Chapter 1: Introduction to the Management of Cybersecurity Key terms

Asset

An organizational resource that is being protected. An asset can be logical, such as a website, software information, or data, or it can be physical, such as a person, computer system, hardware, or other tangible object. Assets, particularly information assets, are the focus of what security efforts are attempting to protect.

Information assets

The focus of cybersecurity; information that has value to the organization, and the systems that store, process, and transmit the information.

Security

The state of being secure and free from danger or harm, or the actions taken to make someone or something secure.

Cybersecurity

The protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology. Cybersecurity overlaps with all other security areas.

Computer security

The protection of computerized information processing systems and the data they contain and process.

Communications security

The protection of all communications media, technology, and content.

Network security

A subset of communications security; the protection of voice and data networking components, connections, and content.

Operations security

The protection of the details of an organization’s operations and activities.

Physical security

The protection of physical items, objects, or areas from unauthorized access and misuse; known in industry as corporate security.

Confidentiality

An attribute of information that describes how data is protected from disclosure or exposure to unauthorized individuals or systems. It requires limiting access to information only to those who need it and preventing access by those who do not.

Disclosure

The intentional or unintentional exposure of an information asset to unauthorized parties.

Possession

An attribute of information that describes how the data’s ownership or control is legitimate or authorized.

Integrity

An attribute of information that describes how data is whole, complete, and uncorrupted.

Noise

Additional, disruptive signals in network communications or electrical power delivery.

Availability

The attribute of information that describes how data is accessible and correctly formatted for use without interference or obstruction.

Privacy

The right of individuals or groups to protect themselves and their information from unauthorized access, providing confidentiality.

Information aggregation

The collection and combination of pieces of nonprivate data, possibly resulting in information that violates privacy.

Identification

The access control mechanism whereby unverified entities who seek access to a resource provide a credential by which they are known to the system.

IAAA security framework

An architectural framework that is used to allow access to computer resources, enforce policies, and facilitate audits. It ensures network and computer management and security.

Authentication

The access control mechanism that requires the validation and verification of an entity’s asserted identity.

Authorization

The access control mechanism that matches an authenticated entity to its permitted information assets and corresponding access levels.

Accountability

The access control mechanism that ensures all actions on a system, authorized or unauthorized, can be attributed to an authenticated identity.

Threat

Any event or circumstance that has the potential to adversely affect operations and assets.

Attack

An intentional or unintentional act that can damage or compromise information and systems. Also known as a threat event.

Threat event

An intentional or unintentional act that can damage or compromise information and systems. Also known as an attack.

Threat agent

A specific instance or component of a threat. Also known as a threat source.

Threat source

A specific instance or component of a threat. Also known as a threat agent.

Exploit

A technique used to compromise a system.

Vulnerability

A potential weakness in an asset or its defensive controls.

Availability disruption

An interruption in services that causes an adverse event within the organization.

Service level agreement (SLA)

A document that specifies the expected level of service from a service provider, usually defining minimum acceptable availability and penalties for downtime.

Blackout

A long-term interruption (outage) in electrical power availability.

Brownout

A long-term decrease in the quality of electrical power availability.

Fault

A short-term interruption in electrical power availability.

Sag

A short-term decrease in electrical power availability.

Spike

A short-term increase in electrical power availability; also called a swell.

Swell

A short-term increase in electrical power availability; also called a spike.

Surge

A long-term increase in electrical power availability.

Competitive intelligence

The legal collection and analysis of business competitor information to gain competitive advantage.

Industrial espionage

The illegal collection and analysis of competitor information to gain unfair advantage.

Shoulder surfing

The direct, covert observation of individual information or system use.

Trespass

The unauthorized entry into the real or virtual property of another party.

Hacker

A person who accesses systems and information without authorization, often illegally.

Expert hacker

A hacker with extensive knowledge of hardware and software inner workings; also called elite hacker.

Elite hackers

Hackers with extensive knowledge of computer hardware and software who gain unauthorized access; also known as expert hackers.

Professional hacker

A hacker who conducts attacks for personal gain, organized crime, or a foreign government.

Penetration tester

An authorized cybersecurity professional who tests systems to identify vulnerabilities.

Advanced persistent threat (APT)

A collection of coordinated processes, usually directed by humans, that target specific organizations or individuals.

Novice hacker

A relatively unskilled hacker who uses others’ tools to perform attacks.

Script kiddie

A novice hacker who uses software or scripts written by experts to attack systems.

Packet monkeys

Novice hackers using automated exploits to perform denial-of-service attacks.

Privilege escalation

The unauthorized elevation of user permissions to gain control over system resources.

Jailbreaking

Elevating privileges to gain administrative control over a smartphone OS.

Rooting

Elevating privileges to gain administrative control over a computer system.

Cracker

A hacker who removes or bypasses software copyright protection.

Cracking

Attempting to reverse-engineer or bypass access controls such as passwords or DRM.

Brute-force password attack

An effort to guess passwords by trying all possible combinations.

Dictionary password attack

A brute-force variant that narrows guesses using lists of common passwords or personal info.

Dictionary attack

Same as dictionary password attack; uses a dictionary of possible passwords.

Rainbow table

A database mapping hashed values to plaintext passwords for quick lookups.

Social engineering

Using deception and social skills to trick people into revealing confidential information.

Advance-fee fraud (AFF)

A scam promising a large sum of money for a small upfront fee; also called 4-1-9 fraud.

4-1-9 fraud

A scam promising a large sum of money for a small upfront fee; also called advance-fee fraud.

Phishing

A fraudulent communication disguised as legitimate to extract personal or confidential data.

Spear phishing

A highly targeted phishing attack on a specific person or group.

Pretexting

When an attacker pretends to be an authority to trick victims into revealing information.

Business email compromise (BEC)

A phishing-style attack impersonating executives to manipulate employees.

Information extortion

Theft of confidential data followed by ransom demands to prevent disclosure.

Ransomware

Malware that encrypts valuable data and demands payment for decryption.

Intellectual property (IP)

The ownership and control of original ideas or creative works.

Software piracy

The unauthorized duplication or distribution of copyrighted software.

Hacktivists

Attackers disrupting systems to protest organizations or governments; also called cyberactivists.

Cyberactivists

Attackers disrupting systems for political or social causes; also called hacktivists.

Cyberterrorism

Carrying out terrorist activities online.

Cyberwarfare

State-sanctioned cyber operations between nations.

Information warfare

State-sponsored offensive cyber operations; synonymous with cyberwarfare.

Tactics, techniques, and procedures (TTP)

The structured behaviors of attackers, from high-level tactics to detailed procedures.

Malware

Malicious or unwanted software code designed to harm systems.

Malicious code

Software written to perform harmful or unauthorized actions; synonymous with malware.

Malicious software

Software written to perform harmful or unauthorized actions; synonymous with malicious code.

Virus

Malware attached to other executable programs.

Macro virus

A virus written in a macro language targeting specific applications.

Boot virus

A virus that infects the boot sector or MBR of storage media.

Boot-sector virus

A virus that infects the boot sector or MBR; same as boot virus.

Worms

Malware capable of self-replication without attaching to other programs.

Trojan horses

Malware disguised as legitimate software that activates its true behavior when run.

Polymorphic threats

Malware that changes its appearance to evade antivirus detection.

Back door

Malware providing access to a system by bypassing normal controls; also called trap door or maintenance hook.

Trap door

A malware access method bypassing controls; also called back door or maintenance hook.

Maintenance hooks

Malware features that bypass controls for access; also called back doors or trap doors.

Denial-of-service (DoS) attack

An attack that overwhelms a target’s capacity, blocking legitimate access.

Distributed denial-of-service (DDoS) attack

A coordinated DoS attack from many compromised systems.

Bots

Automated programs remotely controlled to perform attacks; also called zombies.

Zombie

Automated program remotely commanded to perform attacks; also called bot.

Spam

Unsolicited bulk commercial email.

Clickbait

Content crafted to lure clicks, often installing malware or generating ad revenue.

Mail bomb

An attack that floods a recipient’s inbox with excessive email.

Packet sniffer

Software or hardware that intercepts and analyzes network traffic; also called network sniffer.

Network sniffer

Software or hardware that intercepts and analyzes network traffic; also called packet sniffer.

IP spoofing

Using forged IP addresses to impersonate trusted sources.