glossary

While the following is not an exhaustive list, it does cover many of the common cybersecurity terms that are introduced throughout this book or that you may encounter as you explore launching your career. The intention is to give you some exposure to these terms so you can conduct your own additional learning to fully understand them.

advanced persistent threat (APT) Specific threat actors or threat actor groups who stealthily gain access to a system and maintain that access for an extended period of time to compromise additional systems and expand their access and impact.

allow list A list of known values that are permitted to pass a particular security control, also known as a white list, although that term has fallen out of favor.

application security The collection of practices within an organization designed to ensure the security of software developed by the software engineering teams.

ARPANET The Advanced Research Projects Agency Network, an experimental network of networks that connected the computer networks of various independent entities together and was the predecessor of what we know today as the internet.

asset inventory A catalog of all known digital and physical information technology within an organization.

authentication The process of determining whether an entity is who they claim to be.

authorization The process of defining and/or verifying that an entity is allowed to access a particular resource. blue team Cybersecurity professionals who are engaged in defending digital systems and users from attackers.

botnet A group of computers that have been compromised by an attacker for purposes of launching additional attacks.

breach An event in which an attacker is able to successfully bypass security controls to gain unauthorized access.

buffer overflow A type of attack in which the attacker is able to overwrite system memory and thus modify data or the instructions being executed by the computer system’s processor.

bulletin board system (BBS) Computer software that allows users to connect, usually via a modem, and interact with other users in a text-only environment. Users can upload/download files, read posts from other users, and post their own information. The BBS was a popular way for hackers to interact and share information before the age of the internet.

business information security officer (BISO) The leader of a cybersecurity program for a division, group, or business line within an organization.

call for papers (CFP) A solicitation of members of the community to propose presentations and other educational sessions at a conference or event.

capture the flag (CTF) An activity in which users are tasked with finding various indicators (flags) within a system, typically by executing some form of attack. Often these are set up as competitions, with hackers attempting to break into various aspects of a system to find the flags.

chief information security officer (CISO) The executive leader of an entire organization’s cybersecurity program.

ciphertext Data that is created by passing known data through an encryption process.

cloud A service providing computing resources that people and organizations can use, typically in lieu of building and maintaining their own information technology systems.

command and control (C2) The centralized system or network that controls the members of a botnet from which attackers can launch their attacks.

Compatible Time Sharing System (CTSS) A computer system launched by MIT in the early 1960s that allowed multiple users to access the same system simultaneously. In addition to being the first system to do so, it is credited as the first known computer system to leverage user passwords to authenticate multiple users.

compromise Exposure of a resource to an unauthorized attacker.

Computer Emergency Response Team (CERT) A division within the Software Engineering Institute of Carnegie Mellon University that studies cybersecurity issues and works with various entities in the government and industry to create solutions.

confidentiality, integrity, availability (CIA) triad A model for discussing the goals of security controls. Confidentiality refers to protecting resources from being viewed by unauthorized parties. Integrity refers to protecting resources from unauthorized modifications. Availability refers to keeping a resource available for access by authorized parties.

configuration management database (CMDB) A catalog of information about the information technology assets within an organization and detailed descriptions of how they’re configured.

control A safeguard or countermeasure that is put in place to reduce the risk of system compromise.

cross-site scripting (XSS) A form of web application attack that allows the attacker to cause unintended data to be returned to a victim’s web browser. This attack is described in more detail in the OWASP Top 10 Web Application Security Risks.

cryptography The practice of protecting data from being accessed by unauthorized parties by applying a complex mathematical rule to the data to change it in such a way that it cannot be reverted without knowledge of the rule used.

Cybersecurity and Infrastructure Security Agency (CISA) A US government agency, part of the Department of Homeland Security, created in 2018 to help manage cybersecurity across government agencies and the nation’s critical infrastructure.

cybersecurity industry A community of people and organizations interested in protecting digital systems throughout all facets of our society.

data center A physical facility that houses an organization’s information technology systems and provides the required power, air cooling, and other infrastructure for their continued operation and use.

data loss prevention (DLP) The practices and controls implemented by an organization to protect against users exposing confidential information to unauthorized parties via intentional or unintentional means.

denial of service (DoS) A form of attack in which the attacker seeks to make a particular system or resource unavailable for use.

deny list A list of known values that are not permitted to pass a particular security control, also known as a black list, although that term has fallen out of favor.

DevOps A model of software development in which software engineers (developers) work together with the teams that support the software once it is complete (operations) to make the process as efficient as possible.

DevSecOps The integration of security practices into the DevOps model.

digital certificate An electronic key, also called a public key, used to encrypt data before it is transmitted or stored in a location. A private key is then required to reverse the cryptography to decrypt the data.

digital forensics A cybersecurity discipline that focuses on analyzing various aspects of a system to determine events that have occurred and potentially preserve evidence of those events.

digital forensics and incident response (DFIR) The combination of two related disciplines of digital forensics and incident response.

disaster recovery (DR) The process by which an organization is able to respond to events that adversely impact their systems or their ability to conduct business and restore services.

distributed denial of service (DDoS) An attack in which the attacker uses a large number of systems, often from a botnet, to launch a DoS attack against a victim’s system. The aim is ultimately to overwhelm the target system and cause it to be unavailable for legitimate use.

egress The process of data leaving a system.

encryption Applying a cryptographic method to data to make it unreadable to unauthorized parties.

ethical hacker A hacker, usually employed or contracted by an organization, who attacks the organization’s systems in an attempt to identify security vulnerabilities and determine how they can be fixed. Also referred to as a penetration tester.

exploit The act of using a security vulnerability to gain unauthorized access to a system. The term is also often used to describe the actual tactics involved.

firewall A network device or software that controls access to a network or the resources within the network by analyzing network requests and applying rules that specify what should be allowed or not allowed.

fuzzing An automated technique for testing a system for security flaws or coding errors by sending various forms of invalid or unexpected data.

governance, risk, compliance (GRC) A strategy for managing various aspects of an organization’s information technology approach to ensure that it supports the business. Governance refers to using policies and standards that ensure that processes support the business goals. Risk refers to identifying and responding to factors that may negatively impact the accomplishment of business goals. Compliance refers to ensuring that the business’s practices meet requirements of laws and regulations that apply to the business.

handles The pseudonyms people use as identifiers on various social media or other platforms. Handles are often leveraged as a way to maintain a level of anonymity.

hash A cryptographic method producing a string of characters that is of a fixed expected length and cannot be reversed back to the original data.

honey pot A decoy system designed to trick attackers into launching their attacks against it, allowing defenders time to detect and respond to the attacker before they target legitimate systems.

identity and access management (IAM) A framework of practices, processes, and technologies for providing authentication and authorization to information technology systems.

incident response (IR) The process or discipline for responding to events that could adversely impact (or already have impacted) information technology systems and/or the business processes they support.

indications of compromise (IOC) Data found through digital forensics techniques that potentially identify malicious activity on a given system.

industrial control systems (ICSs) Information technology systems that are used to manage physical systems such as manufacturing machines, utilities instruments and controls, and so forth.

information security The function of a business associated with protecting its information technology assets from threats.

information technology The set of digital systems (including computers, networks, and peripheral devices) that organizations rely on to conduct business.

ingress The process of data entering a system.

insider threat People within an organization who could potentially cause harm to the organization by intentionally or unintentionally compromising systems or data.

Internet of Things (IoT) Devices people traditionally use in everyday life whose purpose is not to provide computing capability yet contain some level of computer processing to allow them to connect to networks and interact with other digital systems (for example, smart refrigerators and fitness trackers).

intrusion detection system (IDS) A system that monitors the activity on a network or system to identify potential attacks and provide alerts to defenders.

intrusion prevention system (IPS) A system that monitors the activity on a network or system to identify potential attacks and prevent them from completing successfully while also providing alerts to defenders.

least privilege A framework for ensuring that users are authorized to access only the minimum functions and resources they require for a particular purpose, task, or job.

malware Malicious software designed to compromise a computer system, providing unauthorized access to an attacker.

mitigating control A security approach that doesn’t specifically resolve a particular threat but lessens the overall risk posed by that threat.

multifactor authentication (MFA) The use of multiple forms (factors) of proof to authenticate a user. For instance, something they know (a password) and something they have (a code from a phone app) would be two factors for authentication.

National Institute of Standards and Technology (NIST) A nonregulatory agency of the US government, founded in 1901 as part of the Department of Commerce, that sets various standards—including for cybersecurity.

Open Systems Interconnection (OSI) model A seven-layer model describing the various functions that allow computers to communicate over a network.

Open Web Application Security Project (OWASP) A nonprofit organization, founded in 2001, that focuses on various projects and initiatives to improve the security of software.

penetration tester A hacker, usually employed or contracted by an organization, who attacks the organization’s systems in an attempt to identify security vulnerabilities and determine how they can be fixed. Also referred to as an ethical hacker.

phishing Sending specially crafted emails in an attempt to get the recipient to respond in a way that exposes their private data or allows malware/ransomware to compromise their system.

piggybacking Knowingly allowing a second person to pass through a control point (such as a locked door or turnstile) without authenticating themselves first.

port scan The act of attempting to determine what services a network-connected system is running by sending nonmalicious traffic to the system to determine how it responds.

purple team A team comprising members of a red team (conducting attacks against a network or system) who work in collaboration with the defenders (blue team) to improve defensive controls to block those types of attacks that were successful.

ransomware A specific type of malware that, after compromising a system, encrypts files and data to make them unavailable to the user or organization and then demands a ransom to be paid in order to decrypt the data and recover access to it.

red team Cybersecurity professionals who are engaged in identifying security vulnerabilities in systems and software by attempting to mimic the tactics and techniques of attackers.

remote code execution (RCE) The result of exploiting a security vulnerability in a way that allows the attacker to run unauthorized commands on the compromised system.

repudiation/nonrepudiation The ability to deny the validity of a piece of data (repudiation) or the assurance that such disputes cannot be made (nonrepudiation). For instance, providing indisputable identification of the user responsible for executing a specific action on a computer system would be non-repudiation.

reverse engineer To deconstruct a piece of software down to some level of source code representation so that its functionality can be analyzed without executing it.

risk The probability that a specific threat will be able to compromise a system. Typically, it is a value derived by considering the likelihood of a compromise and the potential impact to the system or business should a compromise occur.

security assessment and verification The set of processes for analyzing the strength and resilience of systems and software.

security incident and event management (SIEM) A system that collects information from various information technology systems and provides the capability to analyze and respond to events, often in an automated fashion.

security operations center (SOC) A centralized part of an organization tasked with monitoring and managing security controls that are running in the organization’s information technology systems. Can also be used to refer to the specific location or locations where the security operations team is located.

security operations team The team tasked with monitoring and managing security controls that are running in an organization’s information technology systems.

shared responsibility The idea that two groups have some level of responsibility for the success of a business objective. Within DevSecOps, this refers to all three disciplines being expected to support efficient development of stable software that is secure. The cloud shared responsibility model refers to a division of responsibilities between the cloud vendor and the customer to secure the systems that are deployed in the cloud.

social engineering The discipline of using deception to manipulate the way people respond in a given situation in order to bypass security controls.

software development life cycle (SDLC) The set of repeatable processes by which an organization’s software engineering teams create, test, and deploy software.

software security The collection of practices within an organization designed to ensure the security of all software that is deployed in the organization’s environment, whether created by the organization or provided by a third-party vendor.

spear phishing Sending specially crafted emails in an attempt to get the recipient to respond in a way that exposes their private data or allows malware/ransomware to compromise their system. Spear refers to using specific knowledge of the targeted person to create a more convincing false email.

spoofing Disguising the source of a particular request or action in an attempt to bypass security controls or obscure the entity responsible.

SQL injection (SQLi) A type of application attack in which an attacker can execute commands against an application’s database by sending specially crafted data to the application’s user interface.

tactics, techniques, and procedures (TTP) The set of common activities that make up a pattern of attack and that can then be attributed to a particular type of attack or even group of malicious attackers.

tailgating The process of a second person passing through a control point (such as a locked door or turnstile) without the knowledge of the authenticated person ahead of them.

threat A malicious action or actor seeking to compromise systems for various purposes.

threat modeling Analyzing a system to understand the likely threats it faces, with the goal of proactively designing countermeasures to address those threats.

virus A subset of malware, this malicious code is designed to impact a system’s functionality or gain unauthorized access to the system while also spreading itself to other systems.

vulnerability A flaw or weakness in a system that could allow an attacker to bypass other security controls of the system.

vulnerability management The practice within an organization of actively attempting to identify and remediate security vulnerabilities across systems and software.

web application firewall (WAF) A specific form of firewall that analyzes requests sent to a web application to identify and defend against potential attacks.

worm A subset of malware, this form of malicious software spreads itself from one system to another via the network. It is different from a virus in that it doesn’t necessarily impact system functionality or gain additional access.

zero trust A model for implementing security controls in which all components of a system are treated as untrusted by all other components of the system, and therefore all interactions must first go through authentication and authorization.