Glossary of Terms

Cloud Computing Application: Cloud computing is the practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or personal computer. Common examples include AWS, Microsoft Office 365, Dropbox, Facebook, Google Drive, Salesforce, and Box.com.

Confidential Information: Information protected by statutes, regulations, [Company] policies, or contractual language. Information Owners may also designate information as Confidential. Such information is sensitive, and access is restricted. Disclosure is limited to individuals on a “need-to-know” basis only. Disclosure to parties outside of [Company] must be authorized by executive management, approved by the Director of Information Technology and/or General Counsel, or covered by a binding confidentiality agreement.

Examples of Confidential Information include:

  • Customer data shared and/or collected during a consulting engagement
  • Financial information, including credit card and account numbers
  • Social Security Numbers
  • Personnel and/or payroll records
  • Any information identified by government regulation to be treated as confidential, or sealed by order of a court of competent jurisdiction
  • Any information belonging to an [Company] customer that may contain personally identifiable information
  • Patent information

Critical Vendor: A vendor with a specialized skillset, mandatory safety certification, or proprietary product whose discontinuation of service would have a significant negative impact on the company’s operations.

Forensics : also known as digital forensics, is the field of forensic science focused on the recovery, analysis, and presentation of data from digital devices and systems in a way that is legally admissible. This discipline involves investigating computer systems, networks, and storage devices to uncover evidence related to criminal activities, security breaches, or other incidents involving digital data.

Key aspects of cyber forensics include:

  • Evidence Collection: Gathering data from computers, smartphones, servers, and other digital devices while preserving its integrity.
  • Data Analysis: Examining the collected data to uncover patterns, traces of malicious activity, or other relevant information. This may involve recovering deleted files, analyzing log files, and identifying unauthorized access.
  • Legal Procedures: Ensuring that all forensic processes follow legal protocols to maintain the admissibility of evidence in court. This includes proper documentation and chain of custody.
  • Incident Response: Assisting in identifying the scope and impact of security breaches or cyber-attacks.
  • Reporting: Documenting findings in a clear and comprehensive manner, often including expert testimony for legal proceedings.

Cyber forensics plays a crucial role in investigating cybercrimes, resolving security incidents, and supporting legal actions related to digital evidence.

Impact: The extent of the damages resulting from an adverse event (i.e., realized threat) affecting Company Information Resources.

Incident: A suspected, attempted, successful, or imminent threat of unauthorized access, use, disclosure, breach, modification, or destruction of information; interference with Information Resources or operations; or a significant violation of policy.

An incident may have one or more of the following characteristics:

  1. Violation of an explicit or implied [Company] security policy
  2. Attempts to gain unauthorized access to a [Company] Information Resource
  3. Denial of service to a [Company] Information Resource
  4. Unauthorized use of [Company] Information Resources
  5. Unauthorized modification of [Company] information
  6. Loss of [Company] Confidential or Protected information

Indicator of Compromise (IoC) –  is a piece of forensic data used to identify potential or actual malicious activity on a network or system. IoCs are signs that a system may have been compromised or is being targeted by cyber threats. They help in detecting and responding to security incidents by providing clues or evidence of an attack.

Common examples of IoCs include:

  • File hashes: Unique digital signatures of files, which can indicate if a file has been altered or is known to be malicious.
  • IP addresses: Addresses associated with malicious activity or command-and-control servers.
  • Domain names: Names used by attackers for phishing or other malicious purposes.
  • URLs: Addresses leading to malicious websites or resources.
  • Email addresses: Used by attackers for phishing attempts.
  • Registry keys or values: Modifications in the Windows registry that indicate malicious software or changes.

IoCs are used in conjunction with other tools and techniques in cybersecurity to monitor, detect, and respond to threats effectively.

Information Resource: An asset that, like other important business assets, is essential to an organization’s business and consequently needs to be suitably protected. Information can be stored in many forms, including hardware assets (e.g., workstation, server, laptop), digital form (e.g., data files stored on electronic or optical media), material form (e.g., on paper), as well as unrepresented information in the form of employee knowledge. Information may be transmitted by various means including courier, electronic, or verbal communication. Whatever form information takes, or how it is transmitted, it always needs appropriate protection.

Information Resource Custodian: The person, department, or entity responsible for supporting and implementing controls over **Information Resources**. For more information, refer to the Information Classification and Management Policy.

Information Resource Owner: The person, department, or entity responsible for classifying and approving access to an **Information Resource**. For more information, refer to the Information Classification and Management Policy.

Information Security: The practice of protecting information by mitigating risks to the confidentiality, integrity, and availability of information through administrative, physical, and technical **security controls**.

Internal Information: Information that must be guarded due to proprietary, ethical, or privacy considerations and must be protected from unauthorized access, modification, transmission, storage, or other use. This classification applies even though there may not be a civil statute requiring this protection. Internal Information is restricted to personnel designated by [Company] who have a legitimate business purpose for accessing such information.

Examples of Internal Information include:

– Employment Information

– Business partner information where no more restrictive confidentiality agreement exists

– Internal directories and organization charts

– Planning documents

Jail Breaking: (Also known as ‘rooting’) The process of modifying a mobile device to remove restrictions imposed by the manufacturer or operator, e.g., to allow the installation of unauthorized software.

Least Privilege: In a computing environment, this principle requires that every module (such as a process, user, or program) be restricted to access only the information and resources necessary for its intended purpose.

Likelihood: The chance of something happening. With respect to information security, it refers to the chance of a threat or negative impact occurring.

Mitigating Control: Existing or potential controls to be implemented to reduce the impact or likelihood of a risk occurring.

 

Mobile Device: Computing devices that are intended to be easily moved and/or carried for the convenience of the user, enabling computing tasks without respect to location. Mobile devices include, but are not limited to, mobile phones, smartphones, tablets, and laptops.

Mobile Device Management (MDM): Security software used by an organization to monitor, manage, and secure **mobile devices**.

Multi-factor Authentication: An authentication control requiring the use of two or more pieces of evidence for an authentication mechanism. This evidence generally consists of something you know (knowledge), something you have (possession), and/or something you are (inherence). Examples include a physical security key, digital security certificate, security token, fingerprint, or possession of a mobile device.

Need to Know: A term used to describe the restriction of data or systems considered very sensitive. It refers to the requirement that a person have a legitimate purpose for accessing data or systems, regardless of their clearance level or access permissions.

Overwrite: See Secure Erase.

Penetration Test: A highly manual process that simulates a real-world attack situation with the goal of identifying how far an attacker could penetrate an environment.

Personally Identifiable Information (PII): Any information that, when used alone or with other relevant data, can identify an individual. Examples include full name, social security number, driver’s license number, passport number, and bank account number.

Personally owned: Systems and devices that were not purchased and are not owned by [Company].

Protected Health Information (PHI): Health information in any form, including physical records, electronic records, or spoken information, which includes identifiers allowing it to be linked to a specific individual.

Public Information: Information that may or must be open to the public. It is defined as information with no existing local, national, or international legal restrictions on access or usage. Public Information, while subject to [Company] disclosure rules, is available to all [Company] employees and all individuals or entities external to the corporation.

Examples of Public Information include:

– Publicly posted press releases

– Publicly available marketing materials

– Publicly posted job announcements

Remote wipe: A security feature that allows a network administrator or device owner to send a command that deletes some or all data located on a computing device without having physical possession of it.

Removable media: Portable devices used to copy, save, store, and/or move information from one system to another. Removable media comes in various forms, including, but not limited to, USB drives, flash drives, read/write CDs and DVDs, memory cards, external hard drives, and mobile phone storage.

 

Residual Risk: Risks or risk levels remaining after mitigating controls have been accounted for.

Risk: The likelihood and resulting impact of an adverse (harmful) event. Risk is sometimes expressed as Likelihood x Impact of an adverse event. A higher Risk Level indicates a higher potential likelihood and impact to the organization, while a lower Risk Level indicates a lower likelihood and impact.

Risk Assessment: A method of identifying and evaluating risks to the organization. A risk assessment typically identifies applicable threats and vulnerabilities that exist (or could exist), compares them with existing controls, and determines the potential likelihood and impact of an adverse event.

Secure Erase: More commonly referred to as a “wipe,” it is a way to overwrite all existing data on a media device with at least one set of binary zeroes (0) or ones (1) so the data cannot be read.

Security Awareness: The knowledge and perception members of an organization possess regarding the protection of the organization’s physical and informational assets.

Security Controls: (Also known as “Mitigating Controls”) Safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets.

Signature Card: A document that a service provider keeps on file with the identity and/or signatures of all authorized people on an account.

Technical Controls: See Security Controls.

Threat: Any circumstance or event with the potential to cause harm to an Information Resource or the organization. Common threat sources can be natural, human, or environmental.

Threat Hunting: A proactive cybersecurity practice in which security professionals actively search for hidden threats or adversaries within an organization’s network or systems that have evaded existing security measures. This process involves hypothesizing about potential attack methods, analyzing system and network data, and using advanced tools and techniques to identify suspicious activities or indicators of compromise that may not be detected by automated security systems. The goal of threat hunting is to uncover and mitigate advanced persistent threats (APTs) or other sophisticated cyber attacks before they can cause significant damage or data breaches.

The key aspects of threat hunting:

  1. It’s proactive rather than reactive
  2. It focuses on finding threats that have bypassed existing security
  3. It involves human analysis and hypothesis-driven investigation
  4. It aims to detect sophisticated or hidden threats
  5. The ultimate goal is early detection and mitigation of potential security breaches

Two-factor Authentication: A type or subset of multi-factor authentication (see definition above).

Vulnerability: A flaw or weakness that could be exploited or triggered by a potential threat.

Vulnerability Scan: An automated tool run against external and internal network devices and servers, designed to expose potential vulnerabilities that could be found and exploited by malicious individuals.

 

 

Version History

Version Modified Date Approved Date Author Reason/Comments
1.0.0 August 2020   FRSecure Document Origination
         
         

 

 

 

 

 

 

 

 

 

NEED HELP?

FRSecure is a full-service information security consultancy.

If you need assistance with anything in this resource, please don’t hesitate to reach out to us.

 

 

 

CONTACT US

 

 

(877) 767 – 1891 | 6550 York Ave S #500, Edina, MN 55435

For security emergencies, or quotes on services reach out to us here.

 

 

More resources

 

 

 

 

Verified by MonsterInsights