dark internet – publicly accessible electronic data content that is only unreadable due to its format or indexing. For example, a store of raw scientific information may be internet accessible, but without indexing or context it is considered part of the dark internet.
dark web – websites that hide their server locations. Although publicly accessible, they are not registered on standard search engines and the hidden server values make it extremely difficult to locate what organizations and people are behind the site.
data – information stored in an electronic or digital format
data breach notification procedure – see breach notification procedure.
data chain of custody – see chain of custody.
data controller – the organization that owns and is accountable for a set of data. In many privacy regulations around the world, the role of the data controller can have legal and financial implications for the organization and/or for a specific person (organization role) if compliance requirements are not met.
Data Encryption Standard (DES) – an early form of ciphering information from plain text to secret information using symmetrical keys, developed in around 1975. Triple DES is a version of the same standard that uses a bundle of keys to help increase the strength of the ciphering but still offers lower security than more recent standards. These methods are considered outdated (no longer effective) because it is now easy to break) and has been succeeded by other standards, including the Advanced Encryption Standard.
data loss prevention (DLP) – this term can describe both (i) technologies and (ii) the strategies used to help stop information from being taken out of an organization without the appropriate authorization. Software technologies can use heuristics (patterns that fit within certain rules), to recognize, alert and/or block data extraction activities on digital devices. For example, to prohibit specific types of file attachments to be sent out via internet mail services. They can also prevent or monitor many other attempts at removing or copying data. There are workarounds that can be used by skilled hackers that can evade detection by these solutions, including encryption and fragmentation. Although these solutions are becoming an essential line of defense, the most secure environments aim to prevent any significant set of data being available for export in the first place. For this reason, data loss prevention is often thought of as the last line of defense (a final safety net if all other security controls have not been successful). Information loss prevention (ILP) is an alternative version of the same term.
DDoS – acronym for Distributed Denial of Service. See Denial of Service for definition.
decapitation – (in the context of malware) to remove the ability for malware to send or receive instructions and other information from the controlling attacker. This can effectively render many forms of malware ineffective. This is a method of takedown.
deep web – internet content that cannot be seen by search engines. This includes not only dark web content but also harmless and general content that is not indexed or generally reachable, for example – personal databases and paid content.
default accounts – generic user and password permissions, often with administrative access that is provided as standard for some applications and hardware for use during initial set-up.
defense in depth – the use of multiple layers of security techniques to help reduce the chance of a successful attack. The idea is that if one security
technique fails or is bypassed, there are others that should address the attack. The latest (and correct) thinking on defense in depth is that security techniques must also consider people and operational factors (for example processes) and not just technology.
Denial of service (DoS) – an attack designed to stop or disrupt people from using organizations systems. Usually a particular section of an enterprise is targeted, for example, a specific network, system, digital device type or function. Usually these attacks originate from, and are targeted at, devices accessible through the internet. If the attack is from multiple source locations, it is referred to as a distributed denial of service or DDoS attack.
DES – acronym for Data Encryption Standard. See Data Encryption Standard for definition.
detective control – (see also control) a method of defense used to help identify items or issues that may occur but are not being defeated or prevented by other means. For example, an intrusion detection system may identify and alert a new issue but may not have the means to defeat the problem without additional intervention.
devices – any hardware used to create, modify, process, store or transmit data. Computers, smart phones and USB drives are all examples of devices.
digital device – any electronic appliance that can create, modify, archive, retrieve or transmit information in an electronic format.
digital fingerprinting – has two different potential meanings. (i) to covertly embed ownership information inside any form of electronic information, so that original ownership can still be established on stolen or copied information. This varies from digital watermarking because the ownership information is hidden. (ii) the use of characteristics that are unique to an electronic file or object to help prevent, detect or track unauthorized storage, usage or transmission. Used as a form of defense on high sensitivity intellectual property.
digital forensics – a specialist field to help preserve, rebuild and recover electronic information and help investigate and uncover residual evidence after an attack. See also indicators of compromise.
digital landscape – the collection of digital devices and electronic data that is visible or accessible from a particular location.
digital signature – to endorse an electronic artifact using an identity that can be verified through a mathematical technique. Digital signatures may only be considered the equivalent of their handwritten counterpart where evidence of unique access to the mathematical technique can be proven without doubt.
digital watermarking – a technique to embed ownership information inside any form of electronic information. This technique can be used towards some forms of advanced cyber defense, especially for intellectual property, so even if it is stolen, the information will still contain evidence of the original owner. See also digital fingerprinting.
Disaster Recovery Plan – see Technical Disaster Recovery Plan
Distributed Denial of Service (DDoS) – see Denial of Service.
DMZ (Demilitarized Zone) — A segment or subnet of a private network where resources are hosted and accessed by the general public from the Internet. The DMZ is isolated from the private network using a firewall and is protected from obvious abuses and attacks from the Internet using a firewall. A DMZ can be deployed in two main configurations. One method is the screened subnet configuration, which has the structure of I-F-DMZ-F-LAN (i.e. internet, then firewall, then the DMZ, then another firewall, then the private LAN). A second method is the multi-homed firewall configuration, which has the structure of a single firewall with three interfaces, one connecting to the Internet, a second to the DMZ, and a third to the private LAN.
doxxing (also doxing) – publicly exposing personal information on to the internet. Thought to be based on an abbreviation of the word ‘documenting’.
drive-by download – the unintended receiving of malicious software on to a device through an internet page, electronic service or link. The victim is usually unaware that their action permitted new malicious software to be pulled on to and installed in to their digital device or network.
dual homed – any network device that has more than one network interface. The primary method of positioning firewalls and other network boundary or perimeter defense uses this technique to connect untrusted networks to trusted networks by keeping them isolated to different network connections and applying rules and controls on any data that is passed across.
dwell-time – in the context of cybersecurity – how long an intrusion or threat has been allowed to remain in place before being discovered and eliminated.
dynamic host configuration protocol (DHCP) – the standard method used on networks and the internet to assign an address (internet protocol or IP) to any digital device to allow its communications to operate. This address is assigned by a server (host) each time an authorized digital device connects to it.
dynamic testing – (in the context of cybersecurity) to assess the security standards and potential vulnerabilities within an application or service when it is running in an installed environment. This is usually a form of black-box0 penetration testing. See also static testing.