Cybersecurity Glossary

Security controls, either logical, physical, technical or administrative, put in place to protect a system from unauthorized access or data spillage.

Malware used to frighten an user into purchasing or downloading malicious or unnecessary software in an effort to protect their computer. Scareware generates popups that suggest the system is infected with a virus and uses clickjacking features in the pop up to force the user to navigate to the website to purchase the download. Clickjacking means once the popup appears clicking any of the options will just lead to the website. To close the window, the user would need to right click on the item and select close or use the task manager to close the browser.

The act of searching through a system’s data residue trying to find sensitive data. Some software programs create temporary data files that stay on the system until the next time the program is launched. During this time before these files were overwritten, they can be obtained and copied. Scavenging these files can be used by cyber criminals to gather information about the user.

Physical or logical safeguards and/or countermeasures used to detect, avoid, or counteract risks to a system. In relation to cybersecurity, these are the controls used to protect the confidentiality, integrity, and/or availability of data.

A study performed by an organization to determine the level of changes required to alter the state of security on the system. This study is apart of the System Development Lifecycle (SDLC) and is used to determine the impact of potential changes to the system and decide if additional security requirements are required.

Describes both the functional and non functional conditions that need to be fulfilled in order to achieve the desired security attributes of the system. The functional requirements are the objectives that need to be satisfied for the system to pass inspection. These include things like authentication controls, authorization, backup schedule, serverclusters, etc. Non functional security requirements relate to the architecture and its robustness. These are the industry best practices for minimal performance and scalability.

Data that is not open to the general public. It is considered confidential to certain groups of people. For example, health information is considered sensitive and is only authorized to be viewed by the healthcare providers assigned to treat the individual and the individual themselves.

Based on the leaked ZeuS code, it is malware designed to steal a user’s banking credentials for malicious purposes. It uses maninthemiddle attacks along with fake digital certificates in order to intercept data and inject code, particularly malicious Javascript, into banking websites. It uses a Domain Generation Algorithm (DGA) to hide its traffic and remain undetected by antivirus solutions. The malware gathers information from the infected websites, but it has been used to open fake customer service chat sessions to trick customers into giving their account information.

In cyber security this is the identifiable, differentiating pattern associated with malware. It is a unique arrangement of information. Signatures can be analysed and stored in a database and then used to update antivirus software to help protect against future attacks.

Using a tag reader to collect information about a person’s tag. Credit card fraud often happens due to a maliciously placed skimmer collecting data from a card’s magnetic stripe and copying this information to a blank card’s magnetic stripe.

A packet analyser that is used to monitor and analyse network traffic. It can legitimately be used to determine bottlenecks and to troubleshoot network issues. Illegitimate uses are to capture and harvest data transmitted over the network for malicious purposes.

Using psychological deception or manipulation of individual to divulge confidential, sensitive and personal information that can then be used for nefarious purposes. The human being is regarded as the weakest link in the security chain so it may be easier and less time consuming to trick a user into giving you their password or enough information to guess it, then to use a logical attack to get it.

Unwanted and unsolicited emails that are often sent in bulk. Spambots are automated programs that crawl through the internet to gather email addresses and create distribution lists. Spam emails will often have multiple recipients with similar email names. These types of emails are often advertisements for various products or services.

Is an email program or service used to detect and discard of unsolicited emails. The software may look for certain keywords, phrases, or suspicious word patterns or word frequency. Once an email is determined to be spam it is sent to a separate folder or deleted instead of making its way to the user’s inbox. It is still possible to receive spam emails, or to have legitimate emails get discarded. These are called false positives.

The practice of sending fraudulent emails that have been spoofed to appear as though they came from a legitimate or trusted source. These emails are used to target specific organizations to gain access to sensitive data.

When data leaks from a secure location to a less secure one, potentially giving people who are not authorized to view the information access. This term is often used to describe when classified information is spilled over to a system with a lower classification.

Forges the information in the email header, to make the message appear it originated from a legitimate source or anywhere other than where it actually came from. Email spoofing is used in phishing and spam campaigns to convince the user the email is ok to open and to trust the links embedded inside.

A type of malware that combines tactics from both phishing and spyware campaigns. It makes use of spyware techniques like Trojans by having the intended victim click a phishing link, and it is malware intended to spy on the user to gather financial credentials or other sensitive information. Merging these tactics makes spyphishing capable of downloading applications that silently run on the infected computer and discreetly send the collected information back to the creator of the spyphishing message.

A type of malware that is used steal sensitive information from the computer it infects. Once installed it monitors and stores the victim’s keystrokes, browser history and current internet activity to collect login information, including usernames and passwords, particularly to financial sites. Spyware can also be installed for innocuous reasons like employers monitoring their employees online activity while using company assets, parents monitoring their kids activity while online, or online businesses installing cookies to track users viewing history. In these cases spyware may be referred to as tracking software.

A malicious payload of SQL statements are injected into a website in order to take control of its database server.

The standard security technology that establishes an encrypted link between a web server and browser or email server and client. This link protects the confidentiality and integrity of the data. Websites that use ssl will start with https. Inputting any type of data in websites that don’t use SSL is a potential risk.

A type of malware that uses stealth measures to transfer money or data to a malicious third party. Uses an HTTP cookie that redirects the commissions earned by a site that referrers users to another site.

Forcing the use of multi factor or stringent authentication methods to ensure the security of the system.

A cyberattack that exploits vulnerabilities within a supply network. The hardware or software that is purchased by companies can be manipulated or embedded with viruses during the manufacturing stage.

An action used to reduce the potential security risks associated with an information system. During the risk mitigation process suppression measures are identified and put into policies and procedures for the organization.

When files do questionable things or exhibit unusual behavior, they are considered suspicious. Files that begin copying themselves to different locations within the file structure, may be showing signs of a virus infection. These types of actions are how antivirus software flag files as suspicious.

The person responsible to maintaining the information systems within an organization. They ensure the system is up to date with the latest patches, they reset users accesses when they forget their password or login information, they install updates, and install the hardware and software for new systems.

This state defines an information system which is able to perform its dedicated functions at optimal parameters, without intrusion or manipulation (either intended or not).