This glossary defines key terms and concepts used within the Carbide platform. It's a good place to get started learning how to build your security program with Carbide.
A
Access Control
The process of granting or denying specific requests for obtaining and using information and related information processing services; and to enter specific physical facilities (e.g., Federal buildings, military establishments, and border crossing entrances).
Source(s):
NIST SP 800-53 Rev. 5
ACL
A mechanism that implements access control for a system resource by enumerating the identities of the system entities that are permitted to access the resources.
Source(s):
NIST SP 800-82 Rev. 2 under Access Control List (ACL) from RFC 4949
Adware
Software that contains advertisements embedded in the application. Adware is considered a legitimate alternative offered to consumers who do not wish to pay for software. There are many ad-supported programs, games or utilities that are distributed as adware.
Antivirus
A program that monitors a computer or network to identify all major types of malware and prevent or contain malware incidents.
Source(s):
NIST SP 800-83 Rev. 1
B
Biometric
The process by which a person's unique physical and other traits are detected and recorded by an electronic device or system as a means of confirming identity.
C
CIS CSC
Center for Internet Security Critical Security Controls for Effective Cyber Defense is a publication of best practice guidelines for computer security. The project was initiated early in 2008 in response to extreme data losses experienced by organizations in the US defense industrial base.[1] The publication was initially developed by the SANS Institute. Ownership was then transferred to the Council on Cyber Security (CCS) in 2013, and then transferred to Center for Internet Security (CIS) in 2015.
Cloud Storage
Storage services provided by an external supplier and made available to organizations, or individuals, on terms and conditions, which are defined by the external supplier. Cloud Storage and associated files reside outside of the organization’s domain (data centres) and facilitate the sharing of files and makes data available over a range of computers and other portable devices, usually accessed via options including, web browser; mobile app; synchronization client; drive mapping. Cloud Storage provider examples including, Dropbox, Box, Microsoft One Drive, Apple iCloud, Google Drive.
CryptoLocker
A type of malware that encrypts your device and prevents it from being accessed.
Cybersecurity
Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation.
Source(s):
D
Denial of Service
The prevention of authorized access to a system resource or the delaying of system operations and functions.
Source(s):
Distributed Denial of Service (also see "Flooding")
A type of cyber attack, usually using a botnet or group of infected computers, to overwhelm a target with fake internet traffic. This results in a "flood" of requests to the victim, which can cause the focus of the attack to stop working correctly or respond to legitimate requests.
DMZ
Perimeter network segment that is logically between internal and external networks. Its purpose is to enforce the internal network’s Information Assurance policy for external information exchange and to provide external, untrusted sources with restricted access to releasable information while shielding the internal networks from outside attacks.
Source(s):
NIST SP 800-82 Rev. 2 under Demilitarized Zone (DMZ) from CNSSI 4009
E
Email Bomb
A malicious act where huge numbers of emails are directed to a specific system or a targeted user of that system. Mail bombs will usually fill the allotted space on an email server for the user’s email and can result in crashing the email server, or at the very least, possibly rendering the user's computer useless as their email attempts to download the huge amounts of email. Also called a mail bomb.
Encryption
Cryptographic transformation of data (called “plaintext”) into a form (called “ciphertext”) that conceals the data’s original meaning to prevent it from being known or used. If the transformation is reversible, the corresponding reversal process is called “decryption,” which is a transformation that restores encrypted data to its original state.
Source(s):
NIST SP 800-82 Rev. 2 under Encryption from RFC 4949
Endpoint
Any device that connects and communicates across a network. Examples include workstations, laptops, smartphones, tablets, and servers. These devices are commonly the main focus of cybercriminals as they contain company information and handle most areas of business operation.
F
Firewall
An inter-network connection device that restricts data communication traffic between two connected networks. A firewall may be either an application installed on a general-purpose computer or a dedicated platform (appliance), which forwards or rejects/drops packets on a network. Typically firewalls are used to define zone borders. Firewalls generally have rules restricting which ports are open.
Source(s):
NIST SP 800-82 Rev. 2 under Firewall from ISA-62443-1-1
Flood(ing)
Flooding is a Denial of Service (DoS) attack that is designed to bring a network or service down by flooding it with large amounts of traffic. Flood attacks occur when a network or service becomes so weighed down with packets initiating incomplete connection requests that it can no longer process genuine connection requests. By flooding a server or host with connections that cannot be completed, the flood attack eventually fills the host’s memory buffer. Once this buffer is full no further connections can be made, and the result is a Denial of Service.
Frameworks
A documented set of policies, procedures, and processes that define how information security is managed in a business. Frameworks typically have a governing body that oversees and administers the details of what should be included in policies, procedures, and processes to become compliant with the Framework. Being compliant with a framework helps to reduce the vulnerabilities and risks that could affect a company.
G
GDPR
General Data Protection Regulation is a framework that provides increased control to individuals over their personal data and simplifies the regulatory environment for international business by providing an outline of what a company can and cannot do when it comes to the data they control or process.
H
Hardening
The process of securing a device to ensure that it is less vulnerable to malicious activities.
HIPAA
The Health Insurance Portability and Accountability Act was created primarily to modernize the flow of healthcare information, stipulate how Personally Identifiable Information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft, and address limitations on healthcare insurance coverage.
Host
Almost any kind of computer, including a centralized mainframe that is a host to its terminals, a server that is host to its clients, or a desktop personal computer (PC) that is host to its peripherals. In network architectures, a client station (user’s machine) is also considered a host because it is a source of information to the network, in contrast to a device, such as a router or switch, that directs traffic.
Source(s):
NIST SP 800-44 Version 2 under Host
I
Incident Response
The method or procedure that is put into action when an incident occurs.
Information Assets
A collection of data stored in any manner and recognised as having value for the purpose of enabling an agency to perform its business functions thereby satisfying a recognised organziation requirement.
Information Security (also shortened as "infosec")
The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.
Source(s):
NIST SP 800-12 Rev. 1 under Information Security from 44 U.S.C., Sec. 3542
Information Technology
The practice of using computing technology to store, send or retrieve information.
IoT
The network of devices that contain the hardware, software, firmware, and actuators which allow the devices to connect, interact, and freely exchange data and information.
Source(s):
NIST SP 800-172 under internet of things
ISO 27000
The ISO/IEC 27000-series (also known as the 'ISMS Family of Standards' or 'ISO27K' for short) comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
M
MAC Address
Short for Media Access Control address, a hardware address that uniquely identifies each node of a network.
Malware
Software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of a system. A virus, worm, Trojan horse, or other code-based entity that infects a host. Spyware and some forms of adware are also examples of malicious code.
Source(s):
NIST SP 800-12 Rev. 1 under Malicious Code
Memory Buffer
A temporary storage area, usually in memory. The purpose of most buffers is to act as a holding area, enabling the CPU to manipulate data before transferring it to a device.
N
Network
A system implemented with a collection of connected components. Such components may include routers, hubs, cabling, telecommunications controllers, key distribution centers, and technical control devices.
Source(s):
NIST SP 800-53 Rev. 5
Network Monitoring
In network management terms, network monitoring is the phrase used to describe a system that continuously monitors a network and notifies a network administrator through messaging systems (usually email) when a device fails or an outage occurs. Network monitoring is usually performed through the use of software applications and tools.
Network Sniffer
A program and/or device that monitors data travelling over a network. Sniffers can be used both for legitimate network management functions and for stealing information off a network. Unauthorized sniffers can be extremely dangerous to a network's security because they are virtually impossible to detect and can be inserted almost anywhere.
P
Packet
The logical unit of network communications produced by the transport layer.
Source(s):
NIST SP 800-86
Packet Switching
Refers to protocols in which messages are divided into packets before they are sent. Each packet is then transmitted individually and can even follow different routes to its destination. Once all the packets forming a message arrive at the destination, they are compiled into the original message.
Passphrase
A passphrase is a memorized secret consisting of a sequence of words or other text that a claimant uses to authenticate their identity. A passphrase is similar to a password in usage, but is generally longer for added security.
Source(s):
NIST SP 800-63-3
Penetration Test
A test methodology in which assessors, typically working under specific constraints, attempt to circumvent or defeat the security features of a system.
Source(s):
NIST SP 800-53 Rev. 5
Personal Information (PI)
Any information that can be used to distinguish, trace, contact or locate a individual person or their identity.
Personally Identifiable Information (PII)
Information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual.
Source(s):
NIST SP 800-53 Rev. 5 under personally identifiable information from OMB Circular A-130 (2016)
Personally Identifiable Health Information (PIHI)
Any information that can be used to distinguish, trace, contact or locate a individual person or their identity.
Phishing
Tricking individuals into disclosing sensitive personal information through deceptive computer-based means.
Source(s):
NIST SP 800-83 Rev. 1 under Phishing
Ping
A utility to determine whether a specific IP address is accessible. It works by sending a packet to the specified address and waiting for a reply. PING is used primarily to troubleshoot Internet connections.
Policy
The outline of principles to guide decisions, actions and practices of governments, companies and employees. Policies outline a statement or control, and is implemented as a procedure or protocol.
Port Scanning
Using a program to remotely determine which ports on a system are open (e.g., whether systems allow connections through those ports).
Source(s):
NIST SP 800-82 Rev. 2
Procedure
The step by step process for implementing or actioning. In relation to policies, procedures outline how to implement the controls in a policy.
Protocol
A set of rules (i.e., formats and procedures) to implement and control some type of association (e.g., communication) between systems.
Source(s):
NIST SP 800-82 Rev. 2 under Protocol from RFC 4949
R
Ransomware
Malicious software that blocks access to the victim's data or threatens to publish or delete it until a ransom is paid.
RFID
Radio frequency identification is a method of communication using electromagnetic or electrostatic coupling in the radio frequency to track tags or tagged objects. Each tag contains information that is passed over a radio frequency when close enough to be read by the device reading the tags.
Risk
A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically is a function of: (i) the adverse impact, or magnitude of harm, that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence.
Source(s):
NIST SP 800-53 Rev. 5 from OMB Circular A-130 (2016)
Risk Assessment
The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of a system.
Source(s):
NIST SP 800-53 Rev. 5 from NIST SP 800-39
Rootkit
A collection of files that is installed on a host to alter the standard functionality of the host in a malicious and stealthy way.
Source(s):
NIST SP 800-83 Rev. 1 under Rootkit
S
Security Controls
Methods that outline how security is implemented. This can be a collection of policies, procedures, and standards that create the structures of governance, management, necessary to secure endpoints, software and data.
Security in Layers
Having multiple means and measures for implementing information security. Attacks can occur at many levels within the Open Systems Interconnection model. A layered approach will have an outlined measure of control at each level of the OSI model.
Security Posture
The security status of an enterprise’s networks, information, and systems based on information assurance resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes. Synonymous with security status.
Source(s):
NIST SP 800-37 Rev. 2
Segmentation
The act or profession of splitting a computer network into subnetworks, each being a network segment. The advantages of such splitting are primarily for boosting performance and improving security.
Server
A computer or device on a network that manages network resources. Examples include file servers (to store files), print servers (to manage one or more printers), network servers (to manage network traffic), and database servers (to process database queries).
Source(s):
NIST SP 800-175B Rev. 1
SOC 2
SOC stands for “system and organization controls,” and the controls are a series of standards designed to help measure how well a given service organization conducts and regulates its information. The purpose of SOC standards is to provide confidence and peace of mind for organizations when they engage third-party vendors. A SOC-certified organization has been audited by an independent certified public accountant who determined the firm has the appropriate SOC safeguards and procedures in place. SOC 2 reports require standard operating procedures for organizational oversight, vendor management, risk management, and regulatory oversight.
Social Engineering
The act of deceiving an individual into revealing sensitive information, obtaining unauthorized access, or committing fraud by associating with the individual to gain confidence and trust.
Source(s):
NIST SP 800-63-3 under Social Engineering
Spoofing (as in SSID or Wif-Fi spoofing)
The act of imitating or pretending to be another network, to trick or mislead users into connecting to the fake network instead of the network they were intending to join. An attacker can use this as a means to gather information or intercept internet traffic.
Spyware
Software that is secretly or surreptitiously installed into an information system to gather information on individuals or organizations without their knowledge; a type of malicious code.
Source(s):
NIST SP 800-53 Rev. 5
SSID
SSID or Service Set Identifier is the common name given to your Wi-fi network. This is the name you will commonly see when looking for a list of available wireless networks on your devices.
SSH (Secure Shell)
Secure Shell is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels.
SSL (Secure Sockets Layer)
Secure Sockets Layer (SSL) is a protocol for transmitting private documents via the Internet. SSL uses a cryptographic system that uses two keys to encrypt data − a public key is known to everyone and a private or secret key known only to the recipient of the message.
T
Threat Landscape
The collection of threats and vulnerabilities that exist within your organization. Depending on your structure your threat landscape may be different from another companies depending on the data you collection, devices that are under your control and your technical infrastructure.
TLS (Transport Layer Security)
A protocol that guarantees privacy and data integrity between server applications communicating over the Internet.
Transparency
Amount of information that can be gathered about a supplier, product, or service and how far through the supply chain this information can be obtained.
Source(s):
NIST SP 800-161r1 under Visibility from ISO/IEC 27036-2:2014 - adapted
Trojan Horse
A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.
Source(s):
NIST SP 800-12 Rev. 1 under Trojan Horse from CNSSI 4009
Two-Factor Authentication (or 2FA, multi-factor authentication)
Two factor uses something to have and something you know. While you know your password, two factor gives you another randomized code to input along with your password. This creates another layer of security. Usually two factor is tied to your cellphone or an app like google authenticator.
V
Vendor
A company that typically provides a software or service in exchange for money.
Virus
A computer program that can copy itself and infect a computer without permission or knowledge of the user. A virus might corrupt or delete data on a computer, use e-mail programs to spread itself to other computers, or even erase everything on a hard disk. See malicious code.
Source(s):
NIST SP 800-12 Rev. 1 under Virus from CNSSI 4009
VPN
Protected information system link utilizing tunneling, security controls, and endpoint address translation giving the impression of a dedicated line.
Source(s):
NIST SP 800-53 Rev. 5 under virtual private network from CNSSI 4009-2015
Vulnerability
Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.
Source(s):
NIST SP 800-53 Rev. 5 from NIST SP 800-30 Rev. 1
Vulnerability Scan
A scan that is used to detect for any known vulnerabilities.
W
Worm
A computer program that can run independently, can propagate a complete working version of itself onto other hosts on a network, and may consume computer resources destructively.
Source(s):
NIST SP 800-82 Rev. 2 under Worm from RFC 4949