Home / Cybersecurity Glosarry / A is for Advanced Persistent Threats

A is for Advanced Persistent Threats

acceptable use policy – a set of wording to define an agreement between any user and the enterprise that owns the service, application or device being accessed. The agreement would usually define both the primary permitted and prohibited activities.

access controls – the ability to manage and restrict entry or exit to a physical, virtual or digital area through the use of permissions. Permissions are usually assigned individually to a person, device or application service to ensure accountability and traceability of usage. The permissions can be secured using (i) physical tokens (something you have) for example a key card, (ii) secret information (something you know) such as a password or (iii) or biometric information – using part of the human body such as a fingerprint or eye scan to gain access (something you are). See also multi-factor authentication.

access rights – the set of permissions granted to a user account to define if they can enter and use specific functions within a network, application, system or hardware device. Usually these permissions are granted on the basis of least privilege.

accountability – the basic security practice of ensuring that all critical assets and actions have clear ownership and traceability. See also single point accountability.

adaptive content inspection (ACI) – an advanced form of data loss prevention technology that allows the full set of any information being processed to be reviewed against a set of updatable rules, so that blocking, reporting, notification or other actions can be automatically applied. For example, a rule can be put in place so that if any set of 16 digit numbers (credit cards) are being sent in batches exceeding 50 from any user device, the action can be blocked and reported. Standard data loss prevention only reviews the main headers and tags, where as this form of prevention performs a review of all the information content.

adaptive defense – the use of agile techniques to rapidly learn and adjust cyber protection methods to help decrease the possibilities of successful attack or to reduce the window of time between detection and incident counter-response. See also indicators of compromise (IOC).

Advanced Encryption Standard (AES) – this is a symmetrical method of ciphering information from plain characters to and from secret, encoded information. This standard was originally introduced as a successor to the Data Encryption Standard (DES) and Triple DES. See also encryption and symmetrical encryption.

advanced persistent threats (APTs) – a term used to describe the tenacious and highly evolved set of tactics used by hackers to infiltrate networks through digital devices and then leave malicious software in place for as long as possible. The cyber attack lifecycle usually involves the attacker performing research & reconnaissance, preparing the most effective attack tools, getting an initial foothold into the network or target digital landscape, spreading the infection and adjusting the range of attack tools in place and then exploiting the position to maximum advantage. The purpose can be to steal, corrupt, extort and/or disrupt an organization for financial gain, brand damage or other political purposes. This form of sophisticated attack becomes harder and more costly to resolve, the further into the lifecycle the attackers are and the longer it has managed to already remain in place. A goal with this threat type, is for the intruder to remain (persist) undetected for as long as possible in order to maximize on the opportunities of the intrusion – for example to steal data over a long period of time. See also kill-chain.

advanced threat defense (ATD) – very large organizations use a wider range of protective techniques to detect, deny, disrupt, degrade, deceive and contain any unauthorized attempts at entry into a digital landscape. For example, extending protection beyond anti-malware, encryption and firewalls to include the use of network traffic analysis, payload analysis, network forensics, endpoint behavior analysis and endpoint forensics.

adware – any computer program (software) designed to render adverts to an end user. This type of software can be considered a form of malware if (i) the advertising was not consented to by the user, (ii) is made difficult to uninstall or remove, or (iii) provides other covert malware functions.

all source intelligence – a term defined by the US National Institute for Cybersecurity Education (NICE) for gathering together threat intelligence and information across all appropriate internal and external sources for the purposes of gaining insights and implications into new and active potential threats.

air gap –to use some form of physical separation to ensure that activities in one area cannot impact or infect activities in another. Used in the context of cybersecurity to describe physically and digitally isolating sensitive or infected systems so they have no possibility of interacting with any other systems and networks.

alert status – an escalation flag that can be assigned to a security incident to indicate that it is unable to be managed inside allowable time limits or other acceptable tolerances that are defined.

anti-malware – is a computer program designed to look for specific files and behaviors (signatures) that indicate the presence or the attempted installation of malicious software. If or when detected, the program seeks to isolate the attack (quarantine the malware), remove it, if it can, and also alert appropriate people to the attempt or to their presence.

anti-spyware – a subset of anti-malware software that has the specific purpose of detecting, blocking or preventing malicious software used to illicitly monitor and steal information. See also spyware.

anti-virus – archaic predecessor of anti-malware that was used before the nature and types of malicious software had diversified.

application – a collection of functions and instructions in electronic format (a software program) that resides across one or more digital device, usually designed to create, modify, process, store, inspect and/or transmit specific types of data. For subversive applications, see malware.

assessments – the evaluation of a target (for example an application, service, supplier) against specific goals, objectives or other criteria through the collection of information about it. Usually, this is achieved through an established and repeatable process involving discussion or responding to questions. The purpose is to understand how closely the target meets the intended criteria and to identify any gaps or deficiencies. An assessment is different from an audit because it does not necessarily check for evidence and does not need to be carried out by an objective third party.

asset – any item (physical or digital) that has inherent value. For cybersecurity, information items that can be monetized (for example – intellectual property and sets of personal data) are regarded as high value assets due to their potential resale or blackmail value.

asymmetric cryptography – a method of ciphering information using two different keys (a key pair). One is a public key, the other is a private key. One key is used to cipher the information from plain text into a secret format. The other key can then be used to decipher the secret format back to plain text. The keys can be used in any order as long as both keys are used. As one key is public, the use of the private key first is usually only for the purposes of attaching a digital signature. A single key cannot be used to cipher and decipher the same message. Also known as public key encryption and public key cryptography.

attack – the occurrence of an unauthorized intrusion.

attack and penetration test – see penetration testing.

attacker – an umbrella term to cover all types of people and organizations that may attempt to gain unauthorized access to a digital device, application, system or network. See also black hat, hacker, hacktivist, cyber warrior, script kiddies,…

attack lifecycle – see cyber attack lifecycle.

attack mechanism – a term to describe the method used to achieve an unauthorized intrusion.

attack method – the technique, tools or exploit used by an adversary to attempt to gain unauthorized access to any part of a digital landscape.

attack signature – a distinctive pattern of characteristics that can be identified to help understand and correct an attempt at unauthorized access or intrusion. See also indicators of compromise (IOC).

attack surface – the sum of the potential exposure area that could be used to gain unauthorized entry to, or extraction of information. This will usually include perimeter network hardware (such as firewalls) and web servers (hardware that hosts internet enabled applications). See also cyber defense points.

attack vector – a path or means that could be used by an unauthorized party to gain access to a digital device, network or system.

audits – the use of one or more independent examiners (auditors) to check if a target product, service and/or location is meeting the specific control standards required. This form of inspection requires that individual controls are tested to confirm their suitability and consistent usage. The outcomes from this type of event, including any gaps discovered and corrective actions required are always provided in a final report.

authentication – the process of confirming if the identity and other properties of any entity (person or application) are valid.

authorization – the use of authentication information together with access control lists to verify if the entity (person or application) has permission to perform the function they are requesting.

availability – the assignment of a value to a set of information to indicate how much disruption or outage is considered acceptable to the owner. Often this is expressed or translated into a scale of time. Data with the highest possible availability rating would be required to be ready at all times (no downtime permitted), often through the use of a fully redundant failsafe. The value assigned to availability is used by the owner of an application or service to set the recovery time objective. See also integrity – a different but related term.

INDEX ] [ # ] [ A ] [ B ] [ C ] [ D ] [ E ] [ F ] [ G ] [ H ] [ I ] [ J ] [ K ] [ L ] [ M ] [ N ] [ O ] [ P ] [ Q ] [ R ] [ S ] [ T ] [ U ] [ V ] [ W ] [ X ] [ Y ] [ Z ]