Newsroom

17 Apr 2018

Cybersecurity Key Terms

The PSA Cybersecurity Committee has put together a glossary of key cyber terms to provide a basic understanding for all security professionals wanting to stay in the know in this growing market. This glossary is a part of the latest Cybersecurity Committee whitepaper, CSC Controls, which will be released in May 2018.


Active interception – normally refers to placing a computer between a sender and receiver and an effort to capture and possibly modify information

Ad filtering – ways of blocking and filtering out unwanted advertisements pop-up blockers and content filters are considered to be at filtering methods

Adware – type of spyware that pops up advertisements based on what it has learned about you

Application whitelisting – a method of restricting users to specific applications

Attack vector – the path or means by which an attacker gains access to a computer

Back doors – used in computer programs to bypass a normal authentication and other security mechanisms in place

Bluejacking – the sending of unsolicited messages to Bluetooth enabled devices such as mobile phones and tablets

Bluesnarfing – the unauthorized access of information from a wireless device through a Bluetooth connection

Botnet – a group of compromised computers used to distribute malware across the internet the members are usually zombies

Business Impact Analysis (BIA) – a systematic process aimed at predicting and evaluating the potential impact and loss of critical business operations as a result of disaster, accident or emergency

CIA Traid – Confidentiality, Integrity, and Availability (CIA)is a model designed to guide strategy and policy governance over the security of information systems within an organization.  Confidentiality aims at a set of rules that limits access to information, integrity is the assurance information is trustworthy and accurate, and availability is a guarantee system resources will be available upon request by authorized users

Content filters – individual computer programs that block external files that use JavaScript or images from loading into the browser

Easter egg – a platonic extra added to an OS where application as a sort of joke the harmless cousin of the logic bomb

Grayware – a general term used to describe applications that are behaving improperly but without serious consequences often describes types of spyware

Hardware security module – a physical device that deals with the encryption of authentication processes digital signings and payment processes

Host based intrusion detection system – a type of system loaded on an individual computer and analyzes and monitors what happens inside that computer

Information & Communication Technology (ICT) – the infrastructure, network components, applications and information systems that enable modern networking and computing

Logic bomb – code that has, in some way, been inserted into software it is meant to initiate some type of malicious function if specific criteria are met

Malware – software designed to infiltrate a computer system and possibly damage it without the user’s knowledge or consent

Mobile device management – is centralized software solution that allows for the control configuration of mobile devices

Open mail relay – also known as an SMTP open relay, enables anyone on the internet to send an email through an SMTP server

Personal firewall – an application that protects an individual computer from unwanted internet traffic it does so by way of rules and policies

Pop-up blocker – an application or add onto a web browser the blocks pop-up windows that you see contain advertisements

Privilege escalation – the act of exploding a bug or design flaw in a software or firmware application to gain access to resources that normally would have been protected from an application or user

Ransomware – a type of malware that restricts access to a computer system and Demands a ransom be paid

Risk-Based Security (RBS) – security model that attempts to deliver the most effective security in the most efficient manner by steering resources and assets to the highest areas of security risk and vulnerability

Rootkit – a type of software design to gain administrator level control over a computer system without being detected

Social Engineering Attacks – the psychological manipulation of organizational employees to attain confidential information for the purposes of fraud, gathering information or systems access.  This type of activity aims at using human interaction in an attempt to trick employees to break organizational security procedures to gain access to buildings, systems, or organizational

Spam – the abuse of electronic messaging systems such as email broadcast media and instant messaging

Spyware – a type of malicious software either downloaded unwittingly from a website or installed along with some other third-party software

Storage segmentation – a clear separation of organizational and personal information applications and other content

Threat Vector – the method of threat uses to gain access to a target computer

Time bomb – a Trojan set off on a certain date

Trojan Horse – an application that appears to perform desired functions but is actually performing malicious functions behind the scenes

Typosquatting – a method used by attackers that takes advantage of user’s typos when accessing websites. Instead of the expected website the user ends up at a website with a similar name but often malicious content

Virus – code that runs on a computer without the user’s knowledge it infects the computer when the code is accessed and executed

Worm – code that runs on a computer without the user’s knowledge a worm self-replicates whereas a virus does not

Zombie – an individual compromised computer in a botnet


More content from PSA Committees can be found on PSAEducation.com.