Something (or someone) is always trying to get into your network. There are APTs, hackers, phishing, data breaches, penetration tests, and vulnerability exploit. But if you’re not in the industry that may have all sounded like a foreign language. Carson Inc. wants to help you understand the technical jargon we use every day, so we’ve created a glossary of the most popular terms we use or hear on a daily basis.
Commonly Used Terms in Cyber Security
What is a Vulnerability?
The dictionary definition of vulnerability is when a person, place, or thing is susceptible to physical or emotional attack or harm. In a security sense, it is a flaw or weakness in a system that can leave information open to an attack.
Cutting down vulnerabilities are what security-consulting professionals seek to reduce. By diminishing the vulnerabilities, there are fewer opportunities for a malicious user to gain access to secure information. A vulnerability scan is a tool that seeks out security flaws that you may have in your system. You should have at your disposal to assist in risk management.
In addition to vulnerability scans, penetration testing is when there is a controlled, authorized attack on a computer system with the intention to find security weaknesses and then proactively remediated them in order to decrease the consequences from similar breaches.
A data breach is an incident in which sensitive, protected, or confidential information has been potentially viewed, stolen, or used by an individual unauthorized to do so.
Short for malicious software, malware is any software that has an intended use to cause harm or exploit or steal a person’s computer, computer system, or private records without consent.
Phishing is the process of defrauding an online account holder of financial information by posing as a legitimate company. The information they are attempting to acquire is usually usernames, passwords, and credit card details. It is usually carried out by email and often directs a user to a fake website that looks almost identical to the legitimate one. It is one of the most popular threats to cyber security today.
The Payment Card Industry (PCI) is an open global forum that is responsible for the development, management, education, and awareness of the PCI Security Standards.
The PCI Assessment is the first step for successful compliance with the PCI DSS framework. This self-guided questionnaire will help you understand scope and any deficiencies within your existing security infrastructure.
The Payment Card Industry Data Security Standards (PCI DSS) is a set of requirements designed to ensure that all companies that process, store, or transmit credit card information maintain a secure environment. Usually businesses determine which Self Assessment Questionnaire their business should use to validate compliance. Then you must obtain evidence of passing the vulnerability scan and submit the scan to your acquirer.
Threat is “the possibility of trouble, danger, or ruin.” In computer security, a threat is a possible danger that might exploit an organization’s vulnerability. Threat sources can exploit the vulnerabilities of your organization.
Risk is when something is exposed to danger, harm or loss. In a computer security sense, risk must be pro-actively managed to identify and respond to new vulnerabilities and minimize cost associated with a breach of security. Your organization should be able to identify, assess, respond, and monitor the risk to your organization’s information infrastructure. The goal if identifying risks is to reduce the potential impact from a threat to exposed vulnerabilities.
An effective risk management process aims to reduce the potential impact from a threat exploiting an organization’s vulnerabilities.
When discussing likelihood in a cybersecurity sense, it focuses on the possibility of a threat-vulnerability. Likelihood is usually used in correlation with impact to show the degree of potential severity of an incident
Confidentiality, Integrity, Availability (C.I.A.)
CIA is a widely used benchmark for evaluation of information systems security, focusing on the three core goals of confidentiality, integrity, and availability of information.
Confidentiality refers to preventing access to unauthorized users.
Integrity refers to the trustworthiness of information resources
Availability refers to the availability of information
Intrusion Prevention vs. Intrusions Detection
Intrusion Prevention is a preemptive approach to network security used to identify potential threats and respond to them swiftly. Intrusion Detection is a system that gathers and analyzes information from various areas to recognize patterns of typical attacks and determine vulnerabilities. Intrusion detection usually uses vulnerability scan, which assess the security of a system or network.
Advanced Persistent Threat (APT)
An Advanced Persistent Threat (APT) is a set of continuous computer hacking processes that are targeted at a specific entity. It is usually a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The intention of these attacks is to steal data rather than cause damage – usually target high-value information.
The protection of personal information stored on computers or in data systems.
System Development Life Cycle (SDLC)
The scope of activities associated with a system, encompassing the system’s initiation, development and acquisition, implementation, operation and maintenance, and ultimately its disposal that instigates another system initiation.
Need Help with Cyber Security?
The Carson Inc. team enforces a life cycle approach to structuring information security programs that ensure that your organization’s most critical data is protected, safeguarding its confidentiality, integrity, and availability. The technical solution we offer has been vetted over many successful engagements and couples the best of breed methodologies, technologies, and security experts together to bring a holistic view to an organization’s security program. For more information email firstname.lastname@example.org or call (301) 656-4565.