDR incorporates AV and other endpoint security functionality providing more fully-featured protection against a wide range of potential threats. | |
| Endpoint Protection/Security | A security approach that focuses on locking down endpoints—individual computers, phones, tablets, and other network-enabled devices—in order to keep networks safe. | CSO Online |
| Energy Assurance | An array of activities that support a robust, secure, reliable, and resilient energy infrastructure. These include energy emergency planning, preparedness, mitigation, and response | NASEO |
| event | An occurrence of significance to a task or system. Events can include completion or failure of an operation, a user action, or the change in state of a process. See also alert. | IBM |
| Exploit | A piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic. | Idaho National Laboratory |
| Extended Detection and Response (XDR) | Is a consolidation of tools and data that provides extended visibility, analysis, and response across endpoints, workloads, users, and networks. XDR unifies endpoint and workload security capabilities with critical visibility into the network and cloud—reducing blind spots, detecting threats faster, and automating remediation via authoritative context across these domains. | |
F | ||
| Federated Search | with Qradar’s Federated Search feature contained within the Log | |
| filter | A device or program that separates data, signals, or material in accordance with specified criteria. | IBM |
| Firewall | A network security device that monitors incoming and outgoing network traffic and helps screen out hackers, viruses, and worms that try to reach a computer over the Internet. A firewall can be hardware, software, or both. | Cisco |
| firewall | A network configuration, typically both hardware and software, that prevents unauthorized traffic into and out of a secure network. | IBM |
| firewall rule | A chain of statements matching specific criteria that define the types of traffic to block on a network. | IBM |
| Firmware | A software program or set of instructions programmed on a hardware device. It provides the necessary instructions for how the device communicates with the other computer hardware. | TechTerms |
| firmware | Proprietary code that is usually delivered as microcode as part of an operating system. | IBM |
| fix pack | A cumulative collection of fixes that is released between scheduled refresh packs, manufacturing refreshes, or releases. A fix pack updates the system to a specific maintenance level. | IBM |
| Fusion Centers | Primary focal points within the state and local environment for the receipt, analysis, gathering, and sharing of threat-related information among Federal, State, Local, Tribal, and Territorial (SLTT) partners. They provide interdisciplinary expertise and situational awareness to inform decision-making at all levels of government. | DHS |
| Fusion Centers | Fusion centers are owned and operated by State and Local entities with support from federal partners. | |
G | ||
| Gateway | An intermediate system (interface, relay) that attaches to two (or more) computer networks that have similar functions but dissimilar implementations and that enables either one-way or two-way communication between the networks. | CNSS |
| gateway | A device or program used to connect networks or systems with different network architectures. | IBM |
| Granular security | Granular security means network administrators can strengthen and pinpoint security by creating specific policies for critical applications. The goal is to prevent lateral movement of threats with policies that precisely control traffic in and out of specific workloads, such as weekly payroll runs or updates to human resource databases. | |
H | ||
| Homeland Security Information Network (HSIN) | A trusted network for homeland security mission operations to share sensitive but unclassified information. Federal, state, local, territorial, tribal, international and private sector homeland security partners use HSIN to manage operations, analyze data, send alerts and notices, and share the information they need to do their jobs and help keep their communities safe. | DHS |
| Honeypot | A trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers. | Cyber Risk Insurance Forum |
| Human-Machine Interface (HMI) | The hardware or software through which an operator interacts with a controller. An HMI can range from a physical control panel with buttons and indicator lights to an industrial PC with a color graphics display running dedicated HMI software. | NIST |
I | ||
| IBM Cloud Pak for Security | IBM Cloud Pak® for Security is an open security platform that connects to your existing data sources to generate deeper insights and enable you to act faster with automation. | |
| ICMP | See Internet Control Message Protocol. | IBM |
| Identity-Based Access Control | Access control based on the identity of the user (typically relayed as a characteristic of the process acting on behalf of that user), where access authorizations to specific objects are assigned based on user identity. | NRECA / Cooperative Research Network |
| Impact | Damage to an organization’s mission and goals due to the loss of confidentiality, integrity, or availability of system information or operations. | NRECA / Cooperative Research Network |
| Indicators of Compromise (IOC) | Forensic artifacts of an intrusion. | SANS Institute |
| Industrial Control Cyber Emergency Response Team (ICS-CERT) | Operates within the Department of Homeland Security’s (DHS) National Cybersecurity and Communications Integration Center (NCCIC) to reduce risks to industrial control systems used within and across all critical infrastructure sectors. ISC-CERT collaborates law enforcement agencies and the intelligence community and coordinates efforts among Federal, State, local, and tribal governments and control systems owners, operators, and vendors. Additionally, ICS-CERT collaborates with international and private sector Computer Emergency Response Teams (CERTs) to share control systems-related security incidents and mitigation measures. | DHS |
| Industrial Control System (ICS) | A general term that includes several types of control systems, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), Programmable Logic Controllers (PLC) and others often found in industrial and critical infrastructure sectors. An ICS consists of combinations of control components that act together to achieve an industrial objective. | Idaho National Laboratory |
| Information Security | The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction to provide confidentiality, integrity, and availability. | NRECA / Cooperative Research Network |
| Information Sharing and Analysis Center (ISAC) | Sector-specific, member-driven organizations formed by critical infrastructure owners and operators to share information between government and industry. | DHS |
| Information System (IS) | A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. (Note: information systems also include specialized systems such as industrial/process controls systems, telephone switching and private branch exchange (PBX) systems, and environmental control systems.) | NRECA / Cooperative Research Network |
| Information Technology (IT) | The technology involving the development, maintenance, and use of computer systems, software, and networks for the processing and distribution of data. | Merriam Webster Dictionary |
| InfraGard | A partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure. | Infragard |
| Integrity | Guarding against improper information modification or destruction; includes ensuring the non-repudiation and authenticity of information. | NRECA / Cooperative Research Network |
| Integrity | With confidentiality and availability, integrity is considered part of the CIA Triad, which represents the three most crucial components of information security. | |
| Intelligent electronic device (IED) | Any device incorporating one or more processors with the capability to receive or send data/control from or to an external source (e.g., electronic multifunction meters, digital relays, controllers). | NIST |
| interface | A shared boundary between independent systems. An interface can be a hardware component used to link two devices, a convention that supports communication between software systems, or a method for a user to communicate with the operating system, such as a keyboard. | IBM |
| International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) Standards | Standards that represent global consensus on a solution to a particular issue. They provide requirements, specifications, guidelines or characteristics to ensure that materials, products, processes and services are safe to use and fit for their purpose. Whenever possible, requirements are expressed in terms of performance rather than design or descriptive characteristics. | ISO |
| Internet Control Message Protocol (ICMP) | An Internet protocol that is used by a gateway to communicate with a source host, for example, to report an error in a datagram. | IBM |
| Internet Protocol (IP) | Standard method for transmission of data from source to destinations in packet-switched communications networks and interconnected systems of such networks. | NIST |
| Interoperability | The ability of systems, units, or forces to provide services to and accept services from other systems, units, or forces, and to use the services so exchanged to enable them to operate effectively together. | Rand Corporation |
| intrusion prevention | A set of policies and rules for detecting suspicious behavior in network traffic and for alerting system or network administrators. | IBM |
| intrusion prevention system (IPS) | A system that attempts to deny potentially malicious activity. The denial mechanisms could involve filtering, tracking, or setting rate limits. | IBM |
| IP Address Management (IPAM) | IPAM (IP Address Management) is the administration of DNS and DHCP, which are the network services that assign and resolve IP addresses to machines in a TCP/IP network. Simply put, IPAM is a means of planning, tracking, and managing the Internet Protocol address space used in a network. | |
| IPS | See intrusion prevention system. | IBM |
J | ||
| Joint Information Center (JIC) | A central location to facilitate operation of the Joint Information System (JIS) during and after an incident. The JIC enhances information coordination, reduces misinformation, and maximizes resources by co-locating Public Information Officers (PIOs) as much as possible. | FEMA |
| Joint Information System (JIS) | An incident response structure that can be leveraged for developing and delivering coordinated interagency messages, executing public information plans and strategies, advising an Incident Commander concerning public affairs issues, and controlling rumors and inaccurate information. | FEMA |
K | ||
| Key Logger | A program designed to record the sequence of keys pressed on a computer keyboard. Such programs can be used to obtain passwords or encryption keys and thus bypass other security measures. | NIST |
| Kubernetes | Kubernetes is a portable, extensible, open source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available. | |
L | ||
| Least Privilege | The principle that users and programs should only have the necessary privileges to complete their tasks. | NIST |
| local management interface | A graphical user interface that is used to manage a single, local appliance. | IBM |
M | ||
| Malware | Software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system. Examples include viruses, worms, and Trojan horses, spyware and some forms of adware. | NIST |
| Man-In-The-Middle (MitM) | A type of cyber attack where an interloper inserts him- or herself between two communicating devices, without either side knowing. | US-CERT |
| Managed Detection and Response (MDR) | MDR is a comprehensive solution that offers 24/7 monitoring and response services from experienced security analysts. | |
| Management Controls | The security controls for IT and ICS that focus on the management of risk and security. | DOE |
| Microsegmentation | Microsegmentation refers to an approach to security that involves dividing a network into segments and applying security controls to each segment based on the segment’s requirements. Microsegmentation software with network virtualization technology is used to create zones in cloud deployments. These granular secure zones isolate workloads, securing them individually with custom, workload-specific policies. Similarly, each virtual machine (VM) in a network can be protected, down to the application level, with exact security controls. The granular security controls microsegmentation brings to workloads or applications is invaluable for the modern cloud environment with several applications running on the same server or virtual machine. Organizations can apply security controls to individual workloads and applications, rather than having a one security policy for the server. | |
| Microsegmentation | Microsegmentation offers protection for dynamic environments. For instance, cloud-native architectures like containers and Kubernetes can spin up and down in a matter of seconds. The IP addresses assigned to cloud workloads are ephemeral, rendering IP-based rule management impossible. With microsegmentation, security policies are expressed in terms of identities or attributes (env=prod, app=hrm, etc.) rather than network constructs (e.g., 10.100.0.10 tcp/80). Changes to the application or infrastructure trigger automatic revisions to security policies in real time, requiring no human intervention. | |
| Microsegmentation: Benefits | Organizations that adopt microsegmentation realize tangible benefits. More specifically: | |
| Microsegmentation: Benefits | Reduced attack surface: Microsegmentation provides visibility into the complete network environment without slowing development or innovation. Application developers can integrate security policy definition early in the development cycle and ensure that neither application deployments nor updates create new attack vectors. This is particularly important in the fast-moving world of DevOps. | |
| Microsegmentation: Benefits | Improved breach containment: Microsegmentation gives security teams the ability to monitor network traffic against predefined policies as well as shorten the time to respond to and remediate data breaches. | |
| Microsegmentation: Benefits | Stronger regulatory compliance: Using microsegmentation, regulatory officers can create policies that isolate systems subject to regulations from the rest of the infrastructure. Granular control of communications with regulated systems reduces the risk of noncompliant usage. | |
| Microsegmentation: Benefits | Simplified policy management: Moving to a microsegmented network or Zero Trust security model provides an opportunity to simplify policy management. Some microsegmentation solutions offer automated application discovery and policy suggestions based on learned application behavior. | |
| Microservices | In software engineering, a microservice architecture is a variant of the service-oriented architecture structural style. It is an architectural pattern that arranges an application as a collection of loosely coupled, fine-grained services, communicating through lightweight protocols. | |
| MITRE ATT&CK | MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community. With the creation of ATT&CK, MITRE is fulfilling its mission to solve problems for a safer world — by bringing communities together to develop more effective cybersecurity. ATT&CK is open and available to any person or organization for use at no charge. | MITRE ATT&CK |
| multicast | Transmission of the same data to a selected group of destinations. | IBM |
N | ||
| National Cybersecurity and Communications Integration Center (NCCIC) | The cyber defense, incident response, and operational integration center of the U.S. Department of Homeland Security. The NCCIC’s mission is to reduce the risk of systemic cybersecurity and communications challenges by serving as a national hub for cyber and communications information, technical expertise, and operational integration, and by operating a 24/7 situational awareness, analysis, and incident response center. | DHS |
| National Institutes of Standards and Technology (NIST) | A federal agency within the U.S. Department of Commerce. NIST’s mission is to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life. NIST is also responsible for establishing computer- and information technology-related standards and guidelines for federal agencies to use. | NIST |
| Need to Know | Decision made by an authorized holder of official information that a prospective recipient requires access to specific official information to carry out official duties. | NIST |
| NERC Critical Infrastructure Protection (NERC CIP) | A set of requirements designed to secure cyber assets required for operating North America’s bulk electric system. | TechTarget |
| Network (computer network) | A network of data processing nodes interconnected for the purpose of data communication. | ATIS |
| Network Detection and Response (NDR) | Network Detection and response (NDR) is a security tool that monitors an enterprise’s network traffic to gain visibility into potential cyberthreats. NDR relies on advanced capabilities, such as behavioral analytics, machine learning, and artificial intelligence to uncover threats and suspect activities. | |
| network mask (netmask) | A number that is the same as an Internet Protocol (IP) address. A network mask identifies which part of an address is to be used for an operation, such as making a TCP/IP connection. | IBM |
| Network Microsegmentation | For most organizations, east-west communications make up the majority of data center and cloud traffic patterns, and perimeter-focused defenses do not have visibility into east-west traffic. Given these factors, malicious actors use this as an opportunity to move laterally across workloads. The network creates reliable pathways between workloads and determines whether or not two endpoints can access each other. Microsegmentation creates isolation and determines if two endpoints should access each other. Enforcing segmentation with least-privileged access reduces the scope of lateral movement and contains data breaches. | |
| network object | A group of predefined settings that can be shared among multiple network access policy rules to control traffic flow, communication, and access between hosts, segments, or subnets on a network. | IBM |
| NIST Cybersecurity Framework (NIST CSF) | A voluntary framework consisting of standards, guidelines, and best practices to manage cybersecurity risk. | NIST |
| North American Electric Reliability Corporation | A not-for-profit international regulatory authority whose mission is to assure the effective and efficient reduction of risks to the reliability and security of the bulk electric grid in North America. | NERC |
O | ||
| Operational Controls | The security controls for IT and ICS, implemented and executed primarily by people (as opposed to systems). | DOE |
| Operational Technology (OT) | Programmable systems or devices that interact with the physical environment (or manage devices that interact with the physical environment). Examples include industrial control systems, building management systems, fire control systems, and physical access control mechanisms. | DOE |
| Organization Profile | IBM Cloud Pak for Security helps you uncover hidden threats, make more informed risk-based decisions and prioritize your team’s time. By selecting your profile preferences such as industry and location, Cloud Pak for Security tailors your experience according to your selection. Organization Profile defines the Industries the that the instance is serving and the geographic location of the deployment. | |
P | ||
| Packet | The sequence of binary digits transmitted and switched as a composite whole. | ATIS |
| packet | A unit of data transmitted over a network. Large chunks of information are broken up into packets before they are sent across the Internet. | IBM |
| PAM | See Protocol Analysis Module. | IBM |
| parameter (parm) | A value or reference passed to a function, command, or program that serves as input or controls actions. The value is supplied by a user or by another program or process. | IBM |
| parm | See parameter. | IBM |
| passive authentication | A configuration option that automatically logs users into a system when they log on to a network using a directory service, such as Active Directory. | IBM |
| passphrase | A sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security. | IBM |
| password | In computer and network security, a specific string of characters used by a program, computer operator, or user to access the system and the information stored within it. | IBM |
| Perimeter Security | Perimeter security makes up a significant part of most organizations’ network security controls. Network security devices, such as network firewalls, inspect “north-south” (client to server) traffic that crosses the security perimeter and stop bad traffic. Assets within the perimeter are implicitly trusted, which means that “east-west” (workload to workload) traffic may go without inspection. | |
| Personal Health Information (PHI) | PHI stands for Protected Health Information. The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes. | HHS |
| Personally Identifiable Information (PII) | Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. Further, PII is defined as information: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) or (ii) by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., indirect identification. (These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors). Additionally, information permitting the physical or online contacting of a specific individual is the same as personally identifiable information. This information can be maintained in either paper, electronic or other media. | DOL |
| Phishing | An attempt to trick people into divulging sensitive information such as usernames, passwords, or credit card numbers. Phishing is carried out by email, over the phone, or using a website. The motives are generally to steal money or a user’s identity. | Symantec |
| Physical Security Perimeter (PSP) | The physical border surrounding locations in which BES cyber assets, BES cyber systems, or electronic access control or monitoring systems reside, and for which access is controlled. | NERC |
| ping | The command that sends an Internet Control Message Protocol (ICMP) echo-request packet to a gateway, router, or host with the expectation of receiving a reply. | IBM |
| policy | A set of considerations that influence the behavior of a managed resource or a user. | IBM |
| portal | A single, secure point of access to diverse information, applications, and people that can be customized and personalized. | IBM |
| Potential Impact | The loss of confidentiality, integrity or availability that might have: 1) a limited adverse effect; 2) a serious adverse effect; or 3) a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. | NRECA / Cooperative Research Network |
| Privileged User | A user that is authorized (and therefore trusted) to perform security-relevant functions that ordinary users are not authorized to perform. | NRECA / Cooperative Research Network |
| Programmable Logic Controller (PLC) | A solid-state control system that has a user-programmable memory for storing instructions for the purpose of implementing specific functions such as input/output control, logic, timing, counting, communication, and data and file processing. | Idaho National Laboratory |
| Protected Critical Infrastructure Information Program (PCII) | A DHS-specific information protection program that enhances voluntary information sharing between infrastructure owners and operators and the government. PCII protections mean that homeland security partners can be confident that sharing their information with the government will not expose sensitive or proprietary data. | DHS |
| protection interface | An access point on a network appliance that is used to monitor, inspect, and block network traffic as it passes through the appliance. | IBM |
| protocol | A set of rules controlling the communication and transfer of data between two or more devices or systems in a communication network. | IBM |
| Protocol Analysis Module (PAM) | A deep-pack inspection engine that stores handling specifications for a comprehensive list of vulnerability checks. PAM interprets the vulnerability checks, processes the results as security events, and then sends the security events to the appliance in X-Press Updates. | IBM |
| proxy server | A server that receives requests intended for another server and that acts on behalf of the client (as the client’s proxy) to obtain the requested service. A proxy server is often used when the client and the server are incompatible for direct connection. For example, the client is unable to meet the security authentication requirements of the server but should be permitted some services. | IBM |
Q | ||
| QRadar on Cloud (QRoC) | In an environment where security requirements are dynamic, IBM® QRadar® on Cloud provides both the security monitoring that you need, and the flexibility to modify your monitoring activities as your requirements change. With QRadar on Cloud, you can protect your network and meet compliance monitoring and reporting requirements, with reduced total cost of ownership. Other than a data gateway appliance, which is used to connect to QRadar, you do not need to install any extra hardware on your premises. You get the benefit of all of the QRadar capabilities without investing in the hardware and software of an on-premises QRadar deployment. IBM security professionals manage the infrastructure, while your security analysts perform the threat detection and management tasks. | |
R | ||
| Ransomware | A malicious form of software that locks a computer or files and requires money be paid to get the decryption code to unlock the device or the file. | Microsoft |
| Red Team/Blue Team | A group of people authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s security posture (i.e., the Red Team). The objective is to improve enterprise Information Assurance by demonstrating the impacts of successful attacks and by demonstrating what works for the defenders (i.e., the Blue Team) in an operational environment | NIST |
| Remote Access | Access to an organizational system by a user (or a process acting on behalf of a user) communicating through an external network (e.g., the Internet) | NIST |
| Remote Access Trojan (RAT) | A malicious program that runs invisibly on host computers and permits an intruder to gain access and control from afar. Many RATs mimic legitimate functionality but are designed specifically for stealth installation and operation. | Microsoft |
| Resilience | The ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents. | Presidential Policy Directive / PPD-21 |
| response | The reaction of an appliance to an event. Responses include sending an email message to a responsible party, triggering an SNMP trap, creating a log of the activity, quarantining the activity, or using a custom (user-specified) action, such as running an application or running a command. | IBM |
| Risk | The potential for an unwanted outcome resulting from an incident, event, or occurrence, as determined by its likelihood and the associated consequences. | US-CERT |
| Risk Management | The process of controlling risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system, and includes: (i) the conduct of a risk assessment; (ii) the implementation of a risk mitigation strategy; and (iii) employment of techniques and procedures for the continuous monitoring of the security and privacy state of the information system. | NIST |
| Risk severity | A combination of the likelihood of a damaging event actually occurring and the assessed potential impact on the organization’s mission and goals if it does occur. | NRECA / Cooperative Research Network |
| Role-based access control | Access permission based on users’ roles and typically reflect the need to perform defined functions within an organization. A given role may apply to a single individual or to several individuals. | NRECA / Cooperative Research Network |
| root | The user name for the system user with the most authority. | IBM |
| rule | A set of conditional statements that enable computer systems to identify relationships and run automated responses accordingly. | IBM |
S | ||
| Sandbox | A system that allows an untrusted software application to run in a highly controlled environment where the application’s permissions are restricted. In particular, an application in a sandbox is usually restricted from accessing the file system or the network. | NIST |
| Secure Sockets Layer (SSL) | A security protocol that provides communication privacy. With SSL, client/server applications can communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery. | IBM |
| Secure Web Gateway (SWG) | A secure web gateway protects an organization from online security threats and infections by enforcing company policy and filtering Internet-bound traffic. A secure web gateway is an on-premise or cloud-delivered network security service. Sitting between users and the Internet, secure web gateways provide advanced network protection by inspecting web requests against company policy to ensure malicious applications and websites are blocked and inaccessible. A secure web gateway includes essential security technologies such as URL filtering, application control, data loss prevention, antivirus, and https inspection to provide organizations with strong web security. | |
| security | The protection of data, system operations, and devices from accidental or intentional ruin, damage, or exposure. | IBM |
| Security Automation | Security automation is the use of technology that performs tasks with reduced human assistance in order to integrate security processes, applications, and infrastructure. | |
| security event | Any network occurrence or activity that may have an impact on the security of the network. | IBM |
| Security Orchestration, Automation and Response (SOAR) | Security orchestration, automation and response, or SOAR, is a stack of compatible software programs that enables an organization to collect data about security threats and respond to security events with little or no human assistance. | |
| Sensitive Information | Information of which the loss, misuse, unauthorized access or modification could adversely affect the organization, its employees or its customers. | NRECA / Cooperative Research Network |
| SIEM vs. SOAR vs. XDR | Security teams today can choose among security information and event management (SIEM), security orchestration and response (SOAR), and extended detection and response (XDR) products. Gartner’s definitions of SIEM, SOAR and XDR are fairly similar. SIEM “supports threat detection, compliance and security incident management through the collection and analysis of security events, as well as a wide variety of other event and contextual data sources.” SOAR enables “organizations to collect inputs monitored by the security operations team.” XDR is “a unified security incident detection and response platform that automatically collects and correlates data from multiple proprietary security components.” | TechTarget |
| signature | A code in a policy that determines what an agent can detect. | IBM |
| Significant Cyber Incident | A cyber incident that is (or group of related cyber incidents that together are) likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people. | Presidential Policy Directive / PPD-41 |
| Simple Network Management Protocol (SNMP) | A set of protocols for monitoring systems and devices in complex networks. Information about managed devices is defined and stored in a Management Information Base (MIB). See also SNMP manager, SNMP trap. | IBM |
| snapshot | An image that is an exact copy of the original files or directories from which it was created. | IBM |
| SNMP | An image that is an exact copy of the original files or directories from which it was created. | IBM |
| SNMP manager | A host that collects information from SNMP agents through the SNMP. See also Simple Network Management Protocol. | IBM |
| SNMP trap | An SNMP message sent from the SNMP agent to the SNMP manager. The message is initiated by the SNMP agent and is not a response to a message sent from the SNMP manager. See also Simple Network Management Protocol. | IBM |
| Social Engineering | Psychological manipulation of people into divulging sensitive information or performing certain actions. | Symantec |
| Software Defined Wide Area Network (SDWAN) | Software-Defined Networking (SDN) is an approach to networking that uses software-based controllers or application programming interfaces (APIs) to communicate with underlying hardware infrastructure and direct traffic on a network. This model differs from that of traditional networks, which use dedicated hardware devices (i.e., routers and switches) to control network traffic. SDN can create and control a virtual network – or control a traditional hardware – via software. While network virtualization allows organizations to segment different virtual networks within a single physical network, or to connect devices on different physical networks to create a single virtual network, software-defined networking enables a new way of controlling the routing of data packets through a centralized server. | |
| SSL | See Secure Sockets Layer. | IBM |
| subnet mask | See network mask. | IBM |
| Sunshine Laws | Open government laws that foster an informed citizenry by providing the public access to government documents and meetings. | NCSL |
| Supervisory Control and Data Acquisition (SCADA) | A generic name for a computerized system that is capable of gathering and processing data and applying operational controls over long distances. Typical uses include power transmission and distribution and pipeline systems. SCADA was designed for the unique communication challenges (e.g., delays, data integrity) posed by the various media that must be used, such as phone lines, microwave, and satellite. Usually shared rather than dedicated. | NIST |
| Supply Chain | Linked set of resources and processes between multiple tiers of developers that begins with the sourcing of products and services and extends through the design, development, manufacturing, processing, handling, and delivery of products and services to the acquirer. | NIST |
| syslog | A standard for transmitting and storing log messages from many sources to a centralized location to enhance system management. | IBM |
T | ||
| Technical Controls | Security controls for IT and ICS implemented and executed primarily through mechanisms contained in hardware, software, or firmware. | DOE |
| Threat | Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), resources, and other organizations through an IT and ICS via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. | DOE |
| threat | A security issue, or a harmful act, such as the deployment of a virus or illegal network penetration. | IBM |
| Threat Actor/Agent | An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities. | US-CERT |
| Threat Intelligence Insights | ||
| Threat Intelligence Sources | ||
| Threat Investigator | Threat Investigator automatically analyzes and investigates cases to help you make more informed decisions. | |
| traceroute | A utility that traces a packet from a computer to a remote destination, showing how many hops the packet required to reach the destination and how long each hop took. | IBM |
| traffic | In data communication, the quantity of data transmitted past a particular point in a path. | IBM |
| Traffic Light Protocol (TLP) | A set of designations used to ensure that sensitive information is shared appropriately. It employs four colors to indicate expected sharing boundaries by the recipient(s). | US-CERT |
| Traffic Light Protocol (TLP) | RED: information cannot be effectively acted upon by additional parties, and could lead to impacts on a party’s privacy, reputation, or operations if misused. | |
| Traffic Light Protocol (TLP) | AMBER: information requires support to be effectively acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved. | |
| Traffic Light Protocol (TLP) | GREEN: information is useful for the awareness of all participating organizations as well as with peers within the broader community or sector. | |
| Traffic Light Protocol (TLP) | WHITE: information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. | |
| Transmission Control Protocol (TCP) | A communication protocol used in the Internet and in any network that follows the Internet Engineering Task Force (IETF) standards for internetwork protocol. TCP provides a reliable host-to-host protocol in packet-switched communication networks and in interconnected systems of such networks. | IBM |
| transport protocol | A specification of the rules that govern the exchange of information between components of a transport network; for example, the User Datagram Protocol (UDP). | IBM |
| trap | In the Simple Network Management Protocol (SNMP), a message sent by a managed node (agent function) to a management station to report an exception condition. | IBM |
U | ||
| UDP | See User Datagram Protocol. | IBM |
| United States Computer Emergency Readiness Team (US-CERT) | A partnership between the U.S. Department of Homeland Security and the public and private sectors, established to protect the nation’s internet infrastructure. US-CERT coordinates defenses against and responses to cyber attacks across the nation. | NIST |
| User Datagram Protocol (UDP) | An Internet protocol that provides unreliable, connectionless datagram service. It enables an application program on one machine or process to send a datagram to an application program on another machine or process. | IBM |
| User Segmentation in Cloud Security | User segmentation in cloud security involves dividing user access based on different roles and responsibilities within an organization to ensure that users have access to only the resources they need to perform their job functions. User segmentation reduces the attack surface by limiting the exposure of sensitive data and resources to only authorized users. Because cloud environments are dynamic and change rapidly, user segmentation is a critical component of a comprehensive cloud security strategy. Here are some key considerations for user segmentation in cloud security: | PANW |
| User Segmentation in Cloud Security | Role-based access control (RBAC): RBAC involves creating and defining permissions for roles, and then assigning users to the appropriate roles according to job functions. This approach ensures that users have access only to the resources they need to perform their job functions, reducing the risk of accidental or intentional data breaches. | |
| User Segmentation in Cloud Security | Multi-factor authentication (MFA): MFA requires users to provide more than one form of authentication to access a resource. This can include a password, a security token, or biometric data. MFA is an effective way to prevent unauthorized access to cloud resources, particularly when combined with RBAC. | |
| User Segmentation in Cloud Security | Continuous monitoring: Continuous monitoring of user activity is critical for detecting and responding to security incidents in real-time. This involves analyzing log data and user behavior to identify threats and vulnerabilities. | |
| User Segmentation in Cloud Security | Separation of duties: Separation of duties involves dividing responsibilities among multiple users to prevent any one user from having too much control over a system or process. This reduces the risk of fraud or errors and ensures that sensitive operations are performed by multiple users. | |
| User Segmentation in Cloud Security | Regular access reviews: Regular access reviews involve routinely reviewing user access rights and permissions to ensure they’re still essential. Access reviews can help to identify and remove unnecessary access rights, reducing the risk of unauthorized access. | |
| User Segmentation in Cloud Security | By implementing RBAC, MFA, continuous monitoring, separation of duties, and regular access reviews, organizations can enhance their cloud security posture and protect against evolving threats. reduce the attack surface and prevent unauthorized access to sensitive data and resources. | |
V | ||
| Virual Private Network (VPN) | A VPN provides a secure, encrypted connection between two points. Before setting up the VPN connection, the two endpoints of the connection create a shared encryption key. This can be accomplished by providing a user with a password or using a key sharing algorithm. | |
| Virus | A computer program that can copy itself and infect a computer without permission or knowledge of the user. A virus might corrupt or delete data on a computer, use e-mail programs to spread itself to other computers, or even erase everything on a hard disk. | CNSS |
| Vulnerability | A specific weakness in an information system, system security procedures, internal controls, or implementation that a threat source could exploit. | NIST |
W | ||
| Watering Hole Attack | A security exploit where the attacker infects websites frequently visited by members of a targeted group being attacked, with a goal of infecting a computer used by one or more of the targeted group members when they visit the infected website. | NIST |
| Web Applications Firewall (WAF) | A web application firewall (WAF) protects the application layer and is specifically designed to analyze each HTTP/S request at the application layer. It is typically user, session, and application aware, cognizant of the web apps behind it and what services they offer. Because of this, you can think of a WAF as the intermediary between the user and the app itself, analyzing all communications before they reach the app or the user. Traditional WAFs ensure only allowed actions (based on security policy) can be performed. For many organizations, WAFs are a trusted, first line of defense for applications, especially to protect against the OWASP Top 10—the foundational list of the most seen application vulnerabilities. This Top 10 currently includes: Injection attacks Broken Authentication Sensitive data exposure XML External Entities (XXE) Broken Access control Security misconfigurations Cross Site Scripting (XSS) Insecure Deserialization | |
| web filter inspection object | A filter that is used to control the types of web pages that users can access on a network. | IBM |
| Webapp | A web application (web app) is an application program that is stored on a remote server and delivered over the internet through a browser interface. Web services are web apps by definition and many, although not all, websites contain web apps. | |
| Whitelist | A list of entities considered trustworthy and granted access or privileges. | US-CERT |
| Workload | A workload can be broadly defined as the resources and processes needed to run an application. Hosts, virtual machines and containers are a few examples of workloads. Companies can run workloads across data centers, hybrid cloud and multicloud environments. Most organizations’ applications are becoming increasingly distributed across different cloud-native compute architectures, based on business needs. | |
| Worm | A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself. | CNSS |
X | ||
| X-Press Update (XPU) | A software update that is issued between major releases to protect a network against the latest security vulnerabilities and threats. | IBM |
| XPU | See X-Press Update. | IBM |
Y | ||
Z | ||
| zero configuration networking | A set of techniques or technologies used by an application to automatically discover devices on a network and configure network settings. | IBM |
| Zero Trust | A security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access. | CSO Online |
| Zero-Day Attack/Exploit | An attack that exploits a previously unknown hardware, firmware, or software vulnerability. | NIST |
