Professional Documents
Culture Documents
Course Glossary
This glossary corresponds to the various terms introduced throughout the course. You can
reference all of the definitions here in one place as a supplementary study guide. Unless
otherwise noted, these definitions were taken from the NIST Computer Security Resource
Center.
Asset
Per Wikipedia, an asset in information security is any data, device, or other component of the
environment that supports information-related activities.
Asymmetric Encryption
Encryption system that uses a public-private key pair for encryption and/or digital signature.
Attack Flow
There is no official definition from NIST for this term; however, it is a general term to refer to the
flow of an attack from one stage to the next. In the course, we go over two attack flow models or
frameworks: Lockheed Martin’s Cyber Kill Chain and the MITRE ATT&CK framework. Both of
these models represent the flows that attackers might follow in a given attack.
Attack Surface
The set of points on the boundary of a system, a system element, or an environment where an
attacker can try to enter, cause an effect on, or extract data from, that system, system element,
or environment.
Authentication
Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to
resources in an information system.
Authorization
Access privileges granted to a user, program, or process or the act of granting those privileges.
Availability
Ensuring timely and reliable access to and use of information.
B
Bit
A binary digit having a value of 0 or 1.
Broadcast
Transmission to all devices in a network without any acknowledgment by the receivers.
Business Continuity
Per Wikipedia, business continuity is the capability of an organization to continue the delivery of
products or services at pre-defined acceptable levels following a disruptive incident.
Byte
A group of eight bits that is treated either as a single entity or as an array of 8 individual bits.
Certificate Authority
A trusted entity that issues and revokes public key certificates.
Ciphertext
Data in its encrypted form.
Cloud computing
A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of
configurable computing resources (e.g., networks, servers, storage, applications, and services)
that can be rapidly provisioned and released with minimal management effort or service provider
interaction.
Community Cloud
The cloud infrastructure is provisioned for exclusive use by a specific community of consumers
from organizations that have shared concerns (e.g., mission, security requirements, policy, and
compliance considerations). It may be owned, managed, and operated by one or more of the
organizations in the community, a third party, or some combination of them, and it may exist on
or off premises.
Compliance
An organization's adherence to governing policies, regulations, standards, and guidelines.
Confidentiality
The ability to protect data so that unauthorized parties cannot view the data.
Cryptography
The discipline that embodies the principles, means, and methods for the transformation of data
in order to hide their semantic content, prevent their unauthorized use, or prevent their
undetected modification.
De-encapsulation
When data is transmitted across a network, data may be added at the beginning and end as
headers and footers to help with routing and other processes. That process is called
encapsulation. This data is also removed at certain points as the data travels through the layers
of the OSI Model. That process is referred to as de-encapsulation.
Defense-in-Depth
Per Microsoft, "The idea behind defense in depth is to manage risk by using diverse defensive
strategies. Layering security defenses in an application reduces the chance of a successful
attack."
Digital Certificate
A digitally signed representation of information that 1) identifies the authority issuing it, 2)
identifies the subscriber, 3) identifies its valid operational period (date issued / expiration date).
In the information assurance (IA) community, certificate usually implies public key certificate and
can have the following types: A digital representation of information which at least (1) identifies
the certification authority (CA) issuing it, (2) names or identifies its subscriber, (3) contains the
subscriber’s public key, (4) identifies its operational period, and (5) is digitally signed by the
certification authority issuing it.
DMZ
A perimeter network or screened subnet separating an internal network that is more trusted
from an external network that is less trusted.
Encapsulation
When data is transmitted across a network, data may be added at the beginning and end as
headers and footers to help with routing and other processes. That process is called
encapsulation. This data is also removed at certain points as the data travels through the layers
of the OSI Model. That process is referred to as de-encapsulation.
Encryption
The cryptographic transformation of data to produce ciphertext.
Endpoint
Generally, any device that an end-user interacts with, such as desktops, laptops, mobile
phones, printers, tablets, Internet of Things devices, etc.
Firewall
An inter-network connection device that restricts data communication traffic between two
connected networks. A firewall may be either an application installed on a general-purpose
computer or a dedicated platform (appliance), which forwards or rejects/drops packets on a
network. Typically firewalls are used to define zone borders. Firewalls generally have rules
restricting which ports are open.
Fragment Attack
In a fragment attack, a threat actor fragments data in such a way that a system is not able to put
the data packets back together again.
Governance
Per Wikipedia, corporate governance consists of the set of processes, customs, policies, laws
and institutions affecting the way people direct, administer or control an organization.
Hardware
The material physical components of a system.
Hashing
A method of calculating a relatively unique output (called a hash digest) for an input of nearly
any size (a file, text, image, etc.) by applying a cryptographic hash function to the input data.
Honeypot
A system (e.g., a web server) or system resource (e.g., a file on a server) that is designed to be
attractive to potential crackers and intruders, like honey is attractive to bears.
Hub
A common connection point for devices in a network. Hubs are commonly used to pass data
from one device (or segment) to another.
Hybrid Cloud
A cloud infrastructure that is a composition of two or more distinct cloud infrastructures (private,
community, or public) that remain unique entities but are bound together by standardized or
proprietary technology that enables data and application portability (e.g., cloud bursting for
load-balancing between clouds).
Identification
The process of verifying the identity of a user, process, or device, usually as a prerequisite for
granting access to resources in an IT system.
Incident Response
Per NIST SP 800-61, incident response is rapidly detecting incidents, minimizing loss and
destruction, mitigating the weaknesses that were exploited, and restoring IT services.
Indicator of Compromise
Per Wikipedia, an artifact observed on a network or in an operating system that, with high
confidence, indicates a computer intrusion.
Insider Threat
The threat that an insider will use her/his authorized access, wittingly or unwittingly, to do harm
to the security of the organization and/or its systems.
Integrity
Guarding against improper information modification or destruction, and includes ensuring
information non-repudiation and authenticity.
IP Address
Per Wikipedia, an IP address is a numerical label such as 192.0.2.1 that is connected to a
computer network that uses the Internet Protocol for communication. An IP address serves two
main functions: network interface identification and location addressing.
ISO/IEC 27001
Per Wikipedia, this is an international standard on how to manage information security. It was
published jointly by the International Organization for Standardization (ISO) and the
International Electrotechnical Commission (IEC). It details requirements for establishing,
implementing, maintaining and continually improving an information security management
system (ISMS) – the aim of which is to help organizations make the information assets they hold
more secure.
Likelihood
A weighted factor based on a subjective analysis of the probability that a given threat is capable
of exploiting a given vulnerability or a set of vulnerabilities.
Need to Know
Decision made by an authorized holder of official information that a prospective recipient
requires access to specific official information to carry out official duties.
Network
A system implemented with a collection of interconnected components. Such components may
include routers, hubs, cabling, telecommunications controllers, key distribution centers, and
technical control devices.
Non-Repudiation
Assurance that the sender of information is provided with proof of delivery and the recipient is
provided with proof of the sender’s identity, so neither can later deny having processed the
information.
O
Packet
The logical unit of network communications produced by the transport layer.
Payload
Consists of the information passed down from the previous layer.
Phishing
A technique for attempting to acquire sensitive data, such as bank account numbers, through a
fraudulent solicitation in email or on a website, in which the perpetrator masquerades as a
legitimate business or reputable person.
Plaintext
Data that has not been encrypted; intelligible data that has meaning and can be understood
without the application of decryption.
Private Cloud
The cloud infrastructure is provisioned for exclusive use by a single organization comprising
multiple consumers (e.g., business units). It may be owned, managed, and operated by the
organization, a third party, or some combination of them, and it may exist on or off premises.
Privilege Escalation
The exploitation of a bug or flaw that allows for a higher privilege level than what would normally
be permitted.
Protocol
A set of rules (i.e., regarding formats and procedures) to implement and control some type of
association (e.g., communication) between systems.
Public Cloud
In this cloud deployment model, the cloud infrastructure is provisioned for open use by the
general public. It may be owned, managed, and operated by a business, academic, or
government organization, or some combination of them. It exists on the premises of the cloud
provider.
Risk Management
The process of managing risks to organizational operations (including mission, functions, image,
or reputation), organizational assets, or individuals resulting from the operation of an information
system, and includes: (i) the conduct of a risk assessment; (ii) the implementation of a risk
mitigation strategy; and (iii) employment of techniques and procedures for the continuous
monitoring of the security state of the information system.
Router
A computer that is a gateway between two networks at OSI layer 3 and that relays and directs
data packets through that inter-network. The most common form of router operates on IP
packets.
Security Control
A safeguard or countermeasure prescribed for an information system or an organization
designed to protect the confidentiality, integrity, and availability of its information and to meet a
set of defined security requirements.
Segmentation
A network security strategy that breaks a network down into smaller LANs with firewalls at each
connection point to ensure that each LAN remains secure.
Segregation of Duties
Also known as Separation of Duties, this phrase refers to the principle that no user should be
given enough privileges to misuse the system on their own. For example, the person authorizing
a paycheck should not also be the one who can prepare them. Separation of duties can be
enforced either statically (by defining conflicting roles, i.e., roles which cannot be executed by
the same user) or dynamically (by enforcing the control at access time).
Server
A computer or device on a network that manages network resources. Examples include file
servers (to store files), print servers (to manage one or more printers), network servers (to
manage network traffic), and database servers (to process database queries).
Side-Channel Attack
An attack enabled by leakage of information from a physical cryptosystem. Characteristics that
could be exploited in a side-channel attack include timing, power consumption, and
electromagnetic and acoustic emissions.
Simple Mail Transport Protocol (SMTP)
The primary protocol used to send electronic mail messages on the Internet.
Software
Computer programs and associated data that can be dynamically written and modified during
execution.
Spoofing
The deliberate inducement of a user or resource to take incorrect action. Note: Impersonating,
masquerading, piggybacking, and mimicking are forms of spoofing. A specific example of
spoofing is where a threat actor fakes the sending address of transmission to gain illegal entry
into a secure system.
SQL Injection
A type of attack that exploits websites that allow the attacker to pass malicious and
insufficiently-evaluated user input to database back-ends.
Switch
A device that channels incoming data from any of multiple input ports to the specific output port
that will take the data toward its intended destination.
Symmetric Encryption
The use of encryption algorithms using the same secret key for encryption and decryption.
T
Telnet
Per Wikipedia, Telnet is an application protocol used for text-based communication with a
remote host.
Threat Actor
An individual or a group posing a threat.
Trojan
A useful or seemingly useful program that contains hidden code of a malicious nature that
executes when the program is invoked. Often, it contains a backdoor that allows the threat actor
to gain access after it is installed.
Virus
A computer program that can copy itself and infect a computer without permission or knowledge
of the user. A virus might corrupt or delete data on a computer, use e-mail programs to spread
itself to other computers, or even erase everything on a hard disk.
VLAN
A Virtual Local Area Network is a logical group of workstations, servers, and network devices. It
is partitioned and isolated within a network at the data link layer. A single physical local area
network (LAN) can be logically partitioned into multiple, independent VLANs; a group of devices
on one or more physical LANs can be configured to communicate within the same VLAN, as if
they were attached to the same physical LAN.
VPN
A Virtual Private Network is built on top of existing networks that can provide a secure
communications mechanism for transmission between networks.
Vulnerability
Weakness in an information system, system security procedures, internal controls, or
implementation that could be exploited or triggered by a threat source.
Web Shell
Per Wikipedia, a web shell is a shell-like interface that enables a web server to be remotely
accessed, often for the purposes of cyberattacks. A web shell is unique in that a web browser is
used to interact with it.
WLAN
A wireless area network is a group of computers and devices that are located in the same
vicinity, forming a network based on radio transmissions rather than wired connections. A Wi-Fi
network is a type of WLAN.
Worm
A computer program that can run independently, can propagate a complete working version of
itself onto other hosts on a network, and may consume computer resources destructively.
Zero Trust
A model based on removing the design belief that the network has any trusted space. Security
is managed at each possible level, representing the most granular asset. Microsegmentation of
workloads is a tool of this model.