Cybersecurity Glossary

Intentionally modifying an asset to force it to execute unauthorized actions. There has been an increase in the production of antitamper mechanisms, both logical and physical types, to counter this risk.

A type of malware designed and destined for a specific person, organization, or industry. They are designed to gather sensitive information. The government sector is the industry this type of attack is used most. Targeted threats are delivered via phishing emails, and deploy zero day vulnerabilities.

A ransomware Trojan that has become defunct due to the master key being released by the developers and a free decryption tool being available on the web.

anything that could destroy, alter, or interrupt the use and availability of a service or valued item. Threats can be either human or non human. Both a hacker and a flood could render an information system useless.

Examining the current security posture of a system to determine and evaluate potential areas of weakness and points of vulnerability. This is a core area of a risk assessment.

an approach to evaluate the potential risk posed to an organization and their people an information systems. It is used as a way to create a prevention strategy to avoid falling victim to the potential threat.

A potentially harmful situation that could have undesirable consequences or impact to an information system. This could include anything from a hacker exploiting a vulnerability to a tornado destroying a data center.

The analysis, assessment and review of security related data to examine how certain events could endanger the system’s security posture. This data is used to detect both attempted or successful security breaches.

During a risk assessment, the impact, potential vulnerabilities and threats are evaluated to assess an organizations likely threat sources and ways they could exploit the information systems.

The adoption of new countermeasures based on current cyber attacks and tactics. This is also the response from adversaries who change their characteristics to overcome the newly implemented (or what they perceived to be implemented) safeguards and countermeasures.

The method or object used by a cyber attacker to exploit a vulnerability in an system.

Malicious code often contain logic bombs and stays dormant on a system for a certain amount of time then executes its malicious payload once certain criteria is met. This is an effective way to launch a virus in a stealth manner and avoid detection.

Are onetime use, dynamic, passwords normally based on the Timebased OneTime Password algorithm. This algorithm produces a one time use password based on a shared secret key and the current time. It is often used in twofactor authentication systems.

A physical device that provides authentication in order to gain access to a logically or electronically restricted resource. A token can create a randomized number, store a digital signature, cryptographic keys or even biometric data. Some even store passwords. Token are normally used in two, or multi factor authentication mechanisms. Tokens can be key fobs, smart cards, or USB and some newer designs come in tamper resistant packaging for increased security.

Bits of text stored on a computer, that gathers information about a users browsing history. This information relates to the user’s browsing preferences, shopping cart contents or other related data to send customized advertisements based on those preferences.

Is when network traffic is examined in order to better understand and identify the traffic patterns in order to create metrics and statistics. This data can be used to fine tune the monitoring efforts of an anomaly based IDS. Traffic analysis can be used to enhance security, but since it examines who is talking to whom, what time(s), and the length their communications last, or the size of the packets transmitted, this information could be useful to a potential attacker if it is not well protected.

In network security this is a key used to encrypt traffic. A TEK is normally used in symmetrical encryption schemes. They are changed often. In some systems daily, some as quickly as hourly, some are changed with every message.

Named after the Greek legend, this is a sneaky way to infect a computer with a malicious program that appears to be a legitimate program and inconspicuous in nature leading the receiver to believe it is safe to open. Once installed, a hacker now has remote access to the infected computer. This gives them the ability to spy on the user, steal sensitive data, or destroy and manipulate sensitive files. Trojans are different from viruses and worms as it is unable to self replicate.

A man-in-the-middle attack that is used to inject advertisements into webpages that an user visits while using a public network. The advertisements can be displayed on the user’s computer even if there is no adware installed. This makes depending on antivirus to detect the adware, difficult.