Access control list (ACL)   A list of rules that control the manner in which a resource may be accessed.

Accreditation   The formal acceptance of the adequacy of a system’s overall security and functionality by management.

Administrative control   Security mechanisms implemented by management primarily through policies and procedures; also known as a management or policy control.

Advanced persistent threat (APT)   The name given to any number of stealthy and continuous computer-hacking efforts, often coordinated and executed by an organization or government with significant resources over a longer period of time.

Anomaly analysis   Any technique focused on measuring the deviation of some observation from some baseline and determining whether that deviation is statistically significant.

Assessment   A process that gathers information and makes determinations based on it.

Audit   A systematic inspection by an independent third party, oftentimes driven by regulatory compliance requirements.

Beaconing   A periodical outbound connection between a compromised computer and an external controller.

Black hole   A device that is configured to receive any and all packets with a specific source or destination address and not respond to them at all.

Blue team   The group of participants who are the focus of a training event or exercise; they are usually involved with the defense of the organization’s infrastructure.

Certification   The comprehensive technical evaluation of the security components of a system and their compliance with applicable regulations.

Chain of custody   A history that shows how evidence was collected, transported, and preserved at every stage of the investigation process.

Cloud computing   The use of shared, remote computing devices for the purpose of providing improved efficiencies, performance, reliability, scalability, and security.

Compensating control   A security control that satisfies the requirements of some other control when implementing the latter is not possible or desirable.

Containment   Actions that attempt to deny the threat agent the ability or means to cause further damage.

Control Objectives for Information and Related Technologies (COBIT)   A framework and set of control objectives developed by ISACA and the IT Governance Institute that defines goals for the controls that should be used to properly manage IT and to ensure that IT maps to business needs.

Cross-site scripting (XSS)   A vulnerability in a web application that allows malicious users to execute arbitrary client-side scripts.

DNS sinkhole   A technique that responds to DNS queries for malicious domains with IP addresses that do not correspond to the adversaries’ intended hosts, thus preventing malware from communicating effectively.

Dual control   A practice that requires involvement of two or more parties to complete a task.

E-mail harvesting   The process of acquiring e-mail addresses, oftentimes for the purpose of compromising the targets’ information systems.

Evaluation   An event that compares observations with specific values or criteria and reports the difference, if any, between them.

Event   Any occurrence that can be observed, verified, and documented.

False positive   A report that states that a given condition is present when in fact it is not.

Firewall   A device that permits the flow of authorized data through it while preventing unauthorized flows.

Forensic acquisition   The process of extracting the digital contents from seized evidence so that they may be analyzed.

Fuzzing   A technique used to discover flaws and vulnerabilities in software by sending large amounts of malformed, unexpected, or random data to the target program in order to trigger failures.

Hardening   The process of securing information systems by reducing their vulnerabilities and functionality.

Hashing function   A one-way function that takes a variable-length sequence of data such as a file and produces a fixed-length result called a “hash value”; sometimes referred to as a digital fingerprint.

Heuristic   A “rule of thumb” or any other experience-based, imperfect approach to problem solving.

Heuristic analysis   The application of heuristics to find threats in practical, if imperfect, ways.

Honeynet   A network of devices that is created for the sole purpose of luring an attacker into trying to compromise it.

Host-based intrusion detection system (HIDS)   An IDS that is focused on the behavior of a specific host and packets on its network interfaces.

Incident   One or more related events that compromise the organization’s security posture.

Incident response   The process of negating the effects of an incident on an information system.

Industrial control system (ICS)   A cyber-physical system that allows specialized software to control the physical behaviors of some system.

Information Technology Infrastructure Library (ITIL)   A customizable framework that provides the goals of internal IT services, the general activities necessary to achieve these goals, and the input and output values for each process required to meet these determined goals.

Input validation   An approach to protect systems from abnormal user input by testing the data provided against appropriate values.

Interception proxy   A relay system between a client and a server that allows all messages to be examined before being forwarded to their destinations.

International Organization for Standardization (ISO)   An independent, nongovernmental international organization that is the world’s largest developer and publisher of international standards.

Intrusion detection system (IDS)   A system that identifies violations of security policies and generates alerts.

Intrusion prevention system (IPS)   A form of IDS that is able to stop any detected violations.

Isolation   A state in which a part of an information system, such as a compromised host, is prevented from communicating with the rest of the system.

Jump box   A computer that serves as a jumping-off point for external users to access protected parts of a network.

Logical control   A software or hardware tool used to restrict access to objects; also known as a technical control.

Man-in-the-middle attack   An attack in which an adversary intercepts communications between two endpoints in order to obtain illicit access to message contents and potentially alter them.

Mandatory access control (MAC)   A policy in which access controls are always enforced on all objects and subjects.

National Institute for Standards and Technology (NIST)   An organization within the U.S. Department of Commerce that is charged with promoting innovation and industrial competitiveness.

NetFlow   A Cisco proprietary protocol for the collection and distribution of IP traffic statistics.

Netstat   A popular command-line interface tool that provides information on the status of network connections and listening sockets.

Network segmentation   The practice of separating various parts of the network into subordinate zones in order to thwart adversaries’ efforts, improve traffic management, and prevent spillover of sensitive data.

Network-based intrusion detection system (NIDS)   An IDS that is focused on the packets traversing a network.

Nmap   A popular open source tool that allows the mapping of network hosts and the ports on which they are listening.

Open Web Application Security Project (OWASP)   An organization that promotes web security and provides development guidelines, testing procedures, and code review steps.

Operational control   Safeguard that deters, delays, prevents, detects, or responds to threats against physical property; also known as a physical control.

Packet analyzer   A tool that captures network traffic, performs some form of analysis on it, and reports the results; also known as a network or packet sniffer.

Patch management   The process by which fixes to software vulnerabilities are identified, tested, applied, validated, and documented.

Patching   The application of a fix to a software defect.

Payment Card Industry Data Security Standard (PCI DSS)   A global standard for protecting stored, processed, or transmitted payment card information.

Penetration test   The process of simulating attacks on a network and its systems at the request of the owner or senior management for the purpose of measuring an organization’s level of resistance to those attacks and to uncover any exploitable weaknesses within the environment.

Personal health information (PHI)   Information that relates to an individual’s past, present, or future physical or mental health condition.

Personally identifiable information (PII)   Information, such as social security number or biometric profile, that can be used to distinguish an individual’s identity.

Phishing   The use of fraudulent e-mail messages to induce the recipient to provide sensitive information or take actions that could compromise their information systems; a form of social engineering.

Physical control   Safeguard that deters, delays, prevents, detects or responds to threats against physical property; sometimes called an operational control.

Public Key Infrastructure (PKI)   A framework of programs, procedures, communication protocols, and public key cryptography that enables a diverse group of individuals to communicate securely.

Red team   A group that acts as adversaries during a security assessment or exercise.

Regression testing   The formal process by which code that has been modified is tested to ensure no features and security characteristics were compromised by the modifications.

Regulatory environment   An environment in which the way an organization exists or operates is controlled by laws, rules, or regulations put in place by a formal body.

Remediation   The application of security controls to a known vulnerability in order to reduce its risk to an acceptable level.

Remote Authentication Dial-In User Service (RADIUS)   An authentication, authorization, and accounting (AAA) remote access protocol.

Reverse engineering   The process of deconstructing something in order to discover its features and constituents.

Risk   The possibility of damage to or loss of any information system asset, as well as the ramifications should this occur.

Risk appetite   The amount of risk that senior executives are willing to assume.

Rootkit   A typically malicious software application that interferes with the normal reporting of an operating system, often by hiding specific resources such as files, processes, and network connections.

Sandbox   A type of control that isolates processes from the operating system to prevent security violations.

Sanitization   The process by which access to data on a given medium is made infeasible for a given level of effort.

Security information and event management (SIEM)   A software product that collects, aggregates, analyzes, reports, and stores security information.

Security policy   An overall general statement produced by senior management (or a selected policy board or committee) that dictates what role security plays within the organization or that dictates mandatory requirements for a given aspect of security.

Separation of duties   A practice that divides critical functions into subordinate tasks and ensures no one person can perform all these tasks, which prevents any single individual from disrupting business-critical processes or making untested administrative changes across an organization.

Sherwood Applied Business Security Architecture (SABSA)   A layered security architecture model in which the higher layers define policies and the lower layers progressively lead to practical implementation, thus providing a chain of traceability.

Social engineering   The manipulation of people in order to get them to take actions that they otherwise wouldn’t have and that typically involve a violation of a security policy or procedure.

Social media profiling   The process of obtaining and analyzing information about specific individuals from social media for the purpose of creating profiles that may include identifying information, preferences, and vulnerabilities.

Spear phishing   Phishing attempts directed at a specific individual or group.

Static code analysis   A technique that is meant to help identify software defects or security policy violations and is carried out by examining the code without executing the program.

Stress test   A test that places extreme demands that are well beyond the planning thresholds of the software in order to determine how robust it is.

Supervisory Control and Data Acquisition (SCADA)   A system for remotely monitoring and controlling physical systems such as power and manufacturing plants over large geographic regions.

syslog   A popular protocol used to communicate event messages.

Technical control   A software or hardware tool used to restrict access to objects; also known as a logical control.

Terminal Access Controller Access Control System (TACACS)   An authentication, authorization, and accounting (AAA) remote access protocol.

The Open Group Architecture Framework (TOGAF)   A framework that provides an approach to design, implement, and govern an enterprise information architecture at four levels: business, data, applications and technology.

Trend analysis   The study of patterns over time in order to determine how, when, and why they change.

Trusted foundry   An organization capable of developing prototype or production-grade microelectronics in a manner that ensures the integrity of its products.

Virtual private network   A system that connects two or more devices that are physically part of separate networks and allows them to exchange data as if they were connected to the same local area network.

Vulnerability   A flaw in an information system that can enable an adversary to compromise the security of that system.

Whaling   Spear phishing aimed at high-profile targets such as executives.

White team   The group of people who plan, document, assess, or moderate a training exercise.

Write blocker   A device that prevents modifications to a storage device while its contents are being acquired.

Zero day   A vulnerability or exploit that is unknown to the broader community of software developers and security professionals.