OT Cybersecurity Glossary
Essential Terms in Industrial Network Security
-
A
Access Control
Mechanisms to restrict access to resources or systems based on identity or other factors. -
A
Access Control List (ACL)
A list of rules that specify which users or systems can access specific resources. -
A
Access Point
A device that allows wireless devices to connect to a network. -
A
Access Token
A token that grants temporary access to a specific resource or system. -
A
Account Discovery
Identifying all accounts within a network to manage and monitor access. -
A
Accountability
Ensuring that actions and decisions can be attributed to the responsible party. -
A
Active Directory (AD)
A directory service by Microsoft for Windows domain networks, managing user data, security, and resources. -
A
Advanced Encryption Standard (AES)
A symmetric encryption algorithm widely used for securing data. -
A
Advanced Persistent Threat (APT)
A prolonged and targeted cyberattack where an attacker gains unauthorized access to a network. -
A
Advanced Volatile Threat (AVT)
A sophisticated threat that rapidly evolves, often using multiple attack vectors. -
A
Adversary Infrastructure
The assets and resources used by attackers to launch and manage cyberattacks. -
A
Air-Gapping
Physically isolating a computer or network from external networks to enhance security. -
A
Anomalous Behavior
Unusual or unexpected activity that may indicate a security threat or breach. -
A
Anomaly Detection
Identifying unusual patterns or activities that may indicate a security threat. -
A
Anonymization
The process of removing personal identifiers from data to protect privacy. -
A
Antivirus
Software designed to detect, prevent, and remove malware from computers and networks. -
A
API Security
Protecting Application Programming Interfaces (APIs) from threats and vulnerabilities. -
A
Application Allow-listing
A security measure that permits only approved applications to run on a network or device. -
A
Application Layer Security
Security measures applied to the application layer of a network to protect against threats. -
A
Application Whitelisting
Allowing only approved applications to run, enhancing security by blocking unauthorized software. -
A
ARP Poisoning
A technique where an attacker sends fake ARP messages to a network, redirecting traffic. -
A
Asset Criticality
The importance of an asset based on its impact on operations and security. -
A
Asset Discovery
The process of identifying and cataloging all assets within a network to maintain visibility. -
A
Asset Identification
The process of identifying and documenting all assets within an industrial network. -
A
Asset Inventory
A comprehensive list of all assets, including hardware and software, in an organization. -
A
Asset Valuation
Determining the importance and value of an asset based on its role and criticality. -
A
Attack
An attempt to gain unauthorized access to data, services, or systems. -
A
Attack Surface
The total number of points where an unauthorized user can try to enter or extract data. -
A
Attack Vector
The method or path used by an attacker to gain access to a system or network. -
A
Audit Trail
A record of all actions or changes made in a system, used for accountability and analysis. -
A
Authentication
The process of verifying the identity of a user or system. -
A
Authentication Token
A digital item used to prove identity during the authentication process. -
A
Authorization
Granting permission to users or systems to access specific resources or data. -
A
Automated Collection
Using automated tools to gather data, logs, or evidence in a security context. -
A
Automated Network Segmentation
Using automation to create network segments dynamically to contain threats. -
A
Availability
Ensuring that systems and services are available and functional when needed. -
B
Beaconing
Periodic signals sent by compromised devices to communicate with an attacker’s command center. -
B
Behavioral Analysis
Analyzing patterns of behavior to detect abnormal activities that may indicate a threat. -
B
Behavioral Analytics
Using data analysis to understand and predict user behavior and detect potential threats. -
B
Behavioral Biometrics
Security based on analyzing behavioral patterns like typing or mouse movements. -
B
Biometric Authentication
Verifying identity using unique biological traits, like fingerprints or facial recognition. -
B
Blacklist
A list of entities that are denied access or privileges within a security context. -
B
Botnet
A network of compromised computers controlled remotely by an attacker, often used for malicious purposes. -
B
Boundary Protection
Measures to secure the interface between two networks, preventing unauthorized access. -
B
Buffer Overflow
A vulnerability where excess data overwrites memory, potentially allowing code execution. -
B
Business Continuity Planning (BCP)
Preparing procedures to ensure that essential business functions continue during a disruption. -
C
Certificate Authority (CA)
An entity that issues digital certificates to verify the identity of organizations and individuals. -
C
Certificate Revocation List (CRL)
A list of digital certificates that have been revoked before their expiration date. -
C
Certificate Transparency
An open framework for monitoring and auditing digital certificates to prevent fraud. -
C
Chain of Custody
Documentation that tracks the handling of data or evidence to maintain its integrity. -
C
Chain of Trust
A sequence of trusted relationships to verify the authenticity of a device or user. -
C
Change Detection
Identifying changes in systems or files that may indicate unauthorized modifications. -
C
Change Management
Processes for managing and documenting changes to systems and networks. -
C
Cleartext
Data that is not encrypted and can be read in its original form. -
C
Cloud Access Security Broker (CASB)
A security policy enforcement point between cloud service users and providers. -
C
Cloud Security
Protecting cloud-based systems, applications, and data from threats and vulnerabilities. -
C
Code Review
The systematic examination of source code to identify and fix security flaws. -
C
Command and Control (C2)
Infrastructure used by attackers to manage and coordinate malware infections. -
C
Common Industrial Protocol (CIP)
A protocol for industrial automation networks to manage and control devices. -
C
Common Vulnerabilities and Exposures (CVE)
A list of publicly known cybersecurity vulnerabilities and exposures. -
C
Common Vulnerability Scoring System (CVSS)
A standardized method for rating the severity of software vulnerabilities. -
C
Compliance Monitoring
Ensuring adherence to cybersecurity policies, regulations, and standards. -
C
Confidentiality
Ensuring that sensitive information is accessible only to those authorized to access it. -
C
Configuration Management
The process of maintaining systems and software configurations to ensure security and performance. -
C
Container Security
Protecting containerized applications from vulnerabilities and threats. -
C
Control Systems Security
Protecting systems that manage and control industrial processes from cyber threats. -
C
Countermeasure
An action, device, or technique to reduce or eliminate a security threat. -
C
Credential Dumping
The extraction of authentication credentials, such as usernames and passwords, from systems. -
C
Cross-Site Scripting (XSS)
A web security vulnerability that allows attackers to inject malicious scripts into webpages. -
C
Cryptanalysis
The study of methods for deciphering encrypted data without access to the key. -
C
Cryptographic Hash Function
A mathematical algorithm that transforms data into a fixed-size hash, used in security. -
C
CSMS
Cyber Security Management System; framework for managing cybersecurity in industrial settings. -
C
Cyber Hygiene
Maintaining good cybersecurity practices to protect systems and data. -
C
Cyber Kill Chain
A model describing the stages of a cyberattack, from reconnaissance to data exfiltration. -
C
Cyber PHA
Cybersecurity Process Hazard Analysis; assessing risks from cyber threats in industrial environments. -
C
Cyber Resilience
The ability to prepare for, respond to, and recover from cyberattacks or incidents. -
C
Cyber Threat Intelligence
Knowledge about cyber threats that helps organizations make informed decisions. -
C
Cybersecurity & Infrastructure Security Agency (CISA)
A U.S. government agency focused on cybersecurity and infrastructure protection. -
C
Cybersecurity Framework
A structured set of guidelines for managing and reducing cybersecurity risks. -
C
Cybersecurity Incident
A violation or imminent threat of violation of computer security policies or practices. -
D
Data at Rest
Data stored on a device or server, not currently being transmitted or processed. -
D
Data Breach
An incident where sensitive, protected, or confidential data is accessed or disclosed without authorization. -
D
Data Classification
Organizing data into categories to determine its sensitivity and the required security measures. -
D
Data Confidentiality
Ensuring that data is only accessible to authorized users and is protected from unauthorized disclosure. -
D
Data Diode
A hardware device that ensures one-way data transmission to prevent data leakage. -
D
Data Encryption
The process of converting data into a code to prevent unauthorized access. -
D
Data Exfiltration
The unauthorized transfer of data from a system or network to an external location. -
D
Data Historian
A system that collects, stores, and analyzes historical data from industrial control systems. -
D
Data in Transit
Data actively moving from one location to another, often over the internet or a network. -
D
Data Loss Prevention (DLP)
Strategies and tools to prevent sensitive data from being lost, stolen, or misused. -
D
Decentralized Identity
Identity management where users control their own credentials without relying on a central authority. -
D
Deception Technology
Cyber defenses that use traps or decoys to detect, divert, or delay attacks. -
D
Decoy Network
A fake network environment created to attract and analyze malicious activity. -
D
Decoy Systems
Fake systems or devices designed to attract and analyze malicious activity. -
D
Deep Packet Inspection (DPI)
Analyzing the contents of data packets for malicious or unwanted content. -
D
Defense Evasion
Techniques used by attackers to avoid detection by security controls. -
D
Defense-in-depth
A strategy using multiple layers of security to protect against a wide range of threats. -
D
Demilitarized Zone (DMZ)
A network segment that serves as a buffer between internal networks and external threats. -
D
Denial of Service (DoS)
An attack that aims to make a network or service unavailable by overwhelming it with traffic. -
D
DHCP Security
Protecting the Dynamic Host Configuration Protocol from attacks like IP spoofing. -
D
Digital Certificate
An electronic document used to prove the ownership of a public key in a digital communication. -
D
Digital Forensics
The practice of investigating digital data to find evidence of cybercrime. -
D
Digital Signature
An electronic signature that verifies the authenticity and integrity of a message or document. -
D
Direct Current (DC)
Electrical current that flows in one direction, often used in industrial equipment. -
D
Directory Traversal
A web security vulnerability that allows attackers to access restricted directories or files. -
D
Disaster Recovery
Planning and implementing strategies to recover from significant disruptions or incidents. -
D
Distributed Control System (DCS)
A control system where control elements are distributed throughout the network for flexibility. -
D
Distributed Denial of Service (DDoS)
An attack that aims to make a network or service unavailable by overwhelming it with traffic from multiple sources. -
D
Distributed Network Protocol 3
A communication protocol used for automation and control in electrical utilities. -
D
DNS Filtering
Blocking access to malicious or unwanted domains by analyzing DNS queries. -
D
DNS Security
Protecting Domain Name System infrastructure from threats like cache poisoning. -
D
Domain Name System Security (DNSSEC)
Protocol extensions to DNS that provide authentication and data integrity. -
D
Dynamic Host Configuration Protocol (DHCP)
A protocol for automatically assigning IP addresses to devices on a network. -
E
Egress Filtering
Controlling data leaving a network to prevent unauthorized communication or data exfiltration. -
E
Encryption
The process of converting information or data into a code to prevent unauthorized access. -
E
Encryption Key Management
Managing encryption keys throughout their lifecycle to ensure data security. -
E
Endpoint Detection and Response (EDR)
Tools and practices for detecting, investigating, and responding to endpoint threats. -
E
Endpoint Isolation
Restricting network access of potentially compromised devices to limit risk. -
E
Endpoint Protection Platform (EPP)
Security solutions that protect endpoints, such as computers and servers, from threats. -
E
Endpoint Security
Protecting individual devices connected to a network from threats. -
E
Endpoint Security Platform
A comprehensive security solution that protects endpoints from threats. -
E
Engineering Workstation
A computer used for configuring and programming industrial control systems. -
E
Environmental Security
Protecting physical environments from threats such as unauthorized access or natural disasters. -
E
Evolving Threat Landscape
The changing nature of cybersecurity threats as new attack methods and vulnerabilities emerge. -
E
Exfiltration
The unauthorized removal of data from a network or system. -
E
Exploit
A piece of software or sequence of commands that takes advantage of a vulnerability. -
E
Exploit Kit
A tool used by attackers to deliver malware by exploiting known vulnerabilities. -
F
Failover
Automatically switching to a backup system when the primary system fails. -
F
Fallback Authentication
Alternative methods for user authentication when primary methods fail. -
F
File Integrity Monitoring (FIM)
The process of verifying that files have not been altered or tampered with. -
F
Fileless Malware
Malware that does not rely on files to infect a system, making detection more challenging. -
F
Firewall
A security system that monitors and controls incoming and outgoing network traffic. -
F
Firewall Rules
Rules that control the incoming and outgoing network traffic through a firewall. -
F
Firmware
Software that is permanently programmed into a hardware device. -
F
Forensic Analysis
Investigating and analyzing digital data to find evidence of cybercrime or policy violations. -
F
Forensic Readiness
Preparing systems and processes to support effective digital forensic investigations. -
F
Formal Verification
The process of proving the correctness of algorithms or protocols using mathematical methods. -
F
Foundational Requirements
Basic security requirements essential for protecting systems and data. -
F
Framework
A set of guidelines and best practices for managing cybersecurity risks. -
F
Fuzz Testing
A software testing technique that inputs random data to detect vulnerabilities and bugs. -
G
Gatekeeper
A security mechanism that controls access to a network or resource. -
G
Gateway
A network node that routes and filters data between networks. -
G
Gateway Antivirus
Antivirus software specifically designed for network gateways to scan incoming traffic. -
G
GNU Privacy Guard
A free software tool for encryption and signing data and communications. -
G
Golden Ticket
A type of Kerberos ticket granting an attacker unlimited access in a network. -
G
Gray Box Testing
A security test that combines knowledge of a system's internals with the perspective of an external attacker. -
G
Grid Security
Protecting electrical grids from cyber threats to ensure continuous power delivery. -
H
Hardware Root of Trust
A secure hardware foundation for cryptographic operations and establishing device identity. -
H
Hardware Security Module (HSM)
A physical device used to manage and store digital keys securely. -
H
HMI Security
Measures to protect Human-Machine Interfaces from unauthorized access or tampering. -
H
Honey Encryption
A technique that produces plausible but incorrect decryptions for every incorrect key used. -
H
Honeypot
A decoy system used to attract attackers and study their techniques. -
I
IAC
Infrastructure as Code; managing and provisioning computing resources through machine-readable files. -
I
IACS Security
Security measures for Industrial Automation and Control Systems to protect against threats. -
I
ICS Security
Protecting Industrial Control Systems from cyber threats and ensuring safe operation. -
I
Identification & Access Control
Methods to identify users and control their access to resources. -
I
Identity and Access Management (IAM)
The processes and technologies used to manage digital identities and control user access to critical information. -
I
Identity and Access Management Security (IAM)
Ensuring the right individuals have the appropriate access to resources. -
I
Identity Provider
A service that authenticates and provides user identities to other services or systems. -
I
IEC 61508
A standard for the functional safety of electrical, electronic, and programmable systems. -
I
IEC 61511
A standard for the functional safety of safety instrumented systems in the process industry. -
I
IEC 62443
A standard providing guidelines for securing industrial automation and control systems. -
I
Immutable Logs
Logs that cannot be altered or deleted, ensuring data integrity for audits and investigations. -
I
Incident Command System (ICS)
A standardized approach to command, control, and coordination during an incident. -
I
Incident Handling
The process of managing and responding to security incidents to mitigate impact. -
I
Incident Response
Actions taken to detect, analyze, and respond to cybersecurity incidents. -
I
Incident Response Plan (IRP)
A strategy outlining steps to take when responding to a cybersecurity incident. -
I
Indicators of Compromise (IoCs)
Observable signs or patterns that indicate a potential or ongoing security breach. -
I
Industrial Control System (ICS)
Systems used to monitor and control industrial processes, often critical to operations. -
I
Industrial Control Systems Secure by Design
Designing industrial control systems with inherent security features to mitigate risks. -
I
Industrial Internet of Things (IIoT)
The use of IoT devices and technologies in industrial environments for efficiency and automation. -
I
Industrial Network Segmentation
Dividing an industrial network into segments to contain threats and enhance security. -
I
Information Security Management System (ISMS)
A framework for managing information security risks in an organization. -
I
Information Security Officer
A role responsible for overseeing an organization's information security strategy and implementation. -
I
Information Technology (IT)
The use of computers, networking, and other physical devices to create, process, store, and exchange electronic data. -
I
Injection Attacks
Attacks where malicious input is "injected" into a system, often through web applications. -
I
Insecure Direct Object References (IDOR)
A type of security vulnerability where unauthorized access is granted through direct references. -
I
Insider Threat
A threat posed by individuals within an organization who misuse their access. -
I
Insider Threat Detection
Identifying and mitigating threats from individuals within an organization. -
I
Integrity
Ensuring the accuracy and consistency of data over its lifecycle. -
I
Integrity Monitoring
Ensuring the accuracy, consistency, and trustworthiness of data over its lifecycle. -
I
Internet Control Message Protocol (ICMP)
A network layer protocol used for error messages and operational information queries. -
I
Interoperability
The ability of different systems and devices to work together seamlessly. -
I
Intrusion Detection System (IDS)
A system that monitors network or system activities for malicious activity or violations. -
I
Intrusion Prevention System
A system that detects and prevents malicious activity on a network. -
I
IoT Device Management
Managing and securing Internet of Things (IoT) devices in a network. -
I
IoT Security
Protecting Internet of Things devices and networks from cyber threats. -
I
IoT Security Framework
A set of guidelines and best practices for securing Internet of Things (IoT) devices and networks. -
I
IP Spoofing
Faking an IP address to disguise the identity or origin of network traffic. -
I
ISA-62443
A standard providing requirements for the cybersecurity of industrial automation systems. -
I
ISO/IEC 27001
An international standard for managing information security. -
J
Just-in-time Access
Granting access to resources only when needed and for a limited time to reduce risk. -
K
Key Management
Processes and technologies for generating, distributing, storing, and managing cryptographic keys. -
K
Key Rotation
Regularly changing cryptographic keys to enhance security and reduce risk of compromise. -
K
Keylogger
A malicious program that records keystrokes to capture sensitive information. -
K
Known Vulnerabilities
Security flaws that have been identified and documented, usually with available fixes. -
L
Least Common Mechanism
Minimizing shared mechanisms in systems to reduce security vulnerabilities. -
L
Least Privilege
Granting users only the minimum level of access necessary to perform their jobs. -
L
Living Off the Land
Using legitimate tools and software present in the environment to conduct malicious activities. -
L
Log Analysis
Reviewing and interpreting logs to identify suspicious or unauthorized activities. -
L
Log Management
Collecting, storing, and analyzing log data for security and compliance purposes. -
L
Log Tampering
Unauthorized alteration or deletion of log data to conceal malicious activity. -
M
Machine Learning
A subset of AI that uses algorithms to analyze data, learn from it, and make predictions or decisions. -
M
Malicious Code
Software or code intentionally designed to cause damage or unauthorized actions. -
M
Malicious Network Traffic
Data packets or signals intended to harm, disrupt, or compromise a network. -
M
Malware
Malicious software designed to harm or exploit any programmable device, service, or network. -
M
Man in the Middle
An attack where the attacker secretly relays and possibly alters the communication between two parties. -
M
Man-in-the-Middle (MitM)
A type of attack where an attacker secretly intercepts and relays messages between two parties. -
M
Man-in-the-Middle (MitM) Attack
An attack where an attacker intercepts and potentially alters communications between two parties. -
M
Mean Time to Recovery (MTTR)
The average time required to recover from a system failure or security incident. -
M
MITRE ATT&CK
A framework detailing adversary tactics, techniques, and procedures used in cyberattacks. -
M
MITRE ATT&CK for ICS
A knowledge base of tactics and techniques used in attacks on Industrial Control Systems. -
M
MITRE Corporation
A nonprofit organization that manages federally funded research and development centers. -
M
Mobile Device Management (MDM)
Security software used to manage, monitor, and secure mobile devices in an organization. -
M
Mobile Threats
Security risks targeting mobile devices, such as smartphones and tablets. -
M
Multi-Factor Authentication (MFA)
A security system that requires multiple methods of authentication from independent categories of credentials. -
N
National Cybersecurity and Communications Integration Center (NCCIC)
A U.S. government center for cybersecurity and communications integration. -
N
National Institute of Science and Technology (NIST)
A U.S. government agency providing standards for cybersecurity and other technologies. -
N
Network Access Control (NAC)
Policies and technologies to manage access to network resources based on identity and compliance. -
N
Network Anomaly Detection
Identifying unusual network patterns that may indicate a security threat or breach. -
N
Network Security
Measures to protect data and systems within a network from threats and attacks. -
N
Network Security Protocol
Rules and procedures that ensure secure communication over a network. -
N
Network Segmentation
Dividing a network into smaller, isolated segments to improve security and performance. -
N
NIST SP 800-82
A guide for securing Industrial Control Systems published by the National Institute of Standards and Technology. -
N
Non-Repudiation
Ensuring that a party cannot deny the authenticity of their signature or actions. -
N
NTP Security
Protecting Network Time Protocol communications from spoofing and manipulation attacks. -
O
OAuth
An open standard for access delegation, commonly used for token-based authentication. -
O
Obfuscation
The practice of making code or data harder to understand to protect against reverse engineering. -
O
One-time Password (OTP)
A password that is valid for only one login session or transaction. -
O
Operational Resilience
The ability of an organization to continue functioning during and after a cyber incident. -
O
Operational Technology (OT)
Hardware and software that detects or causes changes through direct monitoring and control of industrial processes. -
O
Operations Technology (OT)
Hardware and software used to detect or control physical processes, assets, and events. -
O
Operator Workstation
A computer used by operators to monitor and control industrial processes in real-time. -
O
Out-of-Band
Communications or actions taken outside of regular network traffic for added security. -
O
Out-of-Band Management
Managing devices through a separate, secure channel that is independent of the primary network. -
P
P2P Network Security
Protecting peer-to-peer networks from unauthorized access, data breaches, and other threats. -
P
Packet Sniffing
The act of intercepting and analyzing packets of data sent over a network. -
P
Pass-the-hash (PtH) Attacks
Attacks where attackers use hashed credentials to gain unauthorized access. -
P
Password Hashing
Converting passwords into hashes to securely store them and prevent unauthorized access. -
P
Password Management
Creating, storing, and managing strong passwords to enhance security. -
P
Patch Management
Managing updates to software and systems to fix vulnerabilities and improve security. -
P
Payload
The part of a malware program that performs malicious actions or delivers the attack. -
P
Penetration Testing
Simulating cyberattacks to identify and fix vulnerabilities in a system. -
P
Pentest
Penetration testing; a simulated attack on a system to identify vulnerabilities. -
P
Phishing
A method of social engineering used to obtain sensitive information by pretending to be a trustworthy entity. -
P
Physical Security
Measures taken to protect physical assets, such as buildings, equipment, and personnel. -
P
Pivoting
The technique of using one compromised system to attack additional systems within a network. -
P
Policy Enforcement Point
A network device or software that enforces security policies, such as firewalls or routers. -
P
Policy-Based Access Control (PBAC)
Access control that enforces rules based on policies defined by an organization. -
P
Port Scanning
A method used to discover open ports on a networked device, often for malicious purposes. -
P
Port Security
Security measures that control and monitor access to network ports to prevent unauthorized devices. -
P
Predictive Analysis
Using data, algorithms, and machine learning to predict future security incidents. -
P
Privacy Impact Assessment (PIA)
A process to identify and mitigate privacy risks associated with data collection and processing. -
P
Privacy Policy
A statement outlining how an organization collects, uses, and protects personal data. -
P
Privileged Access Management
Controlling and monitoring access to critical systems by privileged users. -
P
Programmable Logic Controller (PLC)
A digital computer used in automation to control machinery or processes. -
P
Protocol
A set of rules for transmitting data across a network. -
P
Protocol Analysis
Examining network protocols to identify potential vulnerabilities or attacks. -
P
Proxy Server
A server that acts as an intermediary for requests from clients seeking resources. -
P
Public Key Infrastructure (PKI)
A framework for managing digital certificates and public-key encryption. -
Q
Quality of Service (QoS)
Managing and prioritizing network traffic to ensure reliable delivery of services. -
R
Ransomware
Malicious software that encrypts files or locks a system, demanding payment for decryption or access. -
R
Red Team
A group that simulates attacks to test an organization's security posture. -
R
Remediation
Correcting or mitigating security vulnerabilities or breaches. -
R
Remote Access Trojan (RAT)
Malware that provides attackers with unauthorized remote access to infected systems. -
R
Remote Code Execution (RCE)
Executing malicious code remotely on a target machine or server without authorization. -
R
Remote Desktop Protocol (RDP)
A protocol that allows remote control of a computer over a network connection. -
R
Remote Terminal Session
A session that allows users to remotely access and control a terminal or computer system. -
R
Residual Risk
The remaining risk after implementing all planned security controls and mitigations. -
R
Resilience
The ability to withstand and recover quickly from difficult conditions, like a cyberattack. -
R
Restricted Data Flow
Limiting data exchange within a network to only necessary communications. -
R
Risk Appetite
The amount of risk an organization is willing to accept to achieve its objectives. -
R
Risk Assessment
Evaluating the potential risks to assets and determining the best ways to mitigate them. -
R
Risk Management
Identifying, evaluating, and prioritizing risks and implementing measures to minimize their impact. -
R
Risk Mitigation
Steps taken to reduce the likelihood or impact of a cybersecurity risk. -
R
Rogue Device Detection
Identifying unauthorized or malicious devices connected to a network. -
R
Rootkit
Malicious software designed to gain unauthorized access and hide its presence. -
S
Safety Instrumented System (SIS)
A system designed to monitor and control industrial processes to ensure safety. -
S
Safety Logic Solver
A device that ensures safe operation by executing safety-related control functions. -
S
Secure Boot
A process that ensures a device boots using only trusted software. -
S
Secure Configuration
Establishing and maintaining a baseline security configuration for devices and systems. -
S
Secure Socket Layer (SSL)
A cryptographic protocol for secure communication over a computer network. -
S
Security Assessment
Evaluating an organization's security posture to identify vulnerabilities and weaknesses. -
S
Security Automation
Using automated tools and processes to identify and respond to security threats. -
S
Security Awareness Training
Training designed to improve understanding and practices around cybersecurity threats. -
S
Security Baseline
A minimum set of security controls required for protecting systems and data. -
S
Security Information and Event Management (SIEM)
Tools and services that provide real-time analysis of security alerts generated by network hardware and applications. -
S
Security Information Exchange
The sharing of security-related information among organizations or partners. -
S
Security Intelligence
Gathering and analyzing information to detect, predict, and respond to security threats. -
S
Security Levels
Defined levels of security that dictate access and protections for different types of data. -
S
Security Lifecycle
The ongoing process of managing and improving security measures throughout the lifecycle of a system. -
S
Security Operations Center
A centralized team responsible for monitoring and responding to security incidents. -
S
Security Orchestration
Coordinating automated security tasks to improve response efficiency and effectiveness. -
S
Security Patch
A software update that fixes specific security vulnerabilities. -
S
Security Policy
A set of rules and practices that govern the protection of an organization's data and systems. -
S
Security Posture
An organization's overall approach and readiness to defend against cyber threats. -
S
Security Token
A physical or digital item that verifies a user's identity for accessing secure systems. -
S
Security Token Service (STS)
A service that issues security tokens used in federated authentication and single sign-on. -
S
Security Training and Awareness
Educating employees and stakeholders about security risks and best practices. -
S
Security Update
Patches or updates to fix security vulnerabilities in software or systems. -
S
Session Hijacking
The act of taking control of a user's session by stealing or manipulating session data. -
S
Session Token
A token used to maintain a user session and provide access to resources after authentication. -
S
Shadow IT
IT systems, devices, software, or services used without explicit organizational approval. -
S
Shodan
A search engine that identifies and catalogs devices connected to the internet. -
S
Single Sign-On (SSO)
An authentication process that allows a user to access multiple applications with one set of login credentials. -
S
Smart Grid
A modernized electrical grid using digital technology for improved efficiency and reliability. -
S
Social Engineering
Manipulating individuals into revealing confidential information or performing actions. -
S
Software Development Lifecycle (SDLC)
A process for planning, creating, testing, and deploying software applications. -
S
Spear Phishing
A targeted phishing attack aimed at a specific individual or organization. -
S
Spoofing
Impersonating a legitimate entity to deceive or manipulate a target. -
S
Stateful Inspection
A firewall technology that tracks the state of active connections and makes decisions based on state. -
S
Stuxnet
A highly sophisticated worm targeting industrial control systems, discovered in 2010. -
S
Subnet
A subdivided network segment within a larger network, often to improve performance and security. -
S
Supervisory Control and Data Acquisition (SCADA)
A system for remote monitoring and control of industrial processes. -
S
Supply Chain Attack
An attack that targets a supply chain to compromise the end user or organization. -
S
Supply Chain Security
Ensuring the security of supply chain partners and components to prevent attacks or disruptions. -
S
System Integrity
Ensuring that systems perform their intended functions without unauthorized changes. -
T
Threat Actor
An individual or group responsible for carrying out malicious activities or attacks. -
T
Threat Hunting
Proactively searching for threats and anomalies within a network or system. -
T
Threat Intelligence
Information about threats used to prepare for, prevent, and respond to cyber incidents. -
T
Threat Intelligence Feed
Continuous updates on the latest cybersecurity threats to aid in threat detection and response. -
T
Threat Modeling
Identifying and assessing potential threats to prioritize security measures. -
T
Threat Surface
All the possible points where an unauthorized user can attempt to access a system. -
T
Threat Vector
The path or means by which a cyber threat can reach a target. -
T
Timely Response to Events
Quickly identifying and responding to security incidents to minimize damage. -
T
Tokenization
Replacing sensitive data with unique identification symbols or tokens. -
T
Two-Factor Authentication (2FA)
An extra layer of security requiring not only a password and username but also something only the user has on them. -
U
Unidirectional Security Gateway
A network device that allows data to travel in one direction, enhancing security. -
U
Unified Threat Management (UTM)
A security solution that integrates multiple security functions into a single device or platform. -
U
USB Security
Measures to protect USB devices and ports from malware and unauthorized access. -
U
Use Control
Restricting who can use a device or access certain features or functions. -
U
User Account Management
Administering and managing user accounts to control access to systems and data. -
V
Virtual Local Area Network (VLAN)
A segmented network to improve security and management. -
V
Virtual Private Network (VPN)
A technology that creates a secure, encrypted connection over a less secure network, like the internet. -
V
Virtualization Security
Protecting virtual machines and environments from threats and vulnerabilities. -
V
VLAN
Virtual Local Area Network; a segmented network for improved management and security. -
V
VoIP Security
Protecting Voice over IP systems from eavesdropping, fraud, and other threats. -
V
VPN
Virtual Private Network; provides a secure connection over a public network. -
V
Vulnerability
A flaw or weakness in a system that could be exploited by a threat. -
V
Vulnerability Assessment
The process of identifying, quantifying, and prioritizing vulnerabilities in a system. -
W
Watering Hole Attack
Targeting a specific group by infecting websites they are likely to visit. -
W
Web Application Firewall (WAF)
A firewall that filters, monitors, and blocks HTTP traffic to and from a web application to protect against attacks. -
W
Whitelisting
Only allowing explicitly approved entities to access systems or networks. -
W
Wireless Intrusion Detection System (WIDS)
A system that monitors wireless networks for signs of unauthorized access or attacks. -
W
Worm
A self-replicating malware program that spreads across networks without user intervention. -
Z
Zero Day Exploit
An exploit that takes advantage of a vulnerability not yet known to the vendor or public. -
Z
Zero Trust
A security concept where trust is never assumed, and verification is required for all users and devices. -
Z
Zero-Day Exploit
An attack that targets a previously unknown vulnerability, leaving no time for defenses. -
Z
Zero-day Vulnerability
A security flaw unknown to the vendor or developer, making it a prime target for attackers. -
Z
Zombie Device
A compromised device controlled by an attacker, often part of a botnet.