This is a dictionary of terms I put together for IBM while serving as a Technical Product Marketing Manager. These are all industry-standard terminology there are no company secrets or anything that should be considered proprietary in any way. Feel free to use them any way you need. I also put links to the reference pages on everything I could.

A

access The ability to read, update, or otherwise use a resource. Access to protected resources is usually controlled by system software. IBM
Access Control The process of granting or denying specific requests: 1) for obtaining and using information and related information processing services; and 2) to enter specific physical facilities (e.g., federal buildings, military establishments, and border crossing entrances). NIST
Access Control List (ACL) A list of permissions associated with an object (e.g., computer hardware or software or a gate that provides ingress and egress to a physical facility). The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object. CNSS
Account Management Manages the current account and any associated accounts. Displays account informtion such as Name, Description of the Account, Type, Acct. ID, Identity Providers and whether or not Data Source Analytics are enabled. The page also allows you to edit account settings, manage users and see details on creation and modification of the information.
administrator A person responsible for administrative tasks such as access authorization and content management. Administrators can also grant levels of authority to users. IBM
Advanced Persistent Threat (APT) An adversary that possesses sophisticated levels of expertise and significant resources used to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (1) pursues its objectives repeatedly over an extended period of time; (2) adapts to defenders’ efforts to resist it; and (3) is determined to maintain the level of interaction needed to execute its objectives. NIST
After-Action Report (AAR) Summary of key post-exercise evaluation information, including the exercise overview and analysis of objectives and core capabilities. It is developed in conjunction with an improvement plan, which identifies specific corrective actions, assigns them to responsible parties, and establishes target dates for their completion. The lead evaluator and exercise planning team draft the AAR. FEMA
agent Any hardware component that is managed by the relative management system. Hardware components include appliances, scanners, network sensors, server sensors, and desktop sensors. IBM
alert A message or other indication that signals an event or an impending event that meets a set of specified criteria. See also rule. IBM
All-Hazards A threat or an incident, natural or manmade, that warrants action to protect life, property, the environment, and public health or safety, and to minimize disruptions of government, social, or economic activities. It includes natural disasters, cyber incidents, industrial accidents, pandemics, acts of terrorism, sabotage, and destructive criminal activity targeting critical infrastructure. Presidential Policy Directive / PPD-21
Antimalware (AM) Antimalware is a type of software program created to protect information technology (IT) systems and individual computers from malicious software, or malware. Antimalware programs scan a computer system to prevent, detect and remove malware. The key to antimalware are the known malware definitrions  which the antimalware software uses to detect known malicious software.
AntiVirus (AV) An antivirus product is a program designed to detect and remove viruses and other kinds of malicious software from your computer or laptop. Malicious software – known as malware – is code that can harm your computers and laptops, and the data on them. The key feature to antivirus are the known virus definitions which the software uses to identify known viruses and malware.
API Keys You can use API keys to authenticate programmatic requests to IBM Cloud Pak for Security services. To keep your key secure, delete it and create a new API key every 90 days. Learn how to authenticate requests using your API keys. The API key is a two part string, consisting of a unique identifier and a secret token, which is used for authentication to the API endpoint. The Unique Identifier is comparable to a user ID and has a set of access rights specific to an identity associated with it. The secret token, comparable to a password, is a code that is used together with the Unique Identifier to verify the identity of the calling process to the API.
appliance A hardware device with integrated software that is dedicated to a specific task or set of business requirements. IBM
attack Any attempt by an unauthorized person to compromise the operation of a software program or networked system. IBM
Attestation The validation of all aspects of a computer or system that relate to its safe, secure, and correct operation. NRECA / Cooperative Research Network
Authentication Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources. NIST
Authorization Verifying a user’s permissions (after a user has been authenticated) for accessing certain resources or functionality. NRECA / Cooperative Research Network
Availability Ensuring timely and reliable access to and use of information. Resiliency objectives extend the concept to refer to point-in-time availability (i.e., the system, component, or device is usable when needed) and the continuity of availability (i.e., the system, component, or device remains usable for the duration of the time it is needed). NIST
Availability With confidentiality and integrity, availability is considered part of the CIA Triad, which represents the three most crucial components of information security.

B

Bandwidth The amount of information that can be passed through a communication channel in a given amount of time, usually expressed in bits per second. ATIS
Bitcoin An electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party. Bitcoin.org
Black Sky Hazard/Event A catastrophic event that severely disrupts the normal functioning of critical infrastructures in multiple regions for long durations. EIS Council
Black Start The restoration of a power station without reliance on the external power transmission system. Black start capabilities are often provided by small co-located diesel generators used to start larger generators, which in turn start the main power station generators. Idaho National Laboratory
Blacklist A list of entities that are blocked or denied privileges or access. US-CERT
Blockchain Tamper-resistant digital ledgers implemented in a distributed fashion (i.e., without a central repository) and usually without a central authority (i.e., a bank, company, or government). At their basic level, they enable a community of users to record transactions in a shared ledger within that community, such that under normal operation, no transaction can be changed once published. NIST
Botnet A collection of computers compromised by malicious code and controlled across a network. (See Command and Control.) US-CERT
Botnet The word botnet is a combination of the words robot and network.
Boundary Protection Monitoring and control of digital communications at the external perimeter of an information system to prevent and detect malicious and other unauthorized communications, using devices such as proxies, gateways, routers, firewalls, guards, and encrypted tunnels. Also referred to as perimeter protection. NRECA / Cooperative Research Network
Bulk Electric System (BES) Cyber Asset A Cyber Asset that, if rendered unavailable, degraded, or misused, would, within 15 minutes of its required operation, misoperation, or non-operation, adversely impact one or more facilities, systems, or equipment, which, if destroyed, degraded, or otherwise rendered unavailable when needed, would affect the reliable operation of the Bulk Electric System. Redundancy of affected facilities, systems, and equipment shall not be considered when determining adverse impact. Each BES Cyber Asset is included in one or more BES Cyber Systems. NERC

C

Case Management This is the page that contains all of the cases that are open for forensic investigations into alerts occuring within the given environment.
Case Management Case Management is the collection of cases in a single app for collaboration and management. QRadar
Cases Qradar employs an app within the platform named cases. This app operates under the Case Management tab. QRadar
certificate In computer security, a digital document that binds a public key to the identity of the certificate owner, thereby enabling the certificate owner to be authenticated. A certificate is issued by a certificate authority and is digitally signed by that authority. IBM
Cloud Security Cloud security is a collection of procedures and technology designed to address external and internal threats to business security. Organizations need cloud security as they move toward their digital transformation strategy and incorporate cloud-based tools and services as part of their infrastructure.
Cloud Security Posture Management (CPSM) Cloud security posture management (CSPM) automates the identification and remediation of risks across cloud infrastructures, including Infrastructure as a Service (IaaS), Software as a Service (Saas), and Platform as a Service (PaaS).
Cloud-Native Application Protection Platform (CNAPP) Cloud-Native Application Protection Platform (CNAPP) is a cloud-native security model that encompasses Cloud Security Posture Management (CSPM), Cloud Service Network Security (CSNS), and Cloud Workload Protection Platform (CWPP) in a single holistic platform.
Command and Control A network of computers infected with malware that allows them to issue directives to other digital devices. C&C servers can create powerful networks of infected devices capable of carrying out distributed denial-of-service (DDoS) attacks, stealing data, deleting data or encrypting data in order to carry out an extortion scheme. TechTarget
community In SNMP, the relationship between an agent and one or more managers. The community describes which SNMP manager requests the SNMP agent should honor. IBM
Compensating Control A cybersecurity control employed in lieu of a recommended control that provides equivalent or comparable control. DOE
Compensating Control See Cybersecurity Controls.
Confidentiality Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. NIST
Confidentiality With integrity and availability, confidentiality is considered part of the CIA Triad, which represents the three most crucial components of information security.
Connections Are all the ports and protocols that enable QRadar ingest logs, interface with data collectors, data sources, edge gateways, threat intelligence sources and Qradar Proxy. Connections be uni-directional or bi-directional depending on the purpose and capabilities of the hardware/software terminating the connection.
Connectivity The minimum number of nodes or links whose removal results in losing all paths that can be used to transfer information from a source to a sink. ATIS
Container Segmentation Container segmentation involves isolating containers from each other and the host system to improve security and reduce the attack surface. Containerization is a widely used technology that allows multiple applications or services to run in separate containers on a single host system. Without proper segmentation, though, containers can potentially access each other’s data and configuration files, which can result in security vulnerabilities. PANW
Container Segmentation Best Practices Container isolation: Each container should be isolated from other containers running on the same host system to prevent unauthorized access. This can be achieved using container technologies like Docker and Kubernetes, which provide built-in isolation mechanisms. PANW
Container Segmentation Best Practices Network segmentation: Containers can be segmented from each other using network segmentation techniques. This involves creating separate networks for each container and configuring firewall rules to allow or deny traffic between containers. PANW
Container Segmentation Best Practices Role-based access control: Role-based access control (RBAC) can be used to define access policies for different containers based on user roles and permissions. This can help to ensure that containers are accessed only by authorized users and processes. PANW
Container Segmentation Best Practices Image signing: Container images can be digitally signed to ensure that only trusted images are deployed in production. This can help to prevent container images from being tampered with or altered, reducing the risk of security vulnerabilities. PANW
Container Segmentation Best Practices Runtime protection: Runtime protection tools can be used to monitor container activity and detect anomalies that may indicate a security breach. These tools can help to detect and prevent attacks in real-time, improving the security posture of containerized environments. PANW
Container Segmentation Best Practices Container segmentation helps to ensure the security of containerized applications and services. By isolating containers and applying access control policies, organizations can reduce the attack surface and prevent unauthorized access to sensitive data and resources. Container segmentation should be implemented as part of an overall security strategy that includes network security, access control, and runtime protection. PANW
containerization Containerization is a software deployment process that bundles an application’s code with all the files and libraries it needs to run on any infrastructure. Traditionally, to run any application on your computer, you had to install the version that matched your machine’s operating system. For example, you needed to install the Windows version of a software package on a Windows machine. However, with containerization, you can create a single software package, or container, that runs on all types of devices and operating systems.
Contingency The unexpected failure or outage of a system component, such as a generator, transmission line, circuit breaker, switch, or other electrical element. NRECA / Cooperative Research Network
Correlation Rules A correlation rule helps a SIEM solution in identifying which sequences of events would be an indication of anomalies to detect a security incident.
Credential Information passed from one entity to another to establish the sender’s access rights or to establish the claimed identity of a security subjective relative to a given security domain. ATIS
Critical Assets Facilities, systems, and equipment which, if destroyed, degraded, or otherwise rendered unavailable, would affect the reliability or operability of the bulk electric system. NRECA / Cooperative Research Network
Critical Electric Infrastructure Information (CEII) Information related to or proposed to critical electric infrastructure. FERC
Critical Electric Infrastructure Information (CEII) Generated by or provided to the Federal Energy Regulatory Commission or other Federal agency other than classified national security information,
Critical Electric Infrastructure Information (CEII) That is designated as critical electric infrastructure information by the Federal Energy Regulatory Commission or the Secretary of the Department of Energy pursuant to section 215A(d) of the Federal Power Act.
Critical Infrastructure The assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, public health or safety, or any combination thereof. DHS
Cryptocurrency A digital currency used as a medium of exchange, similar to other currencies. However, unlike other currencies, cryptocurrency operates independently of a central bank and uses encryption techniques and blockchain technology to secure and verify transactions. US-CERT
Cryptocurrency Examples include Bitcoin, Litecoin, Monero, Ethereum, and Ripple.
Cyber Asset Programmable electronic devices, including the hardware, software, and data in those devices. NRECA / Cooperative Research Network
Cyber Attack An attempt to infiltrate information technology systems, computer networks, or individual computers with a malicious intent to steal information, cause damage, or destroy specific targets within the system. Idaho National Laboratory
Cyber Information Sharing and Collaboration Program (CISCP) A program of the U.S Department of Homeland Security that enables actionable, relevant, and timely unclassified information exchange through trusted public-private partnerships across all critical infrastructure sectors. DHS
Cyber Kill Chain A theory developed by Lockheed Martin that identifies the various stages of a cyber attack: Reconnaissance, Weaponization, Delivery, Exploitation, Installation, C&C, and Actions on Objectives. Applying the theory helps cybersecurity professionals recognize and counteract attacks to protect their organization’s assets. SANS Institute
Cyber Mutual Assistance Program A framework to provide emergency cyber assistance within the electric power and natural gas industries. The program is composed of industry cyber experts who can provide voluntary assistance to other participating entities in advance of, or in the event of, a disruption of electric or natural gas service, systems, and/or IT infrastructure due to a cyber emergency. Electricity Sector Coordinating Council
Cyber Security Incident Response Teams (CSIRTs) A group of experts that assesses, documents, and responds to a cyber incident so that a network can not only recover quickly, but also avoid future incidents. DHS
Cybersecurity The ability to protect or defend the use of cyberspace from cyber attacks. DOE
Cybersecurity Cybersecurity is the protection of internet-connected systems such as hardware, software and data from cyberthreats. The practice is used by individuals and enterprises to protect against unauthorized access to data centers and other computerized systems.
Cybersecurity The 3 major types of cyber security are network security, cloud security, and physical security. Your operating systems and network architecture make up your network security. It can include network protocols, firewalls, wireless access points, hosts, and servers.
Cybersecurity Capability Maturity Model (C2M2) A model that helps organizations—regardless of size, type, or industry—evaluate, prioritize, and improve their own cybersecurity capabilities. DOE
Cybersecurity Controls The management, operational, and technical methods, policies, and procedures—manual or automated—(i.e., safeguards or countermeasures) prescribed to protect the confidentiality, integrity, and availability of a system and its information. DOE
Cybersecurity Incident An event occurring on or conducted through a computer network that actually or imminently jeopardizes the integrity, confidentiality, or availability of computers, information or communications systems or networks, physical or virtual infrastructure controlled by computers or information systems, or information resident thereon. A cyber incident may include a vulnerability in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source. Presidential Policy Directive / PPD-41
Cybersecurity Risk Information Sharing Program (CRISP) A public-private data sharing and analysis platform that facilitates the timely bi-directional sharing of unclassified and classified threat information among energy sector stakeholders. DOE
CybersecurityThreat Intelligence (CTI) Threat intelligence is data that is collected, processed, and analyzed to understand a threat actor’s motives, targets, and attack behaviors. Threat intelligence enables us to make faster, more informed, data-backed security decisions and change their behavior from reactive to proactive in the fight against threat actors. Threat intelligence is evidence-based knowledge (e.g., context, mechanisms, indicators, implications and action-oriented advice) about existing or emerging menaces or hazards to assets. – Gartner
Cyberspace A global domain within the information environment consisting of the interdependent network of IT and ICS infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers. DOE

D

Darknets Private, distributed file sharing networks where connections are made only between trusted peers. Darknets are distinct from other distributed networks as sharing is anonymous (i.e., IP addresses are hidden). Cyber Risk Insurance Forum
dashboard An interface that integrates data from a variety of sources and provides a unified display of relevant and in-context information. IBM
Dashboards Dashboards in QRadar are a part of the platform that provides near real-time visibility into the collected and correlated data. It allows security teams to monitor and analyze key data metrics and KPIs, providing the information necessary for data-driven decision-making regarding mitigation and remediation of incidents.
Data Source Analytics Tracking anonymous analytics helps improve the product and user experience. IBM is committed to protecting your personal information in compliance with applicable data protection laws. QRadar
decrypt To decipher data. IBM
Defense-in-Depth Cybersecurity strategy that integrates people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of the organization. DOE
Denial of Service (DoS) A cyber attack that occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor. A denial-of-service floods the targeted host or network with traffic until the target cannot respond or simply crashes, preventing access for legitimate users. DoS attacks can cost an organization both time and money while their resources and services are inaccessible. DHS
destination Any point or location, such as a program, node, station, printer, or a particular terminal, to which information is to be sent. IBM
Distributed control system (DCS) Control achieved by intelligence that is distributed about the process to be controlled, rather than by a centrally located single unit. NIST
domain name server (DNS) An Internet service that translates domain names into IP addresses. IBM

E

Edge Gateways Edge gateways are devices that reside on a networks perimeter and translate information from the internet into a private network and viceversa. The devices can be any number of device types such as firewalls, routers, switches, SDWan devices and more.
Electronic Security Perimeter (ESP) The logical border surrounding a network to which systems are connected. NERC
Encryption Cryptographic transformation of data (called “plaintext”) into a form (called “ciphertext”) that conceals the data’s original meaning to prevent it from being known or used. If the transformation is reversible, the corresponding reversal process is called “decryption,” which is a transformation that restores encrypted data to its original state. Idaho National Laboratory
End Point Detection and Response (EDR)  is an endpoint security solution that continuously monitors end-user devices to detect and respond to cyber threats like ransomware and malware. EDR incorporates AV and other endpoint security functionality providing more fully-featured protection against a wide range of potential threats.
Endpoint Protection/Security A security approach that focuses on locking down endpoints—individual computers, phones, tablets, and other network-enabled devices—in order to keep networks safe. CSO Online
Energy Assurance An array of activities that support a robust, secure, reliable, and resilient energy infrastructure. These include energy emergency planning, preparedness, mitigation, and response NASEO
event An occurrence of significance to a task or system. Events can include completion or failure of an operation, a user action, or the change in state of a process. See also alert. IBM
Exploit A piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic. Idaho National Laboratory
Extended Detection and Response (XDR) Is a consolidation of tools and data that provides extended visibility, analysis, and response across endpoints, workloads, users, and networks. XDR unifies endpoint and workload security capabilities with critical visibility into the network and cloud—reducing blind spots, detecting threats faster, and automating remediation via authoritative context across these domains.

F

Federated Search with Qradar’s Federated Search feature contained within the Log
filter A device or program that separates data, signals, or material in accordance with specified criteria. IBM
Firewall A network security device that monitors incoming and outgoing network traffic and helps screen out hackers, viruses, and worms that try to reach a computer over the Internet. A firewall can be hardware, software, or both. Cisco
firewall A network configuration, typically both hardware and software, that prevents unauthorized traffic into and out of a secure network. IBM
firewall rule A chain of statements matching specific criteria that define the types of traffic to block on a network. IBM
Firmware A software program or set of instructions programmed on a hardware device. It provides the necessary instructions for how the device communicates with the other computer hardware. TechTerms
firmware Proprietary code that is usually delivered as microcode as part of an operating system. IBM
fix pack A cumulative collection of fixes that is released between scheduled refresh packs, manufacturing refreshes, or releases. A fix pack updates the system to a specific maintenance level. IBM
Fusion Centers Primary focal points within the state and local environment for the receipt, analysis, gathering, and sharing of threat-related information among Federal, State, Local, Tribal, and Territorial (SLTT) partners. They provide interdisciplinary expertise and situational awareness to inform decision-making at all levels of government. DHS
Fusion Centers Fusion centers are owned and operated by State and Local entities with support from federal partners.

G

Gateway An intermediate system (interface, relay) that attaches to two (or more) computer networks that have similar functions but dissimilar implementations and that enables either one-way or two-way communication between the networks. CNSS
gateway A device or program used to connect networks or systems with different network architectures. IBM
Granular security Granular security means network administrators can strengthen and pinpoint security by creating specific policies for critical applications. The goal is to prevent lateral movement of threats with policies that precisely control traffic in and out of specific workloads, such as weekly payroll runs or updates to human resource databases.

H

Homeland Security Information Network (HSIN) A trusted network for homeland security mission operations to share sensitive but unclassified information. Federal, state, local, territorial, tribal, international and private sector homeland security partners use HSIN to manage operations, analyze data, send alerts and notices, and share the information they need to do their jobs and help keep their communities safe. DHS
Honeypot A trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers. Cyber Risk Insurance Forum
Human-Machine Interface (HMI) The hardware or software through which an operator interacts with a controller. An HMI can range from a physical control panel with buttons and indicator lights to an industrial PC with a color graphics display running dedicated HMI software. NIST

I

IBM Cloud Pak for Security IBM Cloud Pak® for Security is an open security platform that connects to your existing data sources to generate deeper insights and enable you to act faster with automation.
ICMP See Internet Control Message Protocol. IBM
Identity-Based Access Control Access control based on the identity of the user (typically relayed as a characteristic of the process acting on behalf of that user), where access authorizations to specific objects are assigned based on user identity. NRECA / Cooperative Research Network
Impact Damage to an organization’s mission and goals due to the loss of confidentiality, integrity, or availability of system information or operations. NRECA / Cooperative Research Network
Indicators of Compromise (IOC) Forensic artifacts of an intrusion. SANS Institute
Industrial Control Cyber Emergency Response Team (ICS-CERT) Operates within the Department of Homeland Security’s (DHS) National Cybersecurity and Communications Integration Center (NCCIC) to reduce risks to industrial control systems used within and across all critical infrastructure sectors. ISC-CERT collaborates law enforcement agencies and the intelligence community and coordinates efforts among Federal, State, local, and tribal governments and control systems owners, operators, and vendors. Additionally, ICS-CERT collaborates with international and private sector Computer Emergency Response Teams (CERTs) to share control systems-related security incidents and mitigation measures. DHS
Industrial Control System (ICS) A general term that includes several types of control systems, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), Programmable Logic Controllers (PLC) and others often found in industrial and critical infrastructure sectors. An ICS consists of combinations of control components that act together to achieve an industrial objective. Idaho National Laboratory
Information Security The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction to provide confidentiality, integrity, and availability. NRECA / Cooperative Research Network
Information Sharing and Analysis Center (ISAC) Sector-specific, member-driven organizations formed by critical infrastructure owners and operators to share information between government and industry. DHS
Information System (IS) A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. (Note: information systems also include specialized systems such as industrial/process controls systems, telephone switching and private branch exchange (PBX) systems, and environmental control systems.) NRECA / Cooperative Research Network
Information Technology (IT) The technology involving the development, maintenance, and use of computer systems, software, and networks for the processing and distribution of data. Merriam Webster Dictionary
InfraGard A partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure. Infragard
Integrity Guarding against improper information modification or destruction; includes ensuring the non-repudiation and authenticity of information. NRECA / Cooperative Research Network
Integrity With confidentiality and availability, integrity is considered part of the CIA Triad, which represents the three most crucial components of information security.
Intelligent electronic device (IED) Any device incorporating one or more processors with the capability to receive or send data/control from or to an external source (e.g., electronic multifunction meters, digital relays, controllers). NIST
interface A shared boundary between independent systems. An interface can be a hardware component used to link two devices, a convention that supports communication between software systems, or a method for a user to communicate with the operating system, such as a keyboard. IBM
International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) Standards Standards that represent global consensus on a solution to a particular issue. They provide requirements, specifications, guidelines or characteristics to ensure that materials, products, processes and services are safe to use and fit for their purpose. Whenever possible, requirements are expressed in terms of performance rather than design or descriptive characteristics. ISO
Internet Control Message Protocol (ICMP) An Internet protocol that is used by a gateway to communicate with a source host, for example, to report an error in a datagram. IBM
Internet Protocol (IP) Standard method for transmission of data from source to destinations in packet-switched communications networks and interconnected systems of such networks. NIST
Interoperability The ability of systems, units, or forces to provide services to and accept services from other systems, units, or forces, and to use the services so exchanged to enable them to operate effectively together. Rand Corporation
intrusion prevention A set of policies and rules for detecting suspicious behavior in network traffic and for alerting system or network administrators. IBM
intrusion prevention system (IPS) A system that attempts to deny potentially malicious activity. The denial mechanisms could involve filtering, tracking, or setting rate limits. IBM
IP Address Management (IPAM) IPAM (IP Address Management) is the administration of DNS and DHCP, which are the network services that assign and resolve IP addresses to machines in a TCP/IP network. Simply put, IPAM is a means of planning, tracking, and managing the Internet Protocol address space used in a network.
IPS See intrusion prevention system. IBM

J

Joint Information Center (JIC) A central location to facilitate operation of the Joint Information System (JIS) during and after an incident. The JIC enhances information coordination, reduces misinformation, and maximizes resources by co-locating Public Information Officers (PIOs) as much as possible. FEMA
Joint Information System (JIS) An incident response structure that can be leveraged for developing and delivering coordinated interagency messages, executing public information plans and strategies, advising an Incident Commander concerning public affairs issues, and controlling rumors and inaccurate information. FEMA

K

Key Logger A program designed to record the sequence of keys pressed on a computer keyboard. Such programs can be used to obtain passwords or encryption keys and thus bypass other security measures. NIST
Kubernetes Kubernetes is a portable, extensible, open source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available.

L

Least Privilege The principle that users and programs should only have the necessary privileges to complete their tasks. NIST
local management interface A graphical user interface that is used to manage a single, local appliance. IBM

M

Malware Software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system. Examples include viruses, worms, and Trojan horses, spyware and some forms of adware. NIST
Man-In-The-Middle (MitM) A type of cyber attack where an interloper inserts him- or herself between two communicating devices, without either side knowing. US-CERT
Managed Detection and Response (MDR) MDR is a comprehensive solution that offers 24/7 monitoring and response services from experienced security analysts.
Management Controls The security controls for IT and ICS that focus on the management of risk and security. DOE
Microsegmentation Microsegmentation refers to an approach to security that involves dividing a network into segments and applying security controls to each segment based on the segment’s requirements. Microsegmentation software with network virtualization technology is used to create zones in cloud deployments. These granular secure zones isolate workloads, securing them individually with custom, workload-specific policies. Similarly, each virtual machine (VM) in a network can be protected, down to the application level, with exact security controls. The granular security controls microsegmentation brings to workloads or applications is invaluable for the modern cloud environment with several applications running on the same server or virtual machine. Organizations can apply security controls to individual workloads and applications, rather than having a one security policy for the server.
Microsegmentation Microsegmentation offers protection for dynamic environments. For instance, cloud-native architectures like containers and Kubernetes can spin up and down in a matter of seconds. The IP addresses assigned to cloud workloads are ephemeral, rendering IP-based rule management impossible. With microsegmentation, security policies are expressed in terms of identities or attributes (env=prod, app=hrm, etc.) rather than network constructs (e.g., 10.100.0.10 tcp/80). Changes to the application or infrastructure trigger automatic revisions to security policies in real time, requiring no human intervention.
Microsegmentation: Benefits Organizations that adopt microsegmentation realize tangible benefits. More specifically:
Microsegmentation: Benefits Reduced attack surface: Microsegmentation provides visibility into the complete network environment without slowing development or innovation. Application developers can integrate security policy definition early in the development cycle and ensure that neither application deployments nor updates create new attack vectors. This is particularly important in the fast-moving world of DevOps.
Microsegmentation: Benefits Improved breach containment: Microsegmentation gives security teams the ability to monitor network traffic against predefined policies as well as shorten the time to respond to and remediate data breaches.
Microsegmentation: Benefits Stronger regulatory compliance: Using microsegmentation, regulatory officers can create policies that isolate systems subject to regulations from the rest of the infrastructure. Granular control of communications with regulated systems reduces the risk of noncompliant usage.
Microsegmentation: Benefits Simplified policy management: Moving to a microsegmented network or Zero Trust security model provides an opportunity to simplify policy management. Some microsegmentation solutions offer automated application discovery and policy suggestions based on learned application behavior.
Microservices In software engineering, a microservice architecture is a variant of the service-oriented architecture structural style. It is an architectural pattern that arranges an application as a collection of loosely coupled, fine-grained services, communicating through lightweight protocols.
MITRE ATT&CK MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.

With the creation of ATT&CK, MITRE is fulfilling its mission to solve problems for a safer world — by bringing communities together to develop more effective cybersecurity. ATT&CK is open and available to any person or organization for use at no charge.

MITRE ATT&CK
multicast Transmission of the same data to a selected group of destinations. IBM

N

National Cybersecurity and Communications Integration Center (NCCIC) The cyber defense, incident response, and operational integration center of the U.S. Department of Homeland Security. The NCCIC’s mission is to reduce the risk of systemic cybersecurity and communications challenges by serving as a national hub for cyber and communications information, technical expertise, and operational integration, and by operating a 24/7 situational awareness, analysis, and incident response center. DHS
National Institutes of Standards and Technology (NIST) A federal agency within the U.S. Department of Commerce. NIST’s mission is to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life. NIST is also responsible for establishing computer- and information technology-related standards and guidelines for federal agencies to use. NIST
Need to Know Decision made by an authorized holder of official information that a prospective recipient requires access to specific official information to carry out official duties. NIST
NERC Critical Infrastructure Protection (NERC CIP) A set of requirements designed to secure cyber assets required for operating North America’s bulk electric system. TechTarget
Network (computer network) A network of data processing nodes interconnected for the purpose of data communication. ATIS
Network Detection and Response (NDR) Network Detection and response (NDR) is a security tool that monitors an enterprise’s network traffic to gain visibility into potential cyberthreats. NDR relies on advanced capabilities, such as behavioral analytics, machine learning, and artificial intelligence to uncover threats and suspect activities.
network mask (netmask) A number that is the same as an Internet Protocol (IP) address. A network mask identifies which part of an address is to be used for an operation, such as making a TCP/IP connection. IBM
Network Microsegmentation For most organizations, east-west communications make up the majority of data center and cloud traffic patterns, and perimeter-focused defenses do not have visibility into east-west traffic. Given these factors, malicious actors use this as an opportunity to move laterally across workloads. The network creates reliable pathways between workloads and determines whether or not two endpoints can access each other. Microsegmentation creates isolation and determines if two endpoints should access each other. Enforcing segmentation with least-privileged access reduces the scope of lateral movement and contains data breaches.
network object A group of predefined settings that can be shared among multiple network access policy rules to control traffic flow, communication, and access between hosts, segments, or subnets on a network. IBM
NIST Cybersecurity Framework (NIST CSF) A voluntary framework consisting of standards, guidelines, and best practices to manage cybersecurity risk. NIST
North American Electric Reliability Corporation A not-for-profit international regulatory authority whose mission is to assure the effective and efficient reduction of risks to the reliability and security of the bulk electric grid in North America. NERC

O

Operational Controls The security controls for IT and ICS, implemented and executed primarily by people (as opposed to systems). DOE
Operational Technology (OT) Programmable systems or devices that interact with the physical environment (or manage devices that interact with the physical environment). Examples include industrial control systems, building management systems, fire control systems, and physical access control mechanisms. DOE
Organization Profile IBM Cloud Pak for Security helps you uncover hidden threats, make more informed risk-based decisions and prioritize your team’s time. By selecting your profile preferences such as industry and location, Cloud Pak for Security tailors your experience according to your selection. Organization Profile defines the Industries the that the instance is serving and the geographic location of the deployment.

P

Packet The sequence of binary digits transmitted and switched as a composite whole. ATIS
packet A unit of data transmitted over a network. Large chunks of information are broken up into packets before they are sent across the Internet. IBM
PAM See Protocol Analysis Module. IBM
parameter (parm) A value or reference passed to a function, command, or program that serves as input or controls actions. The value is supplied by a user or by another program or process. IBM
parm See parameter. IBM
passive authentication A configuration option that automatically logs users into a system when they log on to a network using a directory service, such as Active Directory. IBM
passphrase A sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security. IBM
password In computer and network security, a specific string of characters used by a program, computer operator, or user to access the system and the information stored within it. IBM
Perimeter Security Perimeter security makes up a significant part of most organizations’ network security controls. Network security devices, such as network firewalls, inspect “north-south” (client to server) traffic that crosses the security perimeter and stop bad traffic. Assets within the perimeter are implicitly trusted, which means that “east-west” (workload to workload) traffic may go without inspection.
Personal Health Information (PHI) PHI stands for Protected Health Information. The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes. HHS
Personally Identifiable Information (PII) Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. Further, PII is defined as information: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) or (ii) by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., indirect identification. (These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors). Additionally, information permitting the physical or online contacting of a specific individual is the same as personally identifiable information. This information can be maintained in either paper, electronic or other media. DOL
Phishing An attempt to trick people into divulging sensitive information such as usernames, passwords, or credit card numbers. Phishing is carried out by email, over the phone, or using a website. The motives are generally to steal money or a user’s identity. Symantec
Physical Security Perimeter (PSP) The physical border surrounding locations in which BES cyber assets, BES cyber systems, or electronic access control or monitoring systems reside, and for which access is controlled. NERC
ping The command that sends an Internet Control Message Protocol (ICMP) echo-request packet to a gateway, router, or host with the expectation of receiving a reply. IBM
policy A set of considerations that influence the behavior of a managed resource or a user. IBM
portal A single, secure point of access to diverse information, applications, and people that can be customized and personalized. IBM
Potential Impact The loss of confidentiality, integrity or availability that might have: 1) a limited adverse effect; 2) a serious adverse effect; or 3) a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. NRECA / Cooperative Research Network
Privileged User A user that is authorized (and therefore trusted) to perform security-relevant functions that ordinary users are not authorized to perform. NRECA / Cooperative Research Network
Programmable Logic Controller (PLC) A solid-state control system that has a user-programmable memory for storing instructions for the purpose of implementing specific functions such as input/output control, logic, timing, counting, communication, and data and file processing. Idaho National Laboratory
Protected Critical Infrastructure Information Program (PCII) A DHS-specific information protection program that enhances voluntary information sharing between infrastructure owners and operators and the government. PCII protections mean that homeland security partners can be confident that sharing their information with the government will not expose sensitive or proprietary data. DHS
protection interface An access point on a network appliance that is used to monitor, inspect, and block network traffic as it passes through the appliance. IBM
protocol A set of rules controlling the communication and transfer of data between two or more devices or systems in a communication network. IBM
Protocol Analysis Module (PAM) A deep-pack inspection engine that stores handling specifications for a comprehensive list of vulnerability checks. PAM interprets the vulnerability checks, processes the results as security events, and then sends the security events to the appliance in X-Press Updates. IBM
proxy server A server that receives requests intended for another server and that acts on behalf of the client (as the client’s proxy) to obtain the requested service. A proxy server is often used when the client and the server are incompatible for direct connection. For example, the client is unable to meet the security authentication requirements of the server but should be permitted some services. IBM

Q

QRadar on Cloud (QRoC) In an environment where security requirements are dynamic, IBM® QRadar® on Cloud provides both the security monitoring that you need, and the flexibility to modify your monitoring activities as your requirements change.

With QRadar on Cloud, you can protect your network and meet compliance monitoring and reporting requirements, with reduced total cost of ownership. Other than a data gateway appliance, which is used to connect to QRadar, you do not need to install any extra hardware on your premises.

You get the benefit of all of the QRadar capabilities without investing in the hardware and software of an on-premises QRadar deployment. IBM security professionals manage the infrastructure, while your security analysts perform the threat detection and management tasks.

R

Ransomware A malicious form of software that locks a computer or files and requires money be paid to get the decryption code to unlock the device or the file. Microsoft
Red Team/Blue Team A group of people authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s security posture (i.e., the Red Team). The objective is to improve enterprise Information Assurance by demonstrating the impacts of successful attacks and by demonstrating what works for the defenders (i.e., the Blue Team) in an operational environment NIST
Remote Access Access to an organizational system by a user (or a process acting on behalf of a user) communicating through an external network (e.g., the Internet) NIST
Remote Access Trojan (RAT) A malicious program that runs invisibly on host computers and permits an intruder to gain access and control from afar. Many RATs mimic legitimate functionality but are designed specifically for stealth installation and operation. Microsoft
Resilience The ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents. Presidential Policy Directive / PPD-21
response The reaction of an appliance to an event. Responses include sending an email message to a responsible party, triggering an SNMP trap, creating a log of the activity, quarantining the activity, or using a custom (user-specified) action, such as running an application or running a command. IBM
Risk The potential for an unwanted outcome resulting from an incident, event, or occurrence, as determined by its likelihood and the associated consequences. US-CERT
Risk Management The process of controlling risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system, and includes: (i) the conduct of a risk assessment; (ii) the implementation of a risk mitigation strategy; and (iii) employment of techniques and procedures for the continuous monitoring of the security and privacy state of the information system. NIST
Risk severity A combination of the likelihood of a damaging event actually occurring and the assessed potential impact on the organization’s mission and goals if it does occur. NRECA / Cooperative Research Network
Role-based access control Access permission based on users’ roles and typically reflect the need to perform defined functions within an organization. A given role may apply to a single individual or to several individuals. NRECA / Cooperative Research Network
root The user name for the system user with the most authority. IBM
rule A set of conditional statements that enable computer systems to identify relationships and run automated responses accordingly. IBM

S

Sandbox A system that allows an untrusted software application to run in a highly controlled environment where the application’s permissions are restricted. In particular, an application in a sandbox is usually restricted from accessing the file system or the network. NIST
Secure Sockets Layer (SSL) A security protocol that provides communication privacy. With SSL, client/server applications can communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery. IBM
Secure Web Gateway (SWG) A secure web gateway protects an organization from online security threats and infections by enforcing company policy and filtering Internet-bound traffic. A secure web gateway is an on-premise or cloud-delivered network security service. Sitting between users and the Internet, secure web gateways provide advanced network protection by inspecting web requests against company policy to ensure malicious applications and websites are blocked and inaccessible. A secure web gateway includes essential security technologies such as URL filtering, application control, data loss prevention, antivirus, and https inspection to provide organizations with strong web security.
security The protection of data, system operations, and devices from accidental or intentional ruin, damage, or exposure. IBM
Security Automation Security automation is the use of technology that performs tasks with reduced human assistance in order to integrate security processes, applications, and infrastructure.
security event Any network occurrence or activity that may have an impact on the security of the network. IBM
Security Orchestration, Automation and Response (SOAR) Security orchestration, automation and response, or SOAR, is a stack of compatible software programs that enables an organization to collect data about security threats and respond to security events with little or no human assistance.
Sensitive Information Information of which the loss, misuse, unauthorized access or modification could adversely affect the organization, its employees or its customers. NRECA / Cooperative Research Network
SIEM vs. SOAR vs. XDR Security teams today can choose among security information and event management (SIEM), security orchestration and response (SOAR), and extended detection and response (XDR) products.

Gartner’s definitions of SIEM, SOAR and XDR are fairly similar. SIEM “supports threat detection, compliance and security incident management through the collection and analysis of security events, as well as a wide variety of other event and contextual data sources.” SOAR enables “organizations to collect inputs monitored by the security operations team.” XDR is “a unified security incident detection and response platform that automatically collects and correlates data from multiple proprietary security components.”

TechTarget
signature A code in a policy that determines what an agent can detect. IBM
Significant Cyber Incident A cyber incident that is (or group of related cyber incidents that together are) likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people. Presidential Policy Directive / PPD-41
Simple Network Management Protocol (SNMP) A set of protocols for monitoring systems and devices in complex networks. Information about managed devices is defined and stored in a Management Information Base (MIB). See also SNMP manager, SNMP trap. IBM
snapshot An image that is an exact copy of the original files or directories from which it was created. IBM
SNMP An image that is an exact copy of the original files or directories from which it was created. IBM
SNMP manager A host that collects information from SNMP agents through the SNMP. See also Simple Network Management Protocol. IBM
SNMP trap An SNMP message sent from the SNMP agent to the SNMP manager. The message is initiated by the SNMP agent and is not a response to a message sent from the SNMP manager. See also Simple Network Management Protocol. IBM
Social Engineering Psychological manipulation of people into divulging sensitive information or performing certain actions. Symantec
Software Defined Wide Area Network (SDWAN) Software-Defined Networking (SDN) is an approach to networking that uses software-based controllers or application programming interfaces (APIs) to communicate with underlying hardware infrastructure and direct traffic on a network. This model differs from that of traditional networks, which use dedicated hardware devices (i.e., routers and switches) to control network traffic. SDN can create and control a virtual network – or control a traditional hardware – via software. While network virtualization allows organizations to segment different virtual networks within a single physical network, or to connect devices on different physical networks to create a single virtual network, software-defined networking enables a new way of controlling the routing of data packets through a centralized server.
SSL See Secure Sockets Layer. IBM
subnet mask See network mask. IBM
Sunshine Laws Open government laws that foster an informed citizenry by providing the public access to government documents and meetings. NCSL
Supervisory Control and Data Acquisition (SCADA) A generic name for a computerized system that is capable of gathering and processing data and applying operational controls over long distances. Typical uses include power transmission and distribution and pipeline systems. SCADA was designed for the unique communication challenges (e.g., delays, data integrity) posed by the various media that must be used, such as phone lines, microwave, and satellite. Usually shared rather than dedicated. NIST
Supply Chain Linked set of resources and processes between multiple tiers of developers that begins with the sourcing of products and services and extends through the design, development, manufacturing, processing, handling, and delivery of products and services to the acquirer. NIST
syslog A standard for transmitting and storing log messages from many sources to a centralized location to enhance system management. IBM

T

Technical Controls Security controls for IT and ICS implemented and executed primarily through mechanisms contained in hardware, software, or firmware. DOE
Threat Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), resources, and other organizations through an IT and ICS via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. DOE
threat A security issue, or a harmful act, such as the deployment of a virus or illegal network penetration. IBM
Threat Actor/Agent An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities. US-CERT
Threat Intelligence Insights
Threat Intelligence Sources
Threat Investigator Threat Investigator automatically analyzes and investigates cases to help you make more informed decisions.
traceroute A utility that traces a packet from a computer to a remote destination, showing how many hops the packet required to reach the destination and how long each hop took. IBM
traffic In data communication, the quantity of data transmitted past a particular point in a path. IBM
Traffic Light Protocol (TLP) A set of designations used to ensure that sensitive information is shared appropriately. It employs four colors to indicate expected sharing boundaries by the recipient(s). US-CERT
Traffic Light Protocol (TLP) RED: information cannot be effectively acted upon by additional parties, and could lead to impacts on a party’s privacy, reputation, or operations if misused.
Traffic Light Protocol (TLP) AMBER: information requires support to be effectively acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved.
Traffic Light Protocol (TLP) GREEN: information is useful for the awareness of all participating organizations as well as with peers within the broader community or sector.
Traffic Light Protocol (TLP) WHITE: information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release.
Transmission Control Protocol (TCP) A communication protocol used in the Internet and in any network that follows the Internet Engineering Task Force (IETF) standards for internetwork protocol. TCP provides a reliable host-to-host protocol in packet-switched communication networks and in interconnected systems of such networks. IBM
transport protocol A specification of the rules that govern the exchange of information between components of a transport network; for example, the User Datagram Protocol (UDP). IBM
trap In the Simple Network Management Protocol (SNMP), a message sent by a managed node (agent function) to a management station to report an exception condition. IBM

U

UDP See User Datagram Protocol. IBM
United States Computer Emergency Readiness Team (US-CERT) A partnership between the U.S. Department of Homeland Security and the public and private sectors, established to protect the nation’s internet infrastructure. US-CERT coordinates defenses against and responses to cyber attacks across the nation. NIST
User Datagram Protocol (UDP) An Internet protocol that provides unreliable, connectionless datagram service. It enables an application program on one machine or process to send a datagram to an application program on another machine or process. IBM
User Segmentation in Cloud Security User segmentation in cloud security involves dividing user access based on different roles and responsibilities within an organization to ensure that users have access to only the resources they need to perform their job functions. User segmentation reduces the attack surface by limiting the exposure of sensitive data and resources to only authorized users. Because cloud environments are dynamic and change rapidly, user segmentation is a critical component of a comprehensive cloud security strategy. Here are some key considerations for user segmentation in cloud security: PANW
User Segmentation in Cloud Security Role-based access control (RBAC): RBAC involves creating and defining permissions for roles, and then assigning users to the appropriate roles according to job functions. This approach ensures that users have access only to the resources they need to perform their job functions, reducing the risk of accidental or intentional data breaches.
User Segmentation in Cloud Security Multi-factor authentication (MFA): MFA requires users to provide more than one form of authentication to access a resource. This can include a password, a security token, or biometric data. MFA is an effective way to prevent unauthorized access to cloud resources, particularly when combined with RBAC.
User Segmentation in Cloud Security Continuous monitoring: Continuous monitoring of user activity is critical for detecting and responding to security incidents in real-time. This involves analyzing log data and user behavior to identify threats and vulnerabilities.
User Segmentation in Cloud Security Separation of duties: Separation of duties involves dividing responsibilities among multiple users to prevent any one user from having too much control over a system or process. This reduces the risk of fraud or errors and ensures that sensitive operations are performed by multiple users.
User Segmentation in Cloud Security Regular access reviews: Regular access reviews involve routinely reviewing user access rights and permissions to ensure they’re still essential. Access reviews can help to identify and remove unnecessary access rights, reducing the risk of unauthorized access.
User Segmentation in Cloud Security By implementing RBAC, MFA, continuous monitoring, separation of duties, and regular access reviews, organizations can enhance their cloud security posture and protect against evolving threats. reduce the attack surface and prevent unauthorized access to sensitive data and resources.

V

Virual Private Network (VPN) A VPN provides a secure, encrypted connection between two points. Before setting up the VPN connection, the two endpoints of the connection create a shared encryption key. This can be accomplished by providing a user with a password or using a key sharing algorithm.
Virus A computer program that can copy itself and infect a computer without permission or knowledge of the user. A virus might corrupt or delete data on a computer, use e-mail programs to spread itself to other computers, or even erase everything on a hard disk. CNSS
Vulnerability A specific weakness in an information system, system security procedures, internal controls, or implementation that a threat source could exploit. NIST

W

Watering Hole Attack A security exploit where the attacker infects websites frequently visited by members of a targeted group being attacked, with a goal of infecting a computer used by one or more of the targeted group members when they visit the infected website. NIST
Web Applications Firewall (WAF) A web application firewall (WAF) protects the application layer and is specifically designed to analyze each HTTP/S request at the application layer. It is typically user, session, and application aware, cognizant of the web apps behind it and what services they offer. Because of this, you can think of a WAF as the intermediary between the user and the app itself, analyzing all communications before they reach the app or the user. Traditional WAFs ensure only allowed actions (based on security policy) can be performed. For many organizations, WAFs are a trusted, first line of defense for applications, especially to protect against the OWASP Top 10—the foundational list of the most seen application vulnerabilities. This Top 10 currently includes:                                                                                                                                                 Injection attacks
Broken Authentication
Sensitive data exposure
XML External Entities (XXE)
Broken Access control
Security misconfigurations
Cross Site Scripting (XSS)
Insecure Deserialization
web filter inspection object A filter that is used to control the types of web pages that users can access on a network. IBM
Webapp A web application (web app) is an application program that is stored on a remote server and delivered over the internet through a browser interface. Web services are web apps by definition and many, although not all, websites contain web apps.
Whitelist A list of entities considered trustworthy and granted access or privileges. US-CERT
Workload A workload can be broadly defined as the resources and processes needed to run an application. Hosts, virtual machines and containers are a few examples of workloads. Companies can run workloads across data centers, hybrid cloud and multicloud environments. Most organizations’ applications are becoming increasingly distributed across different cloud-native compute architectures, based on business needs.
Worm A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself. CNSS

X

X-Press Update (XPU) A software update that is issued between major releases to protect a network against the latest security vulnerabilities and threats. IBM
XPU See X-Press Update. IBM

Y

Z

zero configuration networking A set of techniques or technologies used by an application to automatically discover devices on a network and configure network settings. IBM
Zero Trust A security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access. CSO Online
Zero-Day Attack/Exploit An attack that exploits a previously unknown hardware, firmware, or software vulnerability. NIST