CAPA – acronym meaning corrective action preventive action. See corrective and preventive action system.
CERT – acronym used widely to mean either Computer Emergency Response Team (for example CERT UK) or Computer Emergency Readiness Team (for example CERT US). The primary role of these organizations is to help their member or country organizations to prepare, monitor and respond to cybersecurity and other digital landscape threats.
certificate authority – the use of a trusted third party organization to supply and verify tokens (certificates) that attest to the validity of a technology service.
chain of custody – a method of ensuring that a set of information and any metadata (tags, labels or other descriptive additions) are preserved as they are passed between owners and locations. This term is frequently applied to the preservation of evidence in the field of digital forensics.
chargeware – a form of malicious software (malware) designed to perform actions on a victims device that will incur costs to them for the benefit of the attacker. For example, on a smart mobile phone, sending SMS text messages out to a premium rate number without the owners’ knowledge or consent.
checksum – a method of verifying any collection of information is still exactly as it was, through the use of a mathematical algorithm. If any piece of information in the collection of information has changed, the value from running the algorithm will be changed, indicating that the information has been altered. See also md5 hash as an example.
Chief Information Security Officer (CISO) – a single point of accountability for ensuring that an appropriate and effective framework for managing dangers and threats is operating and effective.
cipher – the use of a key to change information into a secret or hidden format.
CISO – see Chief Information Security Officer.
clear box penetration testing – see white box penetration testing.
clickbait – to generate enticing content that encourages or pressures the recipient, or viewer, to want to access the URL link or attached file that is on offer. Originally this term was used to describe methods advertisers would use to get traffic to a particular web page, however, it is also a primary technique used to make phishing communications attractive to the unwary recipient.
clickjacking – the process of persuading a user to select (click) on an item that has a different function from the one that the user perceives. This method can be used to trick a person into performing actions they did not intend, for example, to visit a URL and/or download malware they were not expecting. The visible action for the ‘click’ is different from the actual action that the selection initiates.
closed system – a collection of applications, systems and devices that only have the ability to communicate with each other. No connection to any component outside the known and trusted group is permitted.
cloud (the) – an umbrella term used to identify any technology service that uses software and equipment not physically managed or owned by the person or organization (customer) using it. This usually provides advantages of on-demand scalability at lower cost. Examples include applications that are hosted online, online file storage areas, even providing remote virtual computers. Using a cloud will mean the equipment managing the service is run by the cloud provider and not the customer. Although the customer does not own the service, they are still accountable for the information they choose to store and process through it. Usually a cloud service is indicated by an ‘aaS’ suffix. For example – SaaS (Software as a Service), IaaS (Infrastructure as a Service) and PaaS (Platform as a Service).
cloud security – a term used to describe the collective policies, technologies, procedures and other controls that are used to protect a technology service hosted by an external organization. Cloud platforms are typically internet accessible and shared with many customers, requiring stronger security than services delivered within an isolated network.
compartmentalization – a security technique that can be applied to high value assets. The assets can be placed in a more isolated system, network or device requiring additional security controls to access. This is designed to add greater protection to those assets.
Compliance – the process used to verify that governance items (policies, procedures, regulations and more) are being followed, and to identify when they are not. Audits, assessments, continuous monitoring can be used to identify and report deficiencies. Any identified gaps are usually tracked and resolved through a corrective and preventive action system.
Computer Emergency Response Team – see CERT.
confidentiality – the assignment of a value to a set of information to indicate the level of secrecy required and used to set access restrictions. A typical example scale for confidentiality is: (i) Public Use (ii) Internal Use (iii) Confidential (iv) Strictly Confidential and (v) Restricted
configuration management – the backbone of security management in large enterprises, this is the process used to track and ensure all hardware and software are identified and in a controlled state. Functions include (i) helping to ensure that timely security patch management can be applied and (ii) that unknown digital devices can be prevented from connecting to the network.
consent – where electronic personal information is involved, there are often legal constraints that govern how the data can be used and where the information can be viewed, stored, transmitted or otherwise processed. In those circumstances, permission is often required from each individual for what information can be collected, where it can be processed and how long it will be retained for. These permissions can be represented by a series of tags on individual records or on the full data set. The required permission attributes can include but are not limited to, country of origin, permission for export, limitations of use, retention and notification requirements.
containment – a stage during incident response where a confirmed problem (for example a malware infection) has steps taken to isolate it and prevent the issue from spreading to other areas.
content filtering – see packet filtering.
continuous monitoring – port scanning can detect patterns that can indicate an imminent attack and alert the appropriate personnel.
control – (in the context of security and compliance) a method of regulating something, often a process, technology or behavior, to achieve a desired outcome, usually resulting in the reduction of risk. Depending on how it is designed and used, any single control may be referred to as preventive, detective or corrective.
control information – the component of a data packet that provides the destination, source and type of content.
control modes – an umbrella term for preventive, detective and corrective methods of defense. Each one represents a different time posture, preventive controls are designed to stop an attack before it is successful, detective controls are designed to monitor and alert during a potential compromise and corrective controls are the rectification of an issue after an event.
control systems – collections of applications that function together to command the actions or activities of other devices. For example, a heating, ventilation and air-conditioning (HVAC) control system may comprise of a number of devices (sensors) that feed into a central set of applications that regulate other devices (heaters and coolers). Collectively, this would be an example of a control system. Industrial control systems is a term applied when the usage is for large-scale production objectives and/or to operate extremely high-capacity devices. These systems are considered high-value targets for cyber attack because they are easy to ransom, high cost to repair, have substantial ability to disrupt or halt business operations and can lead to huge brand and share-price damage.
corrective action – a specific activity (triggered by an event) that when complete will result in the mitigation or resolution of a problem. The fact the activity is triggered by an event makes the activity reactive and therefore corrective.
Corrective And Preventive Action system (CAPA) – An automated tracking process to ensure that key activities (actions) to resolve or mitigate gaps in security or compliance are consistently tracked through to completion.
corrective control – (see also control) a method of defense that is introduced as the reactive result of an observed deficiency in security. For example, the addition of greater network segmentation after an attack can be considered a corrective control.
critical infrastructure – the core of any digital landscape that enables the highest priority technology services and data flows to operate.
cross-site scripting (also known as XSS) – a security exploit that takes advantage of security design flaws in web generated pages. If the dynamic pages from a legitimate site do not have very robust rules, users machines can be exploited by a 3rd party to present false links or dialog boxes that appear to be from the legitimate site but are not. A specific instance of an XSS vulnerability is known as an XSS hole.
cryptanalysis – the art of examining ciphered information to determine how to circumvent the technique that was used to encode or hide it, i.e. analyzing ciphers.
cryptographic algorithm – the use of a mathematical and/or computational model to cipher information from plain text to a hidden format.
cryptography – the use of models to make information secret using ciphers i.e. writing ciphers.
cryptology – the study of models used to make information secret using ciphers, i.e. reading ciphers.
CVE Identifier – the acronym stands for Common Vulnerabilities and Exposures. This is a unique number assigned in a publicly accessible database for all known (and suspected) security vulnerabilities in publicly released software. The database is maintained by the not-for-profit US MITRE Corporation. The format is CVE + Year + (number assigned) – so for example CVE-2014-6271 is the initial identifier for the shellshock security bug, with the middle number indicating it was registered in 2014. The list can be accessed through: http://cve.mitre.org/
cyber –for anything using this as a prefix, see digital device.
cyber attack – to take aggressive or hostile action by leveraging or targeting digital devices. The intended damage is not limited to the digital (electronic) environment.
cyber attack lifecycle – a conceptual model of the sequential steps that are involved in a successful unauthorized intrusion or disruption into a digital landscape or digital device. There are a number of models currently available, an example of the most common steps found across the models are illustrated within the definition of advanced persistent threat. See also kill chain.
cyber defense points -the digital locations where we could add cybersecurity controls. Example defense points include data, applications, systems, devices and networks.
cyber defense strategies – a short list of the primary defensive countermeasure types that can be considered at each stage in the cyber attack lifecycle as part of a structured defense. These are typically summarized as: detect, deny, disrupt, degrade, deceive and contain. See also kill chain.
cyber espionage – the use of digital technologies to help steal information from any organization or individual in order to create a financial or political gain.
cyber forensics – see digital forensics.
cyber threat dwell time – see dwell time.
cyber incident response – see incident response.
cyber insecurity – suffering from a concern that weaknesses in your cybersecurity are going to cause you personal or professional harm.
cyber maneuver –an action, method or process designed to operate to attack or defend all or part of a digital landscape in order to gain advantage over an adversary. The activity is designed to capture, disrupt, destroy, deny or otherwise manipulate the position of the adversary.
cyber operations – the activity of gathering information around active threats to the digital landscape. Usually a combination of real-time threat intelligence about network and malware attacks, together with external intelligence about active and emerging threats.
cyber security incident – see security incident.
cybersecurity – The protection of digital devices and their communication channels from danger or threat. Usually the required protection level must be sufficient to prevent unauthorized access or intervention that can lead to personal, professional, organizational, financial and/or political harm. In the UK this term Is used as 2 words – cyber security.
cybersecurity architecture – see security architecture.
cybersecurity control types –categories used to help organize the defenses against cyber attack. Usually these categories are (i) technical (ii) procedural (iii) physical and (iv) compliance (or legal / contractual). Each of the cyber defense points should have all of the cyber control types considered and in place as appropriate to the risks.
cyberspace – the area available for electronic information to exist inside any collective of interconnected digital devices.
cyberwar – a campaign of activities by one entity that has the purpose to defeat an enemy entity through disruption to, compromise of or theft from the enemy digital landscape. The entity can be a state, company or other organization.
cyber warrior – a person that engages in attempts at unauthorized access or disruption of digital devices, systems or networks for personal, political or religious reasons.