Search for:

Glossary

Some security terms for reference below:

  1. Computer Security Incident Response Team (CSIRT): A team of security experts trained in managing and responding to security incidents.
  2. Documentation: Recorded material serving a specific purpose.
  3. Endpoint Detection and Response (EDR): Software monitoring endpoints for malicious activities.
  4. Event: An observable incident within a network, system, or device.
  5. False Negative: A situation where a threat goes undetected.
  6. False Positive: An erroneous alert indicating a non-existent threat.
  7. Incident: An event compromising the confidentiality, integrity, or availability of information or systems, or breaching laws or policies.
  8. Incident Handler’s Journal: Documentation used in incident response.
  9. Incident Response Plan: A documented strategy detailing steps for incident response.
  10. Intrusion Detection System (IDS): Software alerting to potential intrusions in a system.
  11. Intrusion Prevention System (IPS): Software monitoring for and stopping intrusive activities.
  12. National Institute of Standards and Technology (NIST) Incident Response Lifecycle: A framework outlining four phases of incident response: Preparation, Detection and Analysis, Containment, Eradication, and Recovery, and Post-Incident Activity.
  13. Playbook: A manual detailing operational actions.
  14. Security Information and Event Management (SIEM): Software collecting and analysing log data to monitor organisational activities.
  15. Security Operations Center (SOC): A unit monitoring networks and systems for security threats.
  16. Security Orchestration, Automation, and Response (SOAR): A suite of tools and workflows automating responses to security events.
  17. True Negative: A situation with correctly undetected malicious activity.
  18. True Positive: A correct alert identifying an attack.
  19. Cybersecurity: Protecting information by securing networks, devices, and data against unauthorised access.
  20. Cloud Security: Ensuring cloud-stored assets are properly configured and accessed only by authorised users.
  21. Internal Threat: A security risk from current or former employees, vendors, or partners.
  22. Network Security: Protecting a network infrastructure from unauthorised access.
  23. Personally Identifiable Information (PII): Information identifying an individual.
  24. Security Posture: An organisation’s capability to defend critical assets and adapt to changes.
  25. Sensitive Personally Identifiable Information (SPII): PII requiring stricter handling.
  26. Technical Skills: Knowledge-based abilities regarding specific tools and procedures.
  27. Threat: Any potential negative impact on assets.
  28. Threat Actor: Individuals or groups posing security risks.
  29. Transferable Skills: Abilities applicable across different careers.
  30. Adversarial Artificial Intelligence (AI): Techniques manipulating AI and machine learning for efficient attacks.
  31. Business Email Compromise (BEC): Phishing attacks via email impersonation for financial gain.
  32. Computer Virus: Malicious code damaging data and software.
  33. Cryptographic Attack: Compromising secure communication between sender and receiver.
  34. Hacker: Someone accessing computer systems, networks, or data without authorization.
  35. Malware: Software designed to damage devices or networks.
  36. Password Attack: Attempts to access password-protected systems or data.
  37. Phishing: Digital deception to acquire sensitive data or spread malware.
  38. Physical Attack: A security breach affecting both digital and physical environments.
  39. Physical Social Engineering: Impersonating others to gain unauthorized physical access.
  40. Social Engineering: Manipulation exploiting human error to gain information or access.
  41. Social Media Phishing: Gathering information on social media for targeted attacks.
  42. Spear Phishing: Targeted malicious email attacks from seemingly trusted sources.
  43. Supply-Chain Attack: Targeting systems or software for malware deployment.
  44. USB Baiting: Leaving malware-infected USBs to infiltrate networks.
  45. Vishing: Voice communication exploitation to obtain sensitive information.
  46. Watering Hole Attack: Compromising a frequently visited website to target specific users.
  47. Asset: Valuable items to an organisation.
  48. Availability: Ensuring authorised access to data.
  49. Compliance: Adhering to internal and external standards and regulations.
  50. Confidentiality: Restricting data access to authorised users.
  51. Confidentiality, Integrity, Availability (CIA) Triad: A model guiding risk assessment in security policies.
  52. Hacktivist: Hackers pursuing political goals.
  53. Health Insurance Portability and Accountability Act (HIPAA): A US law protecting patient health information.
  54. Integrity: Maintaining data accuracy and reliability.
  55. NIST Cybersecurity Framework (CSF): Guidelines for managing cybersecurity risks.
  56. Privacy Protection: Safeguarding personal information from unauthorised use.
  57. Protected Health Information (PHI): Health-related information requiring protection.
  58. Security Architecture: Design combining components to protect against risks.
  59. Security Controls: Measures reducing security risks.
  60. Security Ethics: Decision-making guidelines for security professionals.
  61. Security Frameworks: Guidelines for risk mitigation and data protection.
  62. Security Governance: Practices directing an organisation’s security efforts.
  63. Antivirus Software: Programs detecting and eliminating malware.
  64. Database: Organised data collection.
  65. Data Point: Specific information units.
  66. Linux: An open-source operating system.
  67. Log: A record of events in organisational systems.
  68. Network Protocol Analyzer (Packet Sniffer): Tools capturing and analysing network traffic.
  69. Order of Volatility: Data preservation priority sequence.
  70. Programming: Creating computer-executable instructions.
  71. Protecting and Preserving Evidence: Handling digital evidence correctly.
  72. SQL (Structured Query Language): Language for database interaction.
  73. Assess: Evaluating the implementation of controls (NIST Risk Management Framework).
  74. Authorize: Accountability for security and privacy risks in an organisation.
  75. Business Continuity: Maintaining productivity through disaster recovery planning.
  76. Categorize: Developing risk management processes (NIST RMF).
  77. External Threat: External risks to organisational assets.
  78. Implement: Executing security and privacy plans (NIST RMF).
  79. Internal Threat: Security risks from current/former employees or partners.
  80. Monitor: Observing system operations (NIST RMF).
  81. Prepare: Pre-breach security and privacy risk management (NIST RMF).
  82. Ransomware: Malware encrypting data for extortion.
  83. Risk: Potential impacts on asset confidentiality, integrity, or availability.
  84. Risk Mitigation: Procedures reducing breach impacts.
  85. Select: Choosing controls for organisational protection (NIST RMF).
  86. Shared Responsibility: Collective role in reducing risks and maintaining security.
  87. Social Engineering: Exploiting human error for information or access.
  88. Vulnerability: Exploitable security weaknesses.
  89. Attack Vectors: Paths for security breaches.
  90. Authentication: Verifying identity.
  91. Authorization: Granting access to system resources.
  92. Biometrics: Unique physical traits for identity verification.
  93. Detect: Identifying security incidents (NIST core function).
  94. Encryption: Converting readable data to encoded formats.
  95. Identify: Managing cybersecurity risks (NIST core function).
  96. NIST Special Publication (SP) 800-53: A framework for securing US federal information systems.
  97. Open Web Application Security Project (OWASP): An organisation improving software security.
  98. Protect: Safeguarding against cybersecurity threats (NIST core function).
  99. Recover: Restoring systems after incidents (NIST core function).
  100. Respond: Containing and analysing security incidents (NIST core function).
  101. Security Audit: Reviewing security controls and policies.
  102. Chronicle: A cloud-native tool for data retention, analysis, and search.
  103. Incident Response: Rapidly addressing security breaches.
  104. Metrics: Key technical attributes assessing software performance.
  105. Splunk Cloud: A cloud-based tool for log data collection and monitoring.
  106. Splunk Enterprise: A self-hosted tool for real-time security information and alerts.
  107. Bandwidth: Maximum data transmission rate over a network.
  108. Cloud Computing: Using internet-hosted servers and services.
  109. Data Packet: Basic information unit in network transmission.
  110. Hub: A network device broadcasting information to all connected devices.
  111. Internet Protocol (IP): Standards for routing and addressing network data packets.
  112. Local Area Network (LAN): A network covering a small geographical area.
  113. Media Access Control (MAC) Address: A unique identifier for network devices.
  114. Modem: A device connecting a router to the internet.
  115. Network: A collection of interconnected devices.
  116. Open Systems Interconnection (OSI) Model: A concept explaining communication layers in networks.
  117. Packet Sniffing: Capturing and inspecting network data packets.
  118. Port: A digital location for data transmission between devices.
  119. Router: A device connecting multiple networks.
  120. Speed: Data transmission rate of a device.
  121. Switch: A device connecting specific network devices for data exchange.
  122. TCP/IP Model: A framework for data organisation and transmission across networks.
  123. Analysis: The investigation and validation of alerts 
  124. Broken chain of custody: Inconsistencies in the collection and logging of evidence in the chain of custody
  125. Business continuity plan (BCP): A document that outlines the procedures to sustain business operations during and after a significant disruption
  126. Chain of custody: The process of documenting evidence possession and control during an incident lifecycle
  127. Containment: The act of limiting and preventing additional damage caused by an incident
  128. Crowdsourcing: The practice of gathering information using public input and collaboration
  129. Detection: The prompt discovery of security events
  130. Documentation: Any form of recorded content that is used for a specific purpose
  131. Eradication: The complete removal of the incident elements from all affected systems
  132. Final report: Documentation that provides a comprehensive review of an incident
  133. Honeypot: A system or resource created as a decoy vulnerable to attacks with the purpose of attracting potential intruders
  134. Incident response plan: A document that outlines the procedures to take in each step of incident response
  135. Indicators of attack (IoA): The series of observed events that indicate a real-time incident
  136. Indicators of compromise (IoC): Observable evidence that suggests signs of a potential security incident
  137. Intrusion detection system (IDS): An application that monitors system activity and alerts on possible intrusions
  138. Lessons learned meeting: A meeting that includes all involved parties after a major incident
  139. Open-source intelligence (OSINT): The collection and analysis of information from publicly available sources to generate usable intelligence
  140. Playbook: A manual that provides details about any operational action
  141. Post-incident activity: The process of reviewing an incident to identify areas for improvement during incident handling
  142. Recovery: The process of returning affected systems back to normal operations
  143. Resilience: The ability to prepare for, respond to, and recover from disruptions
  144. Standards: References that inform how to set policies
  145. Threat hunting: The proactive search for threats on a network
  146. Threat intelligence: Evidence-based threat information that provides context about existing or emerging threats
  147. Triage: The prioritising of incidents according to their level of importance or urgency
  148. VirusTotal: A service that allows anyone to analyse suspicious files, domains, URLs, and IP addresses for malicious content
  150. Anomaly-based analysis: A detection method that identifies abnormal behavior 
  151. Array: A data type that stores data in a comma-separated ordered list
  152. Common Event Format (CEF): A log format that uses key-value pairs to structure data and identify fields and their corresponding values
  153. Configuration file: A file used to configure the settings of an application
  154. Endpoint: Any device connected on a network
  155. Endpoint detection and response (EDR): An application that monitors an endpoint for malicious activity
  156. False positive: An alert that incorrectly detects the presence of a threat
  157. Host-based intrusion detection system (HIDS): An application that monitors the activity of the host on which it’s installed 
  158. Intrusion detection systems (IDS): An application that monitors system activity and alerts on possible intrusions
  159. Key-value pair: A set of data that represents two linked items: a key, and its corresponding value
  160. Log: A record of events that occur within an organization’s systems
  161. Log analysis: The process of examining logs to identify events of interest 
  162. Log management: The process of collecting, storing, analyzing, and disposing of log data
  163. Logging: The recording of events occurring on computer systems and networks
  164. Network-based intrusion detection system (NIDS): An application that collects and monitors network traffic and network data
  165. Object: A data type that stores data in a comma-separated list of key-value pairs
  166. Search Processing Language (SPL): Splunk’s query language
  167. Security information and event management (SIEM): An application that collects and analyzes log data to monitor critical activities in an organization 
  168. Signature: A pattern that is associated with malicious activity
  169. Signature analysis: A detection method used to find events interest
  170. Suricata: An open-source intrusion detection system, intrusion prevention system, and network analysis tool
  171. Telemetry: The collection and transmission of data for analysis
  172. Wildcard: A special character that can be substituted with any other character
  173. YARA-L: A computer language used to create rules for searching through ingested log data
  174. Zero-day: An exploit that was previously unknown
  175. Automation: The use of technology to reduce human and manual effort to perform common and repetitive tasks
  176. Boolean data: Data that can only be one of two values: either True or False
  177. Command-line interface: A text-based user interface that uses commands to interact with the computer
  178. Comment: A note programmers make about the intention behind their code
  179. Conditional statement: A statement that evaluates code to determine if it meets a specified set of conditions
  180. Data type: A category for a particular type of data item
  181. Dictionary data: Data that consists of one or more key-value pairs
  182. Float data: Data consisting of a number with a decimal point
  183. Integer data: Data consisting of a number that does not include a decimal point
  184. Integrated development environment (IDE): A software application for writing code that provides editing assistance and error correction tools
  185. Interpreter: A computer program that translates Python code into runnable instructions line by line 
  186. Iterative statement: Code that repeatedly executes a set of instructions
  187. List data: Data structure that consists of a collection of data in sequential form
  188. Loop variable: A variable that is used to control the iterations of a loop
  189. Notebook: An online interface for writing, storing, and running code 
  190. Programming: A process that can be used to create a specific set of instructions for a computer to execute tasks
  191. Set data: Data that consists of an unordered collection of unique values
  192. String data: Data consisting of an ordered sequence of characters
  193. Syntax: The rules that determine what is correctly structured in a computing language
  194. Tuple data: Data structure that consists of a collection of data that cannot be changed 
  195. Type error: An error that results from using the wrong data type
  196. Variable: A container that stores data
  197. Argument (Python): The data brought into a function when it is called
  198. Built-in function: A function that exists within Python and can be called directly
  199. Comment: A note programmers make about the intention behind their code
  200. Function: A section of code that can be reused in a program
  201. Global variable: A variable that is available through the entire program
  202. Indentation: Space added at the beginning of a line of code
  203. Library: A collection of modules that provide code users can access in their programs
  204. Local variable: A variable assigned within a function
  205. Module: A Python file that contains additional functions, variables, classes, and any kind of runnable code
  206. Parameter (Python): An object that is included in a function definition for use in that function
  207. PEP 8 style guide: A resource that provides stylistic guidelines for programmers working in Python 
  208. Python Standard Library: An extensive collection of Python code that often comes packaged with Python
  209. Return statement: A Python statement that executes inside a function and sends information back to the function call
  210. Style guide: A manual that informs the writing, formatting, and design of documents
  211. User-defined function: A function that programmers design for their specific needs
  212. Automation: The use of technology to reduce human and manual effort to perform common and repetitive tasks
  213. Conditional statement: A statement that evaluates code to determine if it meets a specified set of conditions
  214. Debugger: A software tool that helps to locate the source of an error and assess its causes
  215. Debugging: The practice of identifying and fixing errors in code
  216. Exception: An error that involves code that cannot be executed even though it is syntactically correct
  217. File path: The location of a file or directory 
  218. Function: A section of code that can be reused in a program
  219. Integrated development environment (IDE): A software application for writing code that provides editing assistance and error correction tools
  220. Iterative statement: Code that repeatedly executes a set of instructions
  221. Log: A record of events that occur within an organization’s systems 
  222. Logic error: An error that results when the logic used in code produces unintended results
  223. Parsing: The process of converting data into a more readable format
  224. Syntax error: An error that involves invalid usage of a programming language
  225. Variable: A container that stores data
  226. Business continuity plan (BCP): A document that outlines the procedures to sustain business operations during and after a significant disruption
  227. Confidential data: Data that often has limits on the number of people who have access to it
  228. Disaster recovery plan: A plan that allows an organization’s security team to outline the steps needed to minimize the impact of a security incident
  229. Private data: Information that should be kept from the public
  230. Public data: Data that is already accessible to the public and poses a minimal risk to the organization if viewed or shared by others
  231. Security mindset: The ability to evaluate risk and constantly seek out and identify the potential or actual breach of a system, application, or data
  232. Sensitive data: A type of data that includes personally identifiable information (PII), sensitive personally identifiable information (SPII), and protected health information (PHI)

Leave A Comment

All fields marked with an asterisk (*) are required