A
Advanced Persistent Threat (APT)
A type of cyber attack that uses sophisticated techniques to continuously conduct cyber espionage or other malicious activities against targeted governments and companies. It is usually done by opponents with extensive expertise and resources-usually related to nation-state participants.
These attacks often come from multiple entry points and may use multiple attack vectors (for example, cyber attacks, physical attacks, spoofing attacks). Once the system is compromised, ending the attack may be very difficult.
Alert
Notification about detected or ongoing information system network security threats.
Antivirus software (Antivirus)
Antivirus software is used to monitor computers or networks to detect network security threats from malicious code to malicious software. Anti-virus programs can not only warn you of threats, but also delete or eliminate malicious code.
Attack signature
A characteristic or unique pattern can help link one attack with another, thereby identifying possible participants and solutions.
Attacker
The cause of the threat: malicious characters, they try to change, destroy, steal or disable the information stored on the computer system, and then use the results.
Authentication method (Authentication)
The process of verifying the identity or other attributes of a user, process, or device.
B
Behavior monitoring (Behaviour monitoring)
Observe the activities of users, information systems and processes. It can be used to measure these activities based on organizational policies and rules, normal activity benchmarks, thresholds and trends.
Blacklist
List of entities (users, devices) that are blocked, denied privileges or access.
Blue team
Simulate a defense team in a cyber security attack. The blue team defended the company's information system when the red team attacked. These mock attacks are usually part of a business exercise established and monitored by the neutral organization White Team.
Bot
A computer connected to the Internet that has been damaged by malicious logic and is unable to conduct activities under the command and control of a remote administrator.
Botnet
Networks of infected devices connected to the Internet used to carry out coordinated cyber attacks without the owner’s knowledge.
Breach
Unauthorized access to data, computer systems or networks.
Bring Your Own Device (BYOD)
The organization's policy or policy that allows employees to use their personal devices for work purposes.
Brute force attack
Attacks that use computing power to automatically enter a large number of combinations to discover passwords and gain access
Defect
A relatively small defect or defect in an information system or equipment.
C
Certificate (Certificate)
A digital certificate is a form of digital identity verification that allows computers, users or organizations to exchange information securely.
Certified Information System Auditor (CISA)
Certification of professionals who monitor, audit, control and evaluate information systems.
Certified Information System Security Manager (CISM)
ISACA's advanced certification is suitable for professionals who have the knowledge and experience to develop and manage corporate information security plans.
Information System Security Certified Specialist (CISSP)
Management certification for CISO and other information security leaders.
Cipher
An algorithm used to encrypt and decrypt data. Sometimes used interchangeably with the term "code".
Computer Incident Response Team (CIRT)
A team of investigators focused on cybersecurity vulnerabilities. Their role is to analyze how the incident occurred and the information affected/lost. Then they use this insight to respond.
Computer Network Defense (CND)
CND is usually applied to military and government security, and refers to measures taken to protect information systems and networks from network attacks and intrusions.
Information and related technology control objectives (COBIT)
The business framework developed and continuously updated by ISACA includes practices, tools and models for information technology management and governance, including risk management and compliance.
Credentials
Information used to verify the identity of the user, such as passwords, tokens, certificates.
Cross-site scripting (XSS)
Cross-site scripting (XSS) is a software vulnerability commonly found in web applications that allows online criminals to inject client-side scripts into pages viewed by other users.
Attackers can also use cross-site scripting vulnerabilities to override access control. Unless the network administrator or website owner has not taken the necessary security measures, this issue may become a serious security risk.
Cryptography (Cryptography)
Coding research. Similarly, use code/password/mathematics techniques to protect data and provide entity and data authentication.
Cyber attack
Deliberate and malicious attempts to destroy, destroy or access computer systems, networks or equipment through network means.
Cyber Essentials
A self-assessment certificate supported by the UK government can help you defend against cyber attacks and also prove to others that your organization is taking steps to combat cyber crime.
Cyber incident
Violation of the security policy of the system or service-the most common situations are:
Attempt to gain unauthorized access to the system and/or data.
Unauthorized use of the system to process or store data.
Change the firmware, software or hardware of the system without the consent of the system owner.
Malicious destruction and/or denial of service.
Cyber security
Cybersecurity is a collective term used to describe the protection of electronic and computer networks, programs, and data to prevent malicious attacks and unauthorized access.
D
Data at rest
Data in persistent storage, that is, data that remains on the device regardless of whether the device is connected to a power source, such as hard drives, removable media or backups.
Data breach
Unauthorized movement or disclosure of information, usually to a party outside the organization.
Data integrity
Complete and credible data quality, data quality modified or destroyed in an unauthorized or accidental manner.
Data loss
There is no more data, whether because it was stolen, deleted or forgotten its location.
Prevent data loss (DLP)
Security policies and related procedures that prevent sensitive data from passing through security boundaries.
Data security
Measures taken to protect confidential data and prevent it from being accidentally or deliberately leaked, destroyed, destroyed or destroyed.
Decryption
The process of decrypting encoded text into the original original format.
Denial of Service (DoS)
This is a type of network attack that usually prevents authorized use of information system services or resources or damages access by overloading the request.
Dictionary attack
Attackers use known dictionary words, phrases or common passwords to access your information system. This is a brute force attack.
Distributed Denial of Service (DDoS)
A denial of service technique in which multiple systems are used to execute an attack, overwhelming the service.
Download attack
Malware or viruses installed on a device without the user’s knowledge or consent-sometimes referred to as "download across the road."
E
Electronic Warfare (EW)
Use energy such as radio waves or lasers to damage or destroy enemy electronic equipment. An example is frequency interference to disable communication equipment.
Encode
Use code to convert plain text to cipher text.
Encryption
Use a password to protect the information, which makes it unreadable by anyone without the key to decrypt it.
Endpoint
A collective term for Internet-capable computer devices connected to a network-for example, modern smartphones, laptops, and tablets are all endpoints.
Ethical hacking
Use hacking techniques for legitimate purposes-namely to identify and test network security vulnerabilities. In this case, these individuals are sometimes referred to as "white hat hackers."
Exfiltration
Transfer information from the system without consent.
Exploit
The act of exploiting vulnerabilities in information systems. Also used to describe a technique used to undermine network security.
Exploit kit
A computer program designed to find vulnerabilities in software applications and use them to access a system or network. Once they penetrate the system, they will provide it with harmful code.
F
Firewall (Firewall)
The virtual boundary around a network or device is used to protect the network or device from unnecessary access. It can be hardware or software.
G
GCHQ
Government Communications Headquarters. The organization uses foreign intelligence to help fight terrorism, cybercrime and child pornography.
General Data Protection Regulation (GDPR)
General Data Protection Regulation. European legislation aims to prevent data abuse by enabling individuals to better control how their personal information is used online.
Governance, risk management and compliance (GRC)
The three aspects of organization management are designed to ensure that the organization and its personnel conduct norms, effectively manage the organization, take appropriate measures to reduce risks and maintain compliance with internal policies and external regulations.
H
Hacker
The basic meaning of a hacker is a person with proficient computer skills, but most media are used to refer to a "hacker" as a computer intruder.
Hashing
Use mathematical algorithms to disguise a piece of data.
Honeypot (honeynet)
Deception systems or networks are used to attract potential attackers and protect the actual system by detecting or deflecting attacks. A good tool for learning attack methods. Multiple honeypots can form a honeynet.
I
Incident
Any violation of system or service security rules. This includes attempts to gain unauthorized access, unauthorized use of the system to process or store data, malicious destruction or denial of service, and changes to the system's firmware, software, or hardware without the owner's consent.
Incident response plan
A predetermined action plan to be taken in the event of a cyber incident.
Indicator (Indicator)
A signal that indicates a network event that may have occurred or is in progress.
Industrial Control System (ICS)
An information system used to control industrial processes or infrastructure assets. Common in manufacturing, product handling, production and distribution.
Information security policy (Information security policy)
The directives, regulations, rules, and practices that make up the organization's strategy for managing, protecting, and distributing information.
International Organization for Standardization (ISO)
An independent organization that develops voluntary industry standards (including two major information security management standards): ISO 27001 and ISO 27002.
Internet of Things (IoT)
The Internet of Things is to connect any object to the Internet through various sensing technologies (RFID, sensors, GPS, cameras, laser scanners...) and various communication means (wired, wireless, long-range, short-range...) , In order to realize remote monitoring, automatic alarm, control, diagnosis and maintenance, and then realize a kind of integrated network of "management, control and operation".
Intrusion Detection System/Intrusion Detection and Prevention (IDS / IDP)
Find hardware or software that helps prevent malicious activity on the company's network.
IP spoofing
Attackers use a strategy to provide fake IP addresses in an attempt to trick users or network security solutions into thinking they are legitimate actors.
ISO 27001
The gold standard of the Information Security Management System (ISMS) proves the highest level of certification.
J
Jailbreak
Cancel the security restrictions of the device, the purpose is to install unofficial applications and modify the system. Usually used in mobile phones.
K
Key
The value used to encrypt and decrypt the ciphertext.
Keylogger
A software or hardware that tracks keystrokes and keyboard events to monitor user activity.
L
Logic bomb
A piece of code with a set of secret instructions. It is inserted into the system and triggered by a specific operation. This code usually performs malicious actions, such as deleting files.
M
Macro virus
A type of malicious code that uses the macro programming function of a document application to perform improper behavior, copy itself and spread throughout the system.
Malicious code
Program code specially designed for evil. Designed to compromise the confidentiality, integrity or availability of information systems.
Malvertising
Use online advertising to deliver malware.
Malware
Abbreviation for malware. Any virus, Trojan horse, worm, code or content that may adversely affect the organization or individual.
Man-in-the-middle attack (MitM)
Cybercriminals place themselves between the victim and the website the victim is trying to visit in order to obtain or change the information being transmitted. Sometimes abbreviated as MITM, MIM, MiM or MITMA.
Mitigation
Steps taken to minimize and resolve cybersecurity risks.
Mobile Device Management (MDM)
Mobile Device Management (MDM) is a type of security software specifically used to monitor, manage, and protect mobile devices, tablets and other devices, thereby allowing remote management of devices.
N
National Cyber Security Center (NCSC)
Part of GCHQ. The British government organization was established to help protect critical services from cyber attacks.
National Institute of Standards and Technology (NIST)
United States Federal Agency. Responsible for "a framework for improving cybersecurity of critical infrastructure"-voluntary guidelines for organizations to manage their security risks.
NIST Cybersecurity Standard
A framework used by the United States to help companies prepare for defense against cybercrime.