supply chain to replication

Supply chain

The network of entities involved in the production and distribution of a product.

Human vectors/social engineering

Methods of manipulating individuals to gain unauthorized access.

Phishing

A fraudulent attempt to obtain sensitive information.

Vishing

A phishing attack conducted over voice calls.

Smishing

A phishing attack conducted over SMS.

Misinformation/disinformation

False or misleading information spread intentionally.

Impersonation

Pretending to be someone else to deceive others.

Business email compromise

A fraudulent email targeting businesses for financial gain.

Pretexting

Creating a false pretense to gain information or access.

Watering hole attack

Compromising a website frequented by a target group.

Brand impersonation

Pretending to be a trusted brand to deceive others.

Typosquatting

Registering a domain similar to a popular one to deceive others.

Segmentation

The practice of dividing a network into smaller subnetworks to enhance security by isolating critical systems from less secure systems.

Access control list (ACL)

A list of permissions attached to an object that specifies who can access it, helping to control and manage access to resources.

Permissions

The level of access granted to a user or group for a specific resource, ensuring that only authorized individuals can perform certain actions.

Application allow list

A list of approved applications that are allowed to run on a system, preventing unauthorized or malicious software from executing.

Isolation

The practice of keeping critical systems separate from less secure systems to minimize the risk of unauthorized access and potential compromise.

Patching

The process of applying updates and fixes to software or systems to address vulnerabilities and ensure they are up to date with the latest security measures.

Encryption

The process of encoding information to make it unreadable without a decryption key, providing confidentiality and protecting sensitive data from unauthorized access.

Monitoring

The act of observing and analyzing system activities to detect and respond to security incidents, enabling proactive threat detection and incident response.

Least privilege

The principle of granting users only the permissions necessary to perform their specific tasks, reducing the potential impact of a compromised account.

Configuration enforcement

The practice of ensuring that systems and devices adhere to established security configurations, minimizing the risk of misconfigurations and vulnerabilities.

Decommissioning

The process of retiring or removing a system or device from service, ensuring that it is properly disposed of and no longer poses a security risk.

Hardening techniques

Security measures implemented to reduce the vulnerability of a system or network, making it more resistant to attacks and unauthorized access.

Installation of endpoint protection

The deployment of security software on individual devices to protect against threats, safeguarding endpoints from malware, viruses, and other malicious activities.

Host-based firewall

A firewall that operates at the individual device level to control incoming and outgoing network traffic, providing an additional layer of defense against unauthorized access.

Host-based intrusion prevention system (HIPS)

A security system that monitors and analyzes network traffic on an individual device to detect and prevent intrusions, enhancing the overall security posture.

Disabling ports/protocols

The act of turning off or deactivating specific network ports or protocols to reduce the attack surface and minimize potential vulnerabilities.

Default password changes

The requirement for users to change default passwords to enhance security, preventing unauthorized access to systems or devices using default credentials.

Removal of unnecessary software

The process of uninstalling or disabling software that is not required for system functionality, reducing the potential attack surface and minimizing vulnerabilities.

Application

A software program that performs specific functions on a computer.

Memory injection

A technique of introducing malicious code into a computer's memory.

Buffer overflow

A vulnerability that occurs when a program writes more data to a buffer than it can hold, leading to memory corruption.

Race conditions

A situation in which the behavior of a program depends on the relative timing of events.

Time-of-check (TOC)

A security vulnerability that occurs when a resource is checked for authorization at one point in time, but its use is not protected until a later point in time.

Time-of-use (TOU)

A security vulnerability that occurs when a resource is protected at one point in time, but its use is not checked until a later point in time.

Malicious update

An intentional modification of software or firmware to introduce malicious functionality.

Operating system (OS)-based

A security vulnerability that is specific to a particular operating system.

Web-based

A security vulnerability that is specific to web applications or websites.

Structured Query Language injection (SQLi)

An attack technique that exploits vulnerabilities in a web application's database layer to execute unauthorized SQL commands.

Cross-site scripting (XSS)

An attack technique that allows an attacker to inject malicious scripts into web pages viewed by other users.

Hardware

The physical components of a computer system.

Firmware

Software that is permanently stored in a computer's hardware.

End-of-life

The stage in a product's lifecycle when it is no longer supported by the manufacturer.

Legacy

Outdated technology or software that is still in use.

Virtualization

A technology that allows multiple operating systems to run on a single physical machine.

Virtual machine (VM) escape

A technique of breaking out of a virtual machine and gaining unauthorized access to the host system.

Resource reuse

The practice of utilizing resources efficiently by sharing them among multiple users or processes.

Cloud-specific

A security vulnerability that is specific to cloud computing environments.

Supply chain

A network of organizations involved in the production and delivery of a product or service.

Service provider

An organization that offers services to customers.

Hardware provider

An organization that manufactures or supplies hardware components.

Software provider

An organization that develops or supplies software.

Cryptographic

Related to the science of encryption and decryption.

Misconfiguration

A configuration error that can lead to security vulnerabilities.

Mobile device

A portable computing device such as a smartphone or tablet.

Side loading

The process of installing applications on a mobile device from sources other than the official app store.

Jailbreaking

The process of removing software restrictions imposed by the manufacturer on a mobile device.

Zero-day

A software vulnerability that is unknown to the software vendor and for which no patch or fix is available.

Device Placement

Strategically positioning network devices to optimize network performance and connectivity.

Security Zones

Segmenting a network into isolated areas based on security requirements to prevent unauthorized access and limit the impact of potential breaches.

Attack Surface

The total number of vulnerabilities that can be exploited by an attacker, including software, hardware, and network components.

Connectivity

The ability of devices to establish and maintain network connections, ensuring seamless communication and data transfer.

Failure Modes

Different ways in which a network device can fail, such as hardware malfunctions, software errors, or power outages.

Fail-Open

A device fails in a way that allows network traffic to pass through, ensuring uninterrupted network connectivity even during device failures.

Fail-Closed

A device fails in a way that blocks network traffic, preventing unauthorized access and protecting the network from potential threats.

Device Attribute

A characteristic or property of a network device, such as its IP address, MAC address, or firmware version.

Active vs. Passive

Different modes of operation for network devices, where active devices actively participate in network communication, while passive devices only observe and monitor network traffic.

Inline vs. Tap/Monitor

Different deployment methods for network devices, where inline devices are placed in the direct path of network traffic, while tap/monitor devices passively observe network traffic without affecting its flow.

Network Appliances

Devices specifically designed to perform specific network functions, such as routers, switches, firewalls, and load balancers.

Jump Server

A server used to access and manage other devices in a network, often used for administrative purposes and to enhance security by limiting direct access to critical systems.

Proxy Server

A server that acts as an intermediary between clients and other servers, enhancing security, performance, and privacy by filtering and forwarding network requests.

Intrusion Prevention System (IPS)

A security device that monitors network traffic in real-time and actively blocks potential threats, providing proactive defense against attacks.

Intrusion Detection System (IDS)

A security device that monitors network traffic and alerts on potential threats, providing a reactive defense mechanism to detect and respond to security incidents.

Load Balancer

A device that distributes network traffic across multiple servers, ensuring optimal resource utilization, scalability, and high availability.

Sensors

Devices that detect and respond to changes in the network environment, providing valuable insights into network performance, security, and potential anomalies.

Port Security

Measures taken to secure network ports from unauthorized access, such as MAC address filtering, port authentication, and limiting the number of connected devices.

802.1X

An IEEE standard for network access control, providing authentication and authorization mechanisms to ensure only authorized devices can connect to a network.

Extensible Authentication Protocol (EAP)

A framework for authentication protocols in network security, enabling secure communication between clients and authentication servers.

Firewall Types

Different types of firewalls used for network security, including network layer firewalls, application layer firewalls, and web application firewalls.

Web Application Firewall (WAF)

A firewall specifically designed to protect web applications from common web-based attacks, such as SQL injection and cross-site scripting (XSS).

Unified Threat Management (UTM)

A comprehensive security solution that combines multiple security features, such as firewall, antivirus, intrusion detection, and virtual private network (VPN) capabilities.

Next-Generation Firewall (NGFW)

A firewall that incorporates advanced security capabilities beyond traditional firewalls, such as deep packet inspection, application awareness, and threat intelligence integration.

Layer 4/Layer 7

Different levels of the network protocol stack, where Layer 4 refers to the transport layer (e.g., TCP, UDP), and Layer 7 refers to the application layer (e.g., HTTP, FTP).

Secure Communication/Access

Methods and technologies used to ensure secure network communication and access, including encryption, authentication, and secure protocols.

Virtual Private Network (VPN)

A secure network connection established over a public network, enabling remote users to securely access private networks and resources.

Remote Access

The ability to access a network remotely, allowing users to connect to a network from outside the physical premises.

Tunneling

Encapsulating one network protocol within another for secure communication, creating a virtual tunnel through which data can be securely transmitted.

Transport Layer Security (TLS)

A cryptographic protocol used to secure network communication, providing confidentiality, integrity, and authentication for data exchanged between network entities.

Internet Protocol Security (IPSec)

A protocol suite used to secure IP communications, providing encryption, authentication, and integrity for IP packets.

Software-Defined Wide Area Network (SD-WAN)

A technology that enables centralized control and management of wide area networks, allowing organizations to optimize network performance, reduce costs, and enhance security.

Secure Access Service Edge (SASE)

A cloud-native security framework that combines network and security services, providing secure access to applications and data from any location or device.

Selection of Effective Controls

The process of choosing appropriate security measures to mitigate risks, considering factors such as cost, effectiveness, and compatibility with the network infrastructure.

Responsibility matrix

A matrix that defines the roles and responsibilities of individuals or teams within a project or organization.

Hybrid cloud architecture

An architecture that combines both public and private cloud environments, allowing organizations to leverage the benefits of both.

Third-party vendors

External companies or services that provide products or services to an organization.

Infrastructure as code (IaC)

The practice of managing and provisioning infrastructure through machine-readable definition files, enabling automation and scalability.

Serverless computing

A cloud computing execution model where the cloud provider manages the infrastructure and automatically allocates resources based on demand.

Microservices architecture

An architectural style that structures an application as a collection of small, loosely coupled services, promoting scalability and flexibility.

Network infrastructure

The underlying foundation that supports communication and connectivity between devices and systems.

Physical isolation

The separation of network components physically to enhance security and prevent unauthorized access.

Air-gapped network

A network or system that is physically isolated from other networks, typically for security purposes.

Logical segmentation

The division of a network into multiple logical segments to improve security and performance.

Software-defined networking (SDN)

A network architecture that separates the control plane from the data plane, allowing for centralized management and programmability.

On-premises infrastructure

Infrastructure or software that is located within an organization's physical premises rather than in the cloud.

Centralized vs. decentralized systems

The comparison of a system or organization that has a central authority versus one that distributes authority across multiple entities.

Containerization

The process of encapsulating an application and its dependencies into a container for efficient deployment and scalability.

Virtualization

The creation of a virtual version of a resource, such as a server or operating system, to maximize resource utilization.

Internet of Things (IoT)

The network of physical devices, vehicles, appliances, and other objects embedded with sensors, software, and connectivity to exchange data.

Industrial control systems (ICS) / supervisory control and data acquisition (SCADA)

Systems used to monitor and control industrial processes, such as power plants and manufacturing facilities.

Real-time operating system (RTOS)

An operating system that guarantees a certain capability within a specified time constraint.

Embedded systems

Computer systems designed to perform specific tasks within larger systems or devices.

High availability

The ability of a system or component to be continuously operational for a long period of time, with minimal downtime.

Availability

The proportion of time that a system or resource is operational and accessible.

Resilience

The ability of a system or component to recover quickly and continue operating in the event of a failure or disruption.

Cost

The expenditure or resources required to design, implement, and maintain a system or infrastructure.

Responsiveness

The ability of a system or component to quickly respond to user inputs or requests.

Scalability

The ability of a system or component to handle increasing workload or demand by adding resources.

Ease of deployment

The simplicity and efficiency of deploying a system or application to a production environment.

Risk transference

The process of shifting the risk associated with a system or process to another party, such as an insurance company.

Ease of recovery

The simplicity and effectiveness of restoring a system or application to a functional state after a failure or disaster.

Patch availability

The availability of software patches or updates to fix vulnerabilities or improve functionality.

Inability to patch

The inability to apply software patches or updates to a system or application, potentially leaving it vulnerable to security threats.

Power consumption

The amount of electrical energy required to operate and sustain a system or infrastructure.

Compute

The process of performing calculations or executing instructions by a computer or server.

High availability

Ensuring system uptime by distributing network traffic across multiple servers to optimize performance and prevent overload.

Load balancing

Distributing network traffic across multiple servers to optimize performance and prevent overload.

Clustering

Grouping multiple servers together to act as a single system for improved reliability and availability.

Site considerations

Factors to consider when planning the physical location of IT infrastructure.

Hot site

A fully operational off-site facility with all necessary equipment and infrastructure ready for immediate use in case of a disaster.

Cold site

An off-site facility that does not have the necessary equipment and infrastructure in place, requiring setup and configuration in the event of a disaster.

Warm site

An off-site facility with some pre-configured equipment and infrastructure, requiring additional setup and configuration in the event of a disaster.

Geographic dispersion

Spreading IT infrastructure across multiple physical locations to minimize the impact of a single point of failure or disaster.

Platform diversity

Using different operating systems or hardware platforms to reduce the risk of a single platform failure affecting the entire system.

Multi-cloud systems

Deploying applications and services across multiple cloud providers to increase redundancy and avoid vendor lock-in.

Continuity of operations

Ensuring that critical business functions can continue in the event of a disruption or disaster.

Capacity planning

Determining the resources needed to meet current and future demands of the IT infrastructure.

People

Considering the skills and expertise required to manage and support the IT infrastructure.

Technology

Assessing the hardware, software, and networking components needed to support the IT infrastructure.

Infrastructure

Evaluating the physical facilities and resources required to house and operate the IT infrastructure.

Testing

Evaluating the performance and functionality of the IT infrastructure through various exercises and simulations.

Tabletop exercises

Simulated scenarios and discussions to test the response and decision-making capabilities of the IT team in a controlled environment.

Failover

The process of switching to a backup system or component when the primary system or component fails.

Simulation

Creating a virtual environment to replicate real-world scenarios and test the performance and resilience of the IT infrastructure.

Parallel processing

Dividing a task into smaller subtasks that can be executed simultaneously to improve performance and efficiency.

Backups

Creating copies of data and storing them separately for recovery in case of data loss or system failure.

Onsite/offsite

Storing backups either at the same location as the primary system (onsite) or at a different location (offsite) for added protection.

Frequency

Determining how often backups should be performed based on the rate of data change and criticality of the system.

Encryption

Securing data by converting it into a coded form that can only be accessed with the appropriate decryption key.

Snapshots

Capturing the state of a system or data at a specific point in time for backup and recovery purposes.

Recovery

Restoring the IT infrastructure to a functional state after a disruption or failure.

Replication

Creating and maintaining duplicate copies of data or systems to ensure availability and data integrity.