The world of cyber security can often be an obscure one. So to provide some clarity and understanding here is a list of some common terms and their meaning.
APT - Advanced Persistent Threats - An advanced attack in which access is gained to an organisations network and then remains undetected for an extended period of time.
Application Security - Analysis and best practice for application coding to reduce future weakness.
Cyber Attack - A cyber attack is an attempt to steal data, damage assets or destroy a computer network.
Cyber Threat - A potential or imminent cyber attack.
Cyber Security - The protection of an organisations data, networks, hardware assets and software.
Data Breach - The intentional or unintentional release of secure, private or confidential information. Either to a specific threat actor with a goal to obtain it or to the general public for malicious damage to reputation.
Data Loss Prevention (DLP) - Automated monitoring typically of organisation email, internet access and file transfers to ensure there is no deliberate or accidental leakage of sensitive data.
Denial of Service - This is where an attacker floods an organisations systems with a view to overwhelm resources and bandwidth causing a collapse or slow down, meaning actual requests are unable to be fulfilled. A Distributed Denial of Service (DDoS) is when multiple compromised devices are used in a coordinated effort to achieve this at a much larger scale.
Endpoint Security - Server and workstation software installed to protect against Malware and APT.
File Integrity Monitoring -Monitoring of all files in a computer system to see if they have been changed. Shining a light on any unauthorised activity typically demonstrated by a virus.
Firewall Policy Governance & Assurance - Having firewalls in place is half the battle, ensuring they have the right rules, management and oversight is paramount.
Host Intrusion Management - Comprising of Host Intrusion Detection System (HIDS) which looks for suspicious activity and Host Intrusion Prevention System (HIPS) which actually blocks traffic.
Identity & Access Management - Management of all user access to both systems and applications. Enabling user access reviews (UAR's) and segregation of duties from an operational risk perspective.
Intrusion Detection System - A device or application that monitors for malicious activity or policy violations.
Malware - Forms of malicious code such as viruses, worms, trojans, spyware, ransomware, adware and other compiled code executable used to compromise systems.
Man in the middle attack - (MitM) attacks often referred to as 'eavesdropping' is when an attacker breaches a two party communication in order to steal information. This is quite commonly seen on public wifi which is unsecured.
Penetration Testing - Ethical hacking (often referred to as PEN testing) to understand vulnerabilities.
Phishing - Not to be confused with a nice day out on the water, but rather this is the use of fraudulent communications (such as a hoax email) to lure a victim in an organisation to click links containing malware compromising a system.
Privacy Impact Assessment - Assessment of level of privacy or sensitivity of client data held by an organisation.
Privileged access - High tier system and application access for those such as system and data administrators, compliance, operational risk teams and auditors.
Ransomware - This is when a malicious threat actor steals/accesses data and then encrypts it holding the owner of the data at ransom to unlock it so they can resume their business. Payment is usually requested in non-traceable form such as crypto-currency.
Red Teaming - An individual or team play an adversarial role using out of the box thinking to find any weakness in your organisation to achieve a goal often targeting social engineering, physical security breaches, process weakness and PEN testing to thoroughly test security.
Risk - Exposure to danger or hazards.
Secure Data Encryption & Key Management - Encryption of data both at rest and in transit (typically cryptographic encryption) and the corresponding security keys to decrypt said data.
Security Information & Event Monitoring (SIEM) - Typically real time monitoring of logs in order to identify threats to the network, endpoints and applications.
SOE & Non-SOE Workstation Security - Standard Operating Environment or Non- Standard Operating Environment - essentially the environment assigned to each laptop or desktop on your organisations network.
Supplier Security Assessment - The weakest link in the chain is most often the target by an attacker. A supplier security assessment reviews vendors and suppliers cyber security of your organisations data that is shared, stored and its use.
Threat Actor - Someone who is intends to carry out or is performing a cyber attack usually one of four; Nation states, organised crime, hacktivists or insiders.
Threat Landscape - The world of external environment potential threats or risks to your organisation.
Zero-day exploit - A zero day is a vulnerability present since inception of a product. Once identified by a threat actor there is a window of time before these vulnerabilities are patched by an organisation using the product for them to target this weakness.