Cyber Risk Glossary
From Open Risk Manual
Definition
A Glossary for Cyber Risk terms based on[1]
| Term | Definition |
|---|---|
| Access Control | Means to ensure that access to assets is authorised and restricted based on business and security requirements. |
| Accountability | Property that ensures that the actions of an entity may be traced uniquely to that entity. |
| Advanced Persistent Threat | (APT) A threat actor that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple threat vectors. The advanced persistent threat: (i) pursues its objectives repeatedly over an extended period of time; (ii) adapts to defenders’ efforts to resist it; and (iii) is determined to execute its objectives. |
| Asset | Something of either tangible or intangible value that is worth protecting, including people, information, infrastructure, finances and reputation. |
| Authenticity | Property that an entity is what it claims to be. |
| Availability | Property of being accessible and usable on demand by an authorised entity. |
| Campaign | A grouping of coordinated adversarial behaviours that describes a set of malicious activities that occur over a period of time against one or more specific targets. |
| Compromise | Violation of the security of an information system. |
| Confidentiality | Property that information is neither made available nor disclosed to unauthorised individuals, entities, processes or systems. |
| Course of Action | (CoA) An action or actions taken to either prevent or respond to a cyber incident. It may describe technical, automatable responses but can also describe other actions such as employee training or policy changes. |
| Cyber | Relating to, within, or through the medium of the interconnected information infrastructure of interactions among persons, processes, data, and information systems. |
| Cyber Advisory | Notification of new trends or developments regarding a cyber threat to, or vulnerability of, information systems. This notification may include analytical insights into trends, intentions, technologies or tactics used to target information systems. |
| Cyber Alert | Notification that a specific cyber incident has occurred or a cyber threat has been directed at an organisation’s information systems. |
| Cyber Event | Any observable occurrence in an information system. Cyber events sometimes provide indication that a cyber incident is occurring. |
| Cyber Incident | A cyber event that: i. jeopardizes the cyber security of an information system or the information the system processes, stores or transmits; or ii. violates the security policies, security procedures or acceptable use policies, whether resulting from malicious activity or not. |
| Cyber Incident Response Plan | The documentation of a predetermined set of instructions or procedures to respond to and limit consequences of a cyber incident. |
| Cyber Resilience | The ability of an organisation to continue to carry out its mission by anticipating and adapting to cyber threats and other relevant changes in the environment and by withstanding, containing and rapidly recovering from cyber incidents. |
| Cyber Risk | The combination of the probability of cyber incidents occurring and their impact. |
| Cyber Security | Preservation of confidentiality, integrity and availability of information and/or information systems through the cyber medium. In addition, other properties, such as authenticity, accountability, non-repudiation and reliability can also be involved. |
| Cyber Threat | A circumstance with the potential to exploit one or more vulnerabilities that adversely affects cyber security. |
| Data Breach | Compromise of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to data transmitted, stored or otherwise processed. |
| Defence-in-Depth | Security strategy integrating people, processes and technology to establish a variety of barriers across multiple layers and dimensions of the organisation. |
| Denial of Service | (DoS) Prevention of authorised access to information or information systems; or the delaying of information system operations and functions, with resultant loss of availability to authorised users. |
| Detect Function | Develop and implement the appropriate activities to identify the occurrence of a cyber event. |
| Distributed Denial of Service | (DDoS) A denial of service that is carried out using numerous sources simultaneously. |
| Exploit | Defined way to breach the security of information systems through vulnerability. |
| Identify Function | Develop the organisational understanding to manage cyber risk to assets and capabilities. |
| Identity and Access Management | (IAM) Encapsulates people, processes and technology to identify and manage the data used in an information system to authenticate users and grant or deny access rights to data and system resources. |
| Incident Response Team | (IRT) [also known as CERT or CSIRT] Team of appropriately skilled and trusted members of the organisation that handles incidents during their life cycle. |
| Indicators of Compromise | (IoCs) Identifying signs that a cyber incident may have occurred or may be currently occurring. |
| Information Sharing | An exchange of data, information and/or knowledge that can be used to manage risks or respond to events. |
| Information System | Set of applications, services, information technology assets or other information-handling components, which includes the operating environment. |
| Integrity | Property of accuracy and completeness. |
| Malware | Software designed with malicious intent containing features or capabilities that can potentially cause harm directly or indirectly to entities or their information systems. |
| Multi-Factor Authentication | The use of two or more of the following factors to verify a user’s identity: -- knowledge factor, “something an individual knows”; -- possession factor, “something an individual has”; -- biometric factor, “something that is a biological and behavioural characteristic of an individual”. |
| Non-Repudiation | Ability to prove the occurrence of a claimed event or action and its originating entities. |
| Patch Management | The systematic notification, identification, deployment, installation and verification of operating system and application software code revisions. These revisions are known as patches, hot fixes and service packs. |
| Penetration Testing | A test methodology in which assessors, using all available documentation (e.g. system design, source code, manuals) and working under specific constraints, attempt to circumvent the security features of an information system. |
| Protect Function | Develop and implement the appropriate safeguards to ensure delivery of services and to limit or contain the impact of cyber incidents. |
| Recover Function | Develop and implement the appropriate activities to maintain plans for cyber resilience and to restore any capabilities or services that were impaired due to a cyber incident. |
| Reliability | Property of consistent intended behaviour and results. |
| Respond Function | Develop and implement the appropriate activities to take action regarding a detected cyber event. |
| Situational Awareness | The ability to identify, process and comprehend the critical elements of information through a cyber threat intelligence process that provides a level of understanding that is relevant to act upon to mitigate the impact of a potentially harmful event. |
| Social Engineering | A general term for trying to deceive people into revealing information or performing certain actions. |
| Tactics, Techniques and Procedures | (TTPs) The behaviour of a threat actor. A tactic is the highest-level description of this behaviour, while techniques give a more detailed description of behaviour in the context of a tactic, and procedures an even lower-level, highly detailed description in the context of a technique. |
| Threat Actor | An individual, a group or an organisation believed to be operating with malicious intent. |
| Threat Assessment | Process of formally evaluating the degree of threat to an organisation and describing the nature of the threat. |
| Threat Intelligence | Threat information that has been aggregated, transformed, analysed, interpreted or enriched to provide the necessary context for decision-making processes. |
| Threat-Led Penetration Testing | (TLPT) [also known as Red Team Testing] A controlled attempt to compromise the cyber resilience of an entity by simulating the tactics, techniques and procedures of real-life threat actors. It is based on targeted threat intelligence and focuses on an entity’s people, processes and technology, with minimal foreknowledge and impact on operations. |
| Threat Vector | A path or route used by the threat actor to gain access to the target. |
| Traffic Light Protocol | (TLP) A set of designations used to ensure that information is shared only with the appropriate audience. It employs a pre-established colour code to indicate expected sharing boundaries to be applied by the recipient. |
| Verification | Confirmation, through the provision of objective evidence, that specified requirements have been fulfilled. |
| Vulnerability | A weakness, susceptibility or flaw of an asset or control that can be exploited by one or more threats. |
| Vulnerability Assessment | Systematic examination of an information system, and its controls and processes, to determine the adequacy of security measures, identify security deficiencies, provide data from which to predict the effectiveness of proposed security measures and confirm the adequacy of such measures after implementation. |
References
- ↑ ESB, Cyber Lexicon, 2018
