OT Cybersecurity Glossary

Essential Terms in Industrial Network Security 

 

  • A

    Access Control

    Mechanisms to restrict access to resources or systems based on identity or other factors.
  • A

    Access Control List (ACL)

    A list of rules that specify which users or systems can access specific resources.
  • A

    Access Point

    A device that allows wireless devices to connect to a network.
  • A

    Access Token

    A token that grants temporary access to a specific resource or system.
  • A

    Account Discovery

    Identifying all accounts within a network to manage and monitor access.
  • A

    Accountability

    Ensuring that actions and decisions can be attributed to the responsible party.
  • A

    Active Directory (AD)

    A directory service by Microsoft for Windows domain networks, managing user data, security, and resources.
  • A

    Advanced Encryption Standard (AES)

    A symmetric encryption algorithm widely used for securing data.
  • A

    Advanced Persistent Threat (APT)

    A prolonged and targeted cyberattack where an attacker gains unauthorized access to a network.
  • A

    Advanced Volatile Threat (AVT)

    A sophisticated threat that rapidly evolves, often using multiple attack vectors.
  • A

    Adversary Infrastructure

    The assets and resources used by attackers to launch and manage cyberattacks.
  • A

    Air-Gapping

    Physically isolating a computer or network from external networks to enhance security.
  • A

    Anomalous Behavior

    Unusual or unexpected activity that may indicate a security threat or breach.
  • A

    Anomaly Detection

    Identifying unusual patterns or activities that may indicate a security threat.
  • A

    Anonymization

    The process of removing personal identifiers from data to protect privacy.
  • A

    Antivirus

    Software designed to detect, prevent, and remove malware from computers and networks.
  • A

    API Security

    Protecting Application Programming Interfaces (APIs) from threats and vulnerabilities.
  • A

    Application Allow-listing

    A security measure that permits only approved applications to run on a network or device.
  • A

    Application Layer Security

    Security measures applied to the application layer of a network to protect against threats.
  • A

    Application Whitelisting

    Allowing only approved applications to run, enhancing security by blocking unauthorized software.
  • A

    ARP Poisoning

    A technique where an attacker sends fake ARP messages to a network, redirecting traffic.
  • A

    Asset Criticality

    The importance of an asset based on its impact on operations and security.
  • A

    Asset Discovery

    The process of identifying and cataloging all assets within a network to maintain visibility.
  • A

    Asset Identification

    The process of identifying and documenting all assets within an industrial network.
  • A

    Asset Inventory

    A comprehensive list of all assets, including hardware and software, in an organization.
  • A

    Asset Valuation

    Determining the importance and value of an asset based on its role and criticality.
  • A

    Attack

    An attempt to gain unauthorized access to data, services, or systems.
  • A

    Attack Surface

    The total number of points where an unauthorized user can try to enter or extract data.
  • A

    Attack Vector

    The method or path used by an attacker to gain access to a system or network.
  • A

    Audit Trail

    A record of all actions or changes made in a system, used for accountability and analysis.
  • A

    Authentication

    The process of verifying the identity of a user or system.
  • A

    Authentication Token

    A digital item used to prove identity during the authentication process.
  • A

    Authorization

    Granting permission to users or systems to access specific resources or data.
  • A

    Automated Collection

    Using automated tools to gather data, logs, or evidence in a security context.
  • A

    Automated Network Segmentation

    Using automation to create network segments dynamically to contain threats.
  • A

    Availability

    Ensuring that systems and services are available and functional when needed.
  • B

    Beaconing

    Periodic signals sent by compromised devices to communicate with an attacker’s command center.
  • B

    Behavioral Analysis

    Analyzing patterns of behavior to detect abnormal activities that may indicate a threat.
  • B

    Behavioral Analytics

    Using data analysis to understand and predict user behavior and detect potential threats.
  • B

    Behavioral Biometrics

    Security based on analyzing behavioral patterns like typing or mouse movements.
  • B

    Biometric Authentication

    Verifying identity using unique biological traits, like fingerprints or facial recognition.
  • B

    Blacklist

    A list of entities that are denied access or privileges within a security context.
  • B

    Botnet

    A network of compromised computers controlled remotely by an attacker, often used for malicious purposes.
  • B

    Boundary Protection

    Measures to secure the interface between two networks, preventing unauthorized access.
  • B

    Buffer Overflow

    A vulnerability where excess data overwrites memory, potentially allowing code execution.
  • B

    Business Continuity Planning (BCP)

    Preparing procedures to ensure that essential business functions continue during a disruption.
  • C

    Certificate Authority (CA)

    An entity that issues digital certificates to verify the identity of organizations and individuals.
  • C

    Certificate Revocation List (CRL)

    A list of digital certificates that have been revoked before their expiration date.
  • C

    Certificate Transparency

    An open framework for monitoring and auditing digital certificates to prevent fraud.
  • C

    Chain of Custody

    Documentation that tracks the handling of data or evidence to maintain its integrity.
  • C

    Chain of Trust

    A sequence of trusted relationships to verify the authenticity of a device or user.
  • C

    Change Detection

    Identifying changes in systems or files that may indicate unauthorized modifications.
  • C

    Change Management

    Processes for managing and documenting changes to systems and networks.
  • C

    Cleartext

    Data that is not encrypted and can be read in its original form.
  • C

    Cloud Access Security Broker (CASB)

    A security policy enforcement point between cloud service users and providers.
  • C

    Cloud Security

    Protecting cloud-based systems, applications, and data from threats and vulnerabilities.
  • C

    Code Review

    The systematic examination of source code to identify and fix security flaws.
  • C

    Command and Control (C2)

    Infrastructure used by attackers to manage and coordinate malware infections.
  • C

    Common Industrial Protocol (CIP)

    A protocol for industrial automation networks to manage and control devices.
  • C

    Common Vulnerabilities and Exposures (CVE)

    A list of publicly known cybersecurity vulnerabilities and exposures.
  • C

    Common Vulnerability Scoring System (CVSS)

    A standardized method for rating the severity of software vulnerabilities.
  • C

    Compliance Monitoring

    Ensuring adherence to cybersecurity policies, regulations, and standards.
  • C

    Confidentiality

    Ensuring that sensitive information is accessible only to those authorized to access it.
  • C

    Configuration Management

    The process of maintaining systems and software configurations to ensure security and performance.
  • C

    Container Security

    Protecting containerized applications from vulnerabilities and threats.
  • C

    Control Systems Security

    Protecting systems that manage and control industrial processes from cyber threats.
  • C

    Countermeasure

    An action, device, or technique to reduce or eliminate a security threat.
  • C

    Credential Dumping

    The extraction of authentication credentials, such as usernames and passwords, from systems.
  • C

    Cross-Site Scripting (XSS)

    A web security vulnerability that allows attackers to inject malicious scripts into webpages.
  • C

    Cryptanalysis

    The study of methods for deciphering encrypted data without access to the key.
  • C

    Cryptographic Hash Function

    A mathematical algorithm that transforms data into a fixed-size hash, used in security.
  • C

    CSMS

    Cyber Security Management System; framework for managing cybersecurity in industrial settings.
  • C

    Cyber Hygiene

    Maintaining good cybersecurity practices to protect systems and data.
  • C

    Cyber Kill Chain

    A model describing the stages of a cyberattack, from reconnaissance to data exfiltration.
  • C

    Cyber PHA

    Cybersecurity Process Hazard Analysis; assessing risks from cyber threats in industrial environments.
  • C

    Cyber Resilience

    The ability to prepare for, respond to, and recover from cyberattacks or incidents.
  • C

    Cyber Threat Intelligence

    Knowledge about cyber threats that helps organizations make informed decisions.
  • C

    Cybersecurity & Infrastructure Security Agency (CISA)

    A U.S. government agency focused on cybersecurity and infrastructure protection.
  • C

    Cybersecurity Framework

    A structured set of guidelines for managing and reducing cybersecurity risks.
  • C

    Cybersecurity Incident

    A violation or imminent threat of violation of computer security policies or practices.
  • D

    Data at Rest

    Data stored on a device or server, not currently being transmitted or processed.
  • D

    Data Breach

    An incident where sensitive, protected, or confidential data is accessed or disclosed without authorization.
  • D

    Data Classification

    Organizing data into categories to determine its sensitivity and the required security measures.
  • D

    Data Confidentiality

    Ensuring that data is only accessible to authorized users and is protected from unauthorized disclosure.
  • D

    Data Diode

    A hardware device that ensures one-way data transmission to prevent data leakage.
  • D

    Data Encryption

    The process of converting data into a code to prevent unauthorized access.
  • D

    Data Exfiltration

    The unauthorized transfer of data from a system or network to an external location.
  • D

    Data Historian

    A system that collects, stores, and analyzes historical data from industrial control systems.
  • D

    Data in Transit

    Data actively moving from one location to another, often over the internet or a network.
  • D

    Data Loss Prevention (DLP)

    Strategies and tools to prevent sensitive data from being lost, stolen, or misused.
  • D

    Decentralized Identity

    Identity management where users control their own credentials without relying on a central authority.
  • D

    Deception Technology

    Cyber defenses that use traps or decoys to detect, divert, or delay attacks.
  • D

    Decoy Network

    A fake network environment created to attract and analyze malicious activity.
  • D

    Decoy Systems

    Fake systems or devices designed to attract and analyze malicious activity.
  • D

    Deep Packet Inspection (DPI)

    Analyzing the contents of data packets for malicious or unwanted content.
  • D

    Defense Evasion

    Techniques used by attackers to avoid detection by security controls.
  • D

    Defense-in-depth

    A strategy using multiple layers of security to protect against a wide range of threats.
  • D

    Demilitarized Zone (DMZ)

    A network segment that serves as a buffer between internal networks and external threats.
  • D

    Denial of Service (DoS)

    An attack that aims to make a network or service unavailable by overwhelming it with traffic.
  • D

    DHCP Security

    Protecting the Dynamic Host Configuration Protocol from attacks like IP spoofing.
  • D

    Digital Certificate

    An electronic document used to prove the ownership of a public key in a digital communication.
  • D

    Digital Forensics

    The practice of investigating digital data to find evidence of cybercrime.
  • D

    Digital Signature

    An electronic signature that verifies the authenticity and integrity of a message or document.
  • D

    Direct Current (DC)

    Electrical current that flows in one direction, often used in industrial equipment.
  • D

    Directory Traversal

    A web security vulnerability that allows attackers to access restricted directories or files.
  • D

    Disaster Recovery

    Planning and implementing strategies to recover from significant disruptions or incidents.
  • D

    Distributed Control System (DCS)

    A control system where control elements are distributed throughout the network for flexibility.
  • D

    Distributed Denial of Service (DDoS)

    An attack that aims to make a network or service unavailable by overwhelming it with traffic from multiple sources.
  • D

    Distributed Network Protocol 3

    A communication protocol used for automation and control in electrical utilities.
  • D

    DNS Filtering

    Blocking access to malicious or unwanted domains by analyzing DNS queries.
  • D

    DNS Security

    Protecting Domain Name System infrastructure from threats like cache poisoning.
  • D

    Domain Name System Security (DNSSEC)

    Protocol extensions to DNS that provide authentication and data integrity.
  • D

    Dynamic Host Configuration Protocol (DHCP)

    A protocol for automatically assigning IP addresses to devices on a network.
  • E

    Egress Filtering

    Controlling data leaving a network to prevent unauthorized communication or data exfiltration.
  • E

    Encryption

    The process of converting information or data into a code to prevent unauthorized access.
  • E

    Encryption Key Management

    Managing encryption keys throughout their lifecycle to ensure data security.
  • E

    Endpoint Detection and Response (EDR)

    Tools and practices for detecting, investigating, and responding to endpoint threats.
  • E

    Endpoint Isolation

    Restricting network access of potentially compromised devices to limit risk.
  • E

    Endpoint Protection Platform (EPP)

    Security solutions that protect endpoints, such as computers and servers, from threats.
  • E

    Endpoint Security

    Protecting individual devices connected to a network from threats.
  • E

    Endpoint Security Platform

    A comprehensive security solution that protects endpoints from threats.
  • E

    Engineering Workstation

    A computer used for configuring and programming industrial control systems.
  • E

    Environmental Security

    Protecting physical environments from threats such as unauthorized access or natural disasters.
  • E

    Evolving Threat Landscape

    The changing nature of cybersecurity threats as new attack methods and vulnerabilities emerge.
  • E

    Exfiltration

    The unauthorized removal of data from a network or system.
  • E

    Exploit

    A piece of software or sequence of commands that takes advantage of a vulnerability.
  • E

    Exploit Kit

    A tool used by attackers to deliver malware by exploiting known vulnerabilities.
  • F

    Failover

    Automatically switching to a backup system when the primary system fails.
  • F

    Fallback Authentication

    Alternative methods for user authentication when primary methods fail.
  • F

    File Integrity Monitoring (FIM)

    The process of verifying that files have not been altered or tampered with.
  • F

    Fileless Malware

    Malware that does not rely on files to infect a system, making detection more challenging.
  • F

    Firewall

    A security system that monitors and controls incoming and outgoing network traffic.
  • F

    Firewall Rules

    Rules that control the incoming and outgoing network traffic through a firewall.
  • F

    Firmware

    Software that is permanently programmed into a hardware device.
  • F

    Forensic Analysis

    Investigating and analyzing digital data to find evidence of cybercrime or policy violations.
  • F

    Forensic Readiness

    Preparing systems and processes to support effective digital forensic investigations.
  • F

    Formal Verification

    The process of proving the correctness of algorithms or protocols using mathematical methods.
  • F

    Foundational Requirements

    Basic security requirements essential for protecting systems and data.
  • F

    Framework

    A set of guidelines and best practices for managing cybersecurity risks.
  • F

    Fuzz Testing

    A software testing technique that inputs random data to detect vulnerabilities and bugs.
  • G

    Gatekeeper

    A security mechanism that controls access to a network or resource.
  • G

    Gateway

    A network node that routes and filters data between networks.
  • G

    Gateway Antivirus

    Antivirus software specifically designed for network gateways to scan incoming traffic.
  • G

    GNU Privacy Guard

    A free software tool for encryption and signing data and communications.
  • G

    Golden Ticket

    A type of Kerberos ticket granting an attacker unlimited access in a network.
  • G

    Gray Box Testing

    A security test that combines knowledge of a system's internals with the perspective of an external attacker.
  • G

    Grid Security

    Protecting electrical grids from cyber threats to ensure continuous power delivery.
  • H

    Hardware Root of Trust

    A secure hardware foundation for cryptographic operations and establishing device identity.
  • H

    Hardware Security Module (HSM)

    A physical device used to manage and store digital keys securely.
  • H

    HMI Security

    Measures to protect Human-Machine Interfaces from unauthorized access or tampering.
  • H

    Honey Encryption

    A technique that produces plausible but incorrect decryptions for every incorrect key used.
  • H

    Honeypot

    A decoy system used to attract attackers and study their techniques.
  • I

    IAC

    Infrastructure as Code; managing and provisioning computing resources through machine-readable files.
  • I

    IACS Security

    Security measures for Industrial Automation and Control Systems to protect against threats.
  • I

    ICS Security

    Protecting Industrial Control Systems from cyber threats and ensuring safe operation.
  • I

    Identification & Access Control

    Methods to identify users and control their access to resources.
  • I

    Identity and Access Management (IAM)

    The processes and technologies used to manage digital identities and control user access to critical information.
  • I

    Identity and Access Management Security (IAM)

    Ensuring the right individuals have the appropriate access to resources.
  • I

    Identity Provider

    A service that authenticates and provides user identities to other services or systems.
  • I

    IEC 61508

    A standard for the functional safety of electrical, electronic, and programmable systems.
  • I

    IEC 61511

    A standard for the functional safety of safety instrumented systems in the process industry.
  • I

    IEC 62443

    A standard providing guidelines for securing industrial automation and control systems.
  • I

    Immutable Logs

    Logs that cannot be altered or deleted, ensuring data integrity for audits and investigations.
  • I

    Incident Command System (ICS)

    A standardized approach to command, control, and coordination during an incident.
  • I

    Incident Handling

    The process of managing and responding to security incidents to mitigate impact.
  • I

    Incident Response

    Actions taken to detect, analyze, and respond to cybersecurity incidents.
  • I

    Incident Response Plan (IRP)

    A strategy outlining steps to take when responding to a cybersecurity incident.
  • I

    Indicators of Compromise (IoCs)

    Observable signs or patterns that indicate a potential or ongoing security breach.
  • I

    Industrial Control System (ICS)

    Systems used to monitor and control industrial processes, often critical to operations.
  • I

    Industrial Control Systems Secure by Design

    Designing industrial control systems with inherent security features to mitigate risks.
  • I

    Industrial Internet of Things (IIoT)

    The use of IoT devices and technologies in industrial environments for efficiency and automation.
  • I

    Industrial Network Segmentation

    Dividing an industrial network into segments to contain threats and enhance security.
  • I

    Information Security Management System (ISMS)

    A framework for managing information security risks in an organization.
  • I

    Information Security Officer

    A role responsible for overseeing an organization's information security strategy and implementation.
  • I

    Information Technology (IT)

    The use of computers, networking, and other physical devices to create, process, store, and exchange electronic data.
  • I

    Injection Attacks

    Attacks where malicious input is "injected" into a system, often through web applications.
  • I

    Insecure Direct Object References (IDOR)

    A type of security vulnerability where unauthorized access is granted through direct references.
  • I

    Insider Threat

    A threat posed by individuals within an organization who misuse their access.
  • I

    Insider Threat Detection

    Identifying and mitigating threats from individuals within an organization.
  • I

    Integrity

    Ensuring the accuracy and consistency of data over its lifecycle.
  • I

    Integrity Monitoring

    Ensuring the accuracy, consistency, and trustworthiness of data over its lifecycle.
  • I

    Internet Control Message Protocol (ICMP)

    A network layer protocol used for error messages and operational information queries.
  • I

    Interoperability

    The ability of different systems and devices to work together seamlessly.
  • I

    Intrusion Detection System (IDS)

    A system that monitors network or system activities for malicious activity or violations.
  • I

    Intrusion Prevention System

    A system that detects and prevents malicious activity on a network.
  • I

    IoT Device Management

    Managing and securing Internet of Things (IoT) devices in a network.
  • I

    IoT Security

    Protecting Internet of Things devices and networks from cyber threats.
  • I

    IoT Security Framework

    A set of guidelines and best practices for securing Internet of Things (IoT) devices and networks.
  • I

    IP Spoofing

    Faking an IP address to disguise the identity or origin of network traffic.
  • I

    ISA-62443

    A standard providing requirements for the cybersecurity of industrial automation systems.
  • I

    ISO/IEC 27001

    An international standard for managing information security.
  • J

    Just-in-time Access

    Granting access to resources only when needed and for a limited time to reduce risk.
  • K

    Key Management

    Processes and technologies for generating, distributing, storing, and managing cryptographic keys.
  • K

    Key Rotation

    Regularly changing cryptographic keys to enhance security and reduce risk of compromise.
  • K

    Keylogger

    A malicious program that records keystrokes to capture sensitive information.
  • K

    Known Vulnerabilities

    Security flaws that have been identified and documented, usually with available fixes.
  • L

    Least Common Mechanism

    Minimizing shared mechanisms in systems to reduce security vulnerabilities.
  • L

    Least Privilege

    Granting users only the minimum level of access necessary to perform their jobs.
  • L

    Living Off the Land

    Using legitimate tools and software present in the environment to conduct malicious activities.
  • L

    Log Analysis

    Reviewing and interpreting logs to identify suspicious or unauthorized activities.
  • L

    Log Management

    Collecting, storing, and analyzing log data for security and compliance purposes.
  • L

    Log Tampering

    Unauthorized alteration or deletion of log data to conceal malicious activity.
  • M

    Machine Learning

    A subset of AI that uses algorithms to analyze data, learn from it, and make predictions or decisions.
  • M

    Malicious Code

    Software or code intentionally designed to cause damage or unauthorized actions.
  • M

    Malicious Network Traffic

    Data packets or signals intended to harm, disrupt, or compromise a network.
  • M

    Malware

    Malicious software designed to harm or exploit any programmable device, service, or network.
  • M

    Man in the Middle

    An attack where the attacker secretly relays and possibly alters the communication between two parties.
  • M

    Man-in-the-Middle (MitM)

    A type of attack where an attacker secretly intercepts and relays messages between two parties.
  • M

    Man-in-the-Middle (MitM) Attack

    An attack where an attacker intercepts and potentially alters communications between two parties.
  • M

    Mean Time to Recovery (MTTR)

    The average time required to recover from a system failure or security incident.
  • M

    MITRE ATT&CK

    A framework detailing adversary tactics, techniques, and procedures used in cyberattacks.
  • M

    MITRE ATT&CK for ICS

    A knowledge base of tactics and techniques used in attacks on Industrial Control Systems.
  • M

    MITRE Corporation

    A nonprofit organization that manages federally funded research and development centers.
  • M

    Mobile Device Management (MDM)

    Security software used to manage, monitor, and secure mobile devices in an organization.
  • M

    Mobile Threats

    Security risks targeting mobile devices, such as smartphones and tablets.
  • M

    Multi-Factor Authentication (MFA)

    A security system that requires multiple methods of authentication from independent categories of credentials.
  • N

    National Cybersecurity and Communications Integration Center (NCCIC)

    A U.S. government center for cybersecurity and communications integration.
  • N

    National Institute of Science and Technology (NIST)

    A U.S. government agency providing standards for cybersecurity and other technologies.
  • N

    Network Access Control (NAC)

    Policies and technologies to manage access to network resources based on identity and compliance.
  • N

    Network Anomaly Detection

    Identifying unusual network patterns that may indicate a security threat or breach.
  • N

    Network Security

    Measures to protect data and systems within a network from threats and attacks.
  • N

    Network Security Protocol

    Rules and procedures that ensure secure communication over a network.
  • N

    Network Segmentation

    Dividing a network into smaller, isolated segments to improve security and performance.
  • N

    NIST SP 800-82

    A guide for securing Industrial Control Systems published by the National Institute of Standards and Technology.
  • N

    Non-Repudiation

    Ensuring that a party cannot deny the authenticity of their signature or actions.
  • N

    NTP Security

    Protecting Network Time Protocol communications from spoofing and manipulation attacks.
  • O

    OAuth

    An open standard for access delegation, commonly used for token-based authentication.
  • O

    Obfuscation

    The practice of making code or data harder to understand to protect against reverse engineering.
  • O

    One-time Password (OTP)

    A password that is valid for only one login session or transaction.
  • O

    Operational Resilience

    The ability of an organization to continue functioning during and after a cyber incident.
  • O

    Operational Technology (OT)

    Hardware and software that detects or causes changes through direct monitoring and control of industrial processes.
  • O

    Operations Technology (OT)

    Hardware and software used to detect or control physical processes, assets, and events.
  • O

    Operator Workstation

    A computer used by operators to monitor and control industrial processes in real-time.
  • O

    Out-of-Band

    Communications or actions taken outside of regular network traffic for added security.
  • O

    Out-of-Band Management

    Managing devices through a separate, secure channel that is independent of the primary network.
  • P

    P2P Network Security

    Protecting peer-to-peer networks from unauthorized access, data breaches, and other threats.
  • P

    Packet Sniffing

    The act of intercepting and analyzing packets of data sent over a network.
  • P

    Pass-the-hash (PtH) Attacks

    Attacks where attackers use hashed credentials to gain unauthorized access.
  • P

    Password Hashing

    Converting passwords into hashes to securely store them and prevent unauthorized access.
  • P

    Password Management

    Creating, storing, and managing strong passwords to enhance security.
  • P

    Patch Management

    Managing updates to software and systems to fix vulnerabilities and improve security.
  • P

    Payload

    The part of a malware program that performs malicious actions or delivers the attack.
  • P

    Penetration Testing

    Simulating cyberattacks to identify and fix vulnerabilities in a system.
  • P

    Pentest

    Penetration testing; a simulated attack on a system to identify vulnerabilities.
  • P

    Phishing

    A method of social engineering used to obtain sensitive information by pretending to be a trustworthy entity.
  • P

    Physical Security

    Measures taken to protect physical assets, such as buildings, equipment, and personnel.
  • P

    Pivoting

    The technique of using one compromised system to attack additional systems within a network.
  • P

    Policy Enforcement Point

    A network device or software that enforces security policies, such as firewalls or routers.
  • P

    Policy-Based Access Control (PBAC)

    Access control that enforces rules based on policies defined by an organization.
  • P

    Port Scanning

    A method used to discover open ports on a networked device, often for malicious purposes.
  • P

    Port Security

    Security measures that control and monitor access to network ports to prevent unauthorized devices.
  • P

    Predictive Analysis

    Using data, algorithms, and machine learning to predict future security incidents.
  • P

    Privacy Impact Assessment (PIA)

    A process to identify and mitigate privacy risks associated with data collection and processing.
  • P

    Privacy Policy

    A statement outlining how an organization collects, uses, and protects personal data.
  • P

    Privileged Access Management

    Controlling and monitoring access to critical systems by privileged users.
  • P

    Programmable Logic Controller (PLC)

    A digital computer used in automation to control machinery or processes.
  • P

    Protocol

    A set of rules for transmitting data across a network.
  • P

    Protocol Analysis

    Examining network protocols to identify potential vulnerabilities or attacks.
  • P

    Proxy Server

    A server that acts as an intermediary for requests from clients seeking resources.
  • P

    Public Key Infrastructure (PKI)

    A framework for managing digital certificates and public-key encryption.
  • Q

    Quality of Service (QoS)

    Managing and prioritizing network traffic to ensure reliable delivery of services.
  • R

    Ransomware

    Malicious software that encrypts files or locks a system, demanding payment for decryption or access.
  • R

    Red Team

    A group that simulates attacks to test an organization's security posture.
  • R

    Remediation

    Correcting or mitigating security vulnerabilities or breaches.
  • R

    Remote Access Trojan (RAT)

    Malware that provides attackers with unauthorized remote access to infected systems.
  • R

    Remote Code Execution (RCE)

    Executing malicious code remotely on a target machine or server without authorization.
  • R

    Remote Desktop Protocol (RDP)

    A protocol that allows remote control of a computer over a network connection.
  • R

    Remote Terminal Session

    A session that allows users to remotely access and control a terminal or computer system.
  • R

    Residual Risk

    The remaining risk after implementing all planned security controls and mitigations.
  • R

    Resilience

    The ability to withstand and recover quickly from difficult conditions, like a cyberattack.
  • R

    Restricted Data Flow

    Limiting data exchange within a network to only necessary communications.
  • R

    Risk Appetite

    The amount of risk an organization is willing to accept to achieve its objectives.
  • R

    Risk Assessment

    Evaluating the potential risks to assets and determining the best ways to mitigate them.
  • R

    Risk Management

    Identifying, evaluating, and prioritizing risks and implementing measures to minimize their impact.
  • R

    Risk Mitigation

    Steps taken to reduce the likelihood or impact of a cybersecurity risk.
  • R

    Rogue Device Detection

    Identifying unauthorized or malicious devices connected to a network.
  • R

    Rootkit

    Malicious software designed to gain unauthorized access and hide its presence.
  • S

    Safety Instrumented System (SIS)

    A system designed to monitor and control industrial processes to ensure safety.
  • S

    Safety Logic Solver

    A device that ensures safe operation by executing safety-related control functions.
  • S

    Secure Boot

    A process that ensures a device boots using only trusted software.
  • S

    Secure Configuration

    Establishing and maintaining a baseline security configuration for devices and systems.
  • S

    Secure Socket Layer (SSL)

    A cryptographic protocol for secure communication over a computer network.
  • S

    Security Assessment

    Evaluating an organization's security posture to identify vulnerabilities and weaknesses.
  • S

    Security Automation

    Using automated tools and processes to identify and respond to security threats.
  • S

    Security Awareness Training

    Training designed to improve understanding and practices around cybersecurity threats.
  • S

    Security Baseline

    A minimum set of security controls required for protecting systems and data.
  • S

    Security Information and Event Management (SIEM)

    Tools and services that provide real-time analysis of security alerts generated by network hardware and applications.
  • S

    Security Information Exchange

    The sharing of security-related information among organizations or partners.
  • S

    Security Intelligence

    Gathering and analyzing information to detect, predict, and respond to security threats.
  • S

    Security Levels

    Defined levels of security that dictate access and protections for different types of data.
  • S

    Security Lifecycle

    The ongoing process of managing and improving security measures throughout the lifecycle of a system.
  • S

    Security Operations Center

    A centralized team responsible for monitoring and responding to security incidents.
  • S

    Security Orchestration

    Coordinating automated security tasks to improve response efficiency and effectiveness.
  • S

    Security Patch

    A software update that fixes specific security vulnerabilities.
  • S

    Security Policy

    A set of rules and practices that govern the protection of an organization's data and systems.
  • S

    Security Posture

    An organization's overall approach and readiness to defend against cyber threats.
  • S

    Security Token

    A physical or digital item that verifies a user's identity for accessing secure systems.
  • S

    Security Token Service (STS)

    A service that issues security tokens used in federated authentication and single sign-on.
  • S

    Security Training and Awareness

    Educating employees and stakeholders about security risks and best practices.
  • S

    Security Update

    Patches or updates to fix security vulnerabilities in software or systems.
  • S

    Session Hijacking

    The act of taking control of a user's session by stealing or manipulating session data.
  • S

    Session Token

    A token used to maintain a user session and provide access to resources after authentication.
  • S

    Shadow IT

    IT systems, devices, software, or services used without explicit organizational approval.
  • S

    Shodan

    A search engine that identifies and catalogs devices connected to the internet.
  • S

    Single Sign-On (SSO)

    An authentication process that allows a user to access multiple applications with one set of login credentials.
  • S

    Smart Grid

    A modernized electrical grid using digital technology for improved efficiency and reliability.
  • S

    Social Engineering

    Manipulating individuals into revealing confidential information or performing actions.
  • S

    Software Development Lifecycle (SDLC)

    A process for planning, creating, testing, and deploying software applications.
  • S

    Spear Phishing

    A targeted phishing attack aimed at a specific individual or organization.
  • S

    Spoofing

    Impersonating a legitimate entity to deceive or manipulate a target.
  • S

    Stateful Inspection

    A firewall technology that tracks the state of active connections and makes decisions based on state.
  • S

    Stuxnet

    A highly sophisticated worm targeting industrial control systems, discovered in 2010.
  • S

    Subnet

    A subdivided network segment within a larger network, often to improve performance and security.
  • S

    Supervisory Control and Data Acquisition (SCADA)

    A system for remote monitoring and control of industrial processes.
  • S

    Supply Chain Attack

    An attack that targets a supply chain to compromise the end user or organization.
  • S

    Supply Chain Security

    Ensuring the security of supply chain partners and components to prevent attacks or disruptions.
  • S

    System Integrity

    Ensuring that systems perform their intended functions without unauthorized changes.
  • T

    Threat Actor

    An individual or group responsible for carrying out malicious activities or attacks.
  • T

    Threat Hunting

    Proactively searching for threats and anomalies within a network or system.
  • T

    Threat Intelligence

    Information about threats used to prepare for, prevent, and respond to cyber incidents.
  • T

    Threat Intelligence Feed

    Continuous updates on the latest cybersecurity threats to aid in threat detection and response.
  • T

    Threat Modeling

    Identifying and assessing potential threats to prioritize security measures.
  • T

    Threat Surface

    All the possible points where an unauthorized user can attempt to access a system.
  • T

    Threat Vector

    The path or means by which a cyber threat can reach a target.
  • T

    Timely Response to Events

    Quickly identifying and responding to security incidents to minimize damage.
  • T

    Tokenization

    Replacing sensitive data with unique identification symbols or tokens.
  • T

    Two-Factor Authentication (2FA)

    An extra layer of security requiring not only a password and username but also something only the user has on them.
  • U

    Unidirectional Security Gateway

    A network device that allows data to travel in one direction, enhancing security.
  • U

    Unified Threat Management (UTM)

    A security solution that integrates multiple security functions into a single device or platform.
  • U

    USB Security

    Measures to protect USB devices and ports from malware and unauthorized access.
  • U

    Use Control

    Restricting who can use a device or access certain features or functions.
  • U

    User Account Management

    Administering and managing user accounts to control access to systems and data.
  • V

    Virtual Local Area Network (VLAN)

    A segmented network to improve security and management.
  • V

    Virtual Private Network (VPN)

    A technology that creates a secure, encrypted connection over a less secure network, like the internet.
  • V

    Virtualization Security

    Protecting virtual machines and environments from threats and vulnerabilities.
  • V

    VLAN

    Virtual Local Area Network; a segmented network for improved management and security.
  • V

    VoIP Security

    Protecting Voice over IP systems from eavesdropping, fraud, and other threats.
  • V

    VPN

    Virtual Private Network; provides a secure connection over a public network.
  • V

    Vulnerability

    A flaw or weakness in a system that could be exploited by a threat.
  • V

    Vulnerability Assessment

    The process of identifying, quantifying, and prioritizing vulnerabilities in a system.
  • W

    Watering Hole Attack

    Targeting a specific group by infecting websites they are likely to visit.
  • W

    Web Application Firewall (WAF)

    A firewall that filters, monitors, and blocks HTTP traffic to and from a web application to protect against attacks.
  • W

    Whitelisting

    Only allowing explicitly approved entities to access systems or networks.
  • W

    Wireless Intrusion Detection System (WIDS)

    A system that monitors wireless networks for signs of unauthorized access or attacks.
  • W

    Worm

    A self-replicating malware program that spreads across networks without user intervention.
  • Z

    Zero Day Exploit

    An exploit that takes advantage of a vulnerability not yet known to the vendor or public.
  • Z

    Zero Trust

    A security concept where trust is never assumed, and verification is required for all users and devices.
  • Z

    Zero-Day Exploit

    An attack that targets a previously unknown vulnerability, leaving no time for defenses.
  • Z

    Zero-day Vulnerability

    A security flaw unknown to the vendor or developer, making it a prime target for attackers.
  • Z

    Zombie Device

    A compromised device controlled by an attacker, often part of a botnet.