Cybersecurity Glossary of Terms

Attribute Based Access Control - an advanced method for managing access rights for people and systems connecting to networks and assets.

Access Control dictate who has access to what information, applications, and resources within a network.

Advanced Persistent Threats know how to find a vulnerability; a way to enter into your so-called secured firewall.

Assume Breach - the principle that you’ve accepted (i.e. you assume) that a breach will or already has occurred in the network. This supports the concept that there will always be 0-day exploits and allows quicker identification of secondary and tertiary steps of an attack.

Amazon Web Services Simple Storage Service - a popular cloud storage and service platform .

Blockchain is a system of recording information in a way that makes it difficult or impossible to change, hack, or cheat the system.

Bring Your Own Device networks allow employees to use their personal devices (smartphones, personal computers, tablets, or USB drives) to connect to their employer’s networks and access work-related systems.

Covered Defense Information

Critical Security Controls for Effective Cyber Defense are the 20 controls are based on the latest information about common attacks and reflect the combined knowledge of commercial forensics experts, individual penetration testers and contributors from U.S. government agencies.

Control Objectives for Information and Related Technologies - a framework created by the Information Systems Audit and Control Association for IT governance and management.

Controlled Unclassified Information

Days of Effort is equal to a minimum of 8 hours of work. A typical Red Team day often exceeds 8 hours.

Distributed denial-of-service attack - a common attack that renders services unreachable by overwhelming a network with traffic.

Defense Federal Acquisition Regulation Supplement

Family Educational Rights and Privacy Act - the highest security regulation for the education sector calls for the privacy of student records at all institutions that receive federal funding.

File Integrity Monitoring

Federal Information Security Management Act - a framework for protecting government data and assets that extends to federal contractors (higher education institutions).

General Data Protection Regulation - a regulation that requires businesses to protect the personal data and privacy of European Union citizens for transactions that occur within EU member states.

Gramm-Leach-Bliley Act. This act requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data.

Governance, Risk, and Compliance

Grey-box is penetration test where some information is available beforehand such as provided log in credentials, but not all information such as a full list of IP ranges or a network map.

Health Insurance Portability and Accountability Act. HIPAA was signed into law in 1996. It provides security provisions and data privacy in order to keep patients’ medical information safe.

High-Reliability Organization - an organization robust and resilient enough to achieve operational excellence when a single error has massive consequences.

Hardware Security Module

Intrusion Detection Systems

Interviewing - the process of conducting discussions with individuals or groups within an organization to facilitate understanding, achieve clarification, or identify the location of evidence. Assessment results are used to support the determination of security control effectiveness over time.

Intrusion Prevention System

Information Systems Audit and Control Association

Managed Detection and Response - outsourced cybersecurity services designed to protect your data and assets even if a threat eludes common organizational security controls. MDR services combine advanced analytics, threat intelligence, and human expertise in incident investigation and response deployed at the host and network levels.

Multi-Factor Authentication. MFA is vastly more secure than a simple password login and is becoming a specific standard in compliance regulations.

MITRE ATT&CK® is a globally-accessible knowledge base of cyber adversary tactics and techniques based on real-world observations.

Managed Security Services Provider An organization that provides hands-on cybersecurity services to support ongoing management, monitoring, threat protection, detection, and response capabilities. Typically provided from a Security Operations Center.

North American Electric Reliability Corporation - Critical Infrastructure Protection - a set of requirements designed to secure the assets required for operating North America's bulk electric system.

National Institute of Standards and Technology

Payment Card Industry Data Security Standard applies to any size merchant that accepts credit cards, processes, stores, transmits credit card transactions and data.

Public Key Infrastructure

Qualified Security Assessor - an individual who is certified with qualifications from the PCI Security Standards Council that can test and prove an organization’s compliance with PCI DSS standards.

Role-Based Access Controls are the dominant method of AC used today. Administrators define roles then specify access control rights for those roles. Each user then gets assigned a role, effectively bucketing a set of privileges with a single attribute.

Risk Management Framework

Address allocation for private internets.

Supply Chain Risk Management

Security Barrier may be personnel or technical security control that interferes with the red team progressing through the assessment.

Security Event Management systems store and interpret logs for real-time security event analysis enabling defensive actions to be taken more quickly.

Security Information Management systems collect data for trend analysis and provide automated reporting.

Security Information and Event Management is the combination of SEM and SIM and is the way all the security data in your enterprise can be simplified and visualized so your in-house IT staff can take action right away at the first sign of a problem.

Security Management Appliance. The SMA will replicate an Assume Breach on your network. It does this by acting as if an internal endpoint or server is already compromised. It can then act with the assumption that an attacker has gained internal network access.

Server Message Block - a network protocol that enables users to communicate with remote computers and servers — to use their resources or share, open, and edit files.

Security Operations Center

The Sarbanes-Oxley Act of 2002 is U.S. law meant to protect investors from fraudulent accounting activities by corporations.

Unclassified Controlled Technical Information Rule

Unified Security Management

Unified Threat Management