Glossary of Cybersecurity Terms - Titania

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | X | Y | Z

A

Active Cyber Defense (ACD): ACD is a proactive approach to protecting an organization's network and IT assets. It involves predicting the attacker's actions and setting relevant traps to detect a wide range of attacks with precision and speed.

Advanced Persistent Threat (APT): Advanced persistent threat (APT) is a planned, stealthy cyberattack that allows attackers to penetrate a company's network and stay inside for a prolonged duration to exfiltrate valuable information.

Air gapped network: An air gap is a security measure that involves isolating a computer or network and preventing it from establishing an external connection. An air-gapped computer is physically segregated and incapable of connecting wirelessly or physically with other computers or network devices. Data can only pass via removable media such as USB.

Related resource: Auditing and assuring air-gapped networks

Attack Surface Management (ASM): Attack Surface Management is the continuous process of identifying and monitoring points within data systems that could be potential attack vectors; and defining and implementing remediation strategies to address these gaps. This is a proactive approach to cybersecurity with the aim of reducing the risk of attacks on an organization’s systems.

Related resource: Attack Surface Management and Incident Prevention

B

Banking, Financial Services and Insurance (BFSI): BFSI is the industry's umbrella term for companies that provide a range of such financial products or services. This includes universal banks that provide a range of financial services or companies that operate in one or more of these financial sectors.

C

Command Cyber Readiness Inspection (CCRI): A scheduled or ad hoc audit conducted by DoD on unit networks. If a unit has 3 CAT I findings against STIGs, or the unit scores below 70%, the associated network would be referred to Quarantine Review Board and the network could be shut down until minimum standards are met having a critical effect on missions.

Common Vulnerabilities and Exposure (CVE): CVEs are unique, common identifiers for publicly known information-security vulnerabilities in publicly released software packages.

Related resource: CVE and Beyond: Security Implications in Device Configuration

Common Vulnerability Scoring System (CVSS): The Common Vulnerability Scoring System is a free and open industry standard for assessing the severity of computer system security vulnerabilities. CVSS attempts to assign severity scores to vulnerabilities, allowing responders to prioritize responses and resources according to threat.

Related resource: CVSS – what it is and how it works

Configuration: The operating instructions to which a device functions.

Configuration drift: Configuration drift is when configurations in an IT system gradually change over time. Drift is often unintentional and happens when undocumented or unapproved changes are made to software, hardware, and operating systems.

Related resource: Configuration Drift Monitoring

Configuration Management Database (CMDB): A CMDB is a database which stores information about hardware and software assets and is a crucial part of the ITIL framework. It enables organizations to manage, control, and configure assets.

Control Correlation Indicator (CCI): The Control Correlation Identifier (CCI) provides a standard identifier and description for each of the singular, actionable statements that comprise an Information Assurance (IA) control or IA best practice. CCI bridges the gap between high-level policy expressions and low-level technical implementations. CCI allows a security requirement that is expressed in a high-level policy framework to be decomposed and explicitly associated with the low-level security setting(s) that must be assessed to determine compliance with the objectives of that specific security control. This ability to trace security requirements from their origin (e.g., regulations, IA frameworks) to their low-level implementation allows organizations to readily demonstrate compliance to multiple IA compliance frameworks.

Controlled Unclassified Information (CUI): Controlled Unclassified Information is information owned or created by the government which is sensitive but not classified. This might include patents, technical data, or information relating to the manufacture or acquisition of goods and services. Government agencies publish lists of relevant categories and specific definitions of CUI. Although CUI is not considered classified information, the information can only be handled when using appropriate security controls. Breaches of such sensitive data can lead to adverse national security and economic consequences.

Related resource: What is Controlled Unclassified Information (CUI)?

Critical National Infrastructure (CNI) also known as Critical Infrastructure (CI): Industrial control systems, financial systems, freight distribution networks and essential utilities like water, gas, electricity and telecommunications all make up our Critical National Infrastructure. Critical Infrastructure is often a target for threat actors look to disrupt and destroy day to day civilian life.

Cyber hygiene: Cyber hygiene is the practice of appropriately protecting and maintaining IT systems and devices by using foundational cyber security best practices.

Cyber Operations Rapid Assessment (CORA): The Cyber Operational Readiness Assessment (CORA) encompasses a thorough evaluation of a Department of Defense entity’s cybersecurity posture, including a detailed assessment of the organization’s Information Assurance programs, classified and unclassified networks, and the critical cyber and physical assets that support these networks.

Related resource: DoD introduces CORA program

Cybersecurity: Cybersecurity refers to the practice of protecting networks, hardware, software, data, and confidential information from cyberthreats such as unauthorized access, theft, damage, or other malicious digital attacks by employing a comprehensive set of technologies and best practices.

Cybersecurity Maturity Model Certification (CMMC): CMMC is a U.S. Department of Defense (DoD) program that applies to Defense Industrial Base (DIB) contractors. It is a unifying standard and new certification model to ensure that DoD contractors properly protect sensitive information. The progressive model covers advancing levels of cybersecurity processes and practices resulting in a certification level. Contractors must start at level 1 and certify at each level, all the way to the top level 3. These Maturity models are a collection of best practices, the degree of adherence to which progresses organizations along a scale from lower levels of adoption or “maturity” to higher levels of aptitude and certification. Certifying to a maturity model means that a company or organization has committed itself to improving its processes and practices within a model’s domains to a sustainable, measured level of high performance.

Related resource: What is CMMC? Cybersecurity Maturity Model Certification Explained

Cyberspace Vulnerability Assessment Hunter (CVAH): The CVAH system provides a cyberspace security capability offering in-depth assessment of information system assets such as computers, infrastructure, applications, data, and cyberspace operations.

D

Decision Making Unit (DMU): A Decision-Making Unit (DMU) is a group of individuals within an organization who work together to make a purchase decision. This is especially relevant in business-to-business (B2B) transactions, where buying decisions are complex and require the input of multiple stakeholders.

Defence Information Systems Agency (DISA): DISA is part of the Department of Defense (DoD). It's a combat support agency that provides IT and communication support to all institutes and individuals working for the DoD. DISA oversees the IT and technological aspects of organizing, delivering, and managing defense-related information. This includes STIG guidelines. These guides outline how an organization should handle and manage security software and systems.

Related resource: DISA STIG Compliance Explained

Deterministic: We analyse Configuration data which is “defined specific information”. Our virtual modelling technology uses deterministic analysis to create accurate audits that can be trusted. Deterministic analysis will always return the same result any time it is presented with a specific set of input values e.g. such as those found in a configuration.

Digital Operational Resilience Act (DORA): The Digital Operational Resilience Act is an EU regulation that will apply as of 17 January 2025. It aims at strengthening the IT security of financial entities such as banks, insurance companies and investment firms and ensuring that the financial sector in Europe can stay resilient in the event of a severe operational disruption. DORA brings harmonization of the rules relating to operational resilience for the financial sector applying to 20 different types of financial entities and ICT third-party service providers.

E

Endpoints also can be written as End points: An endpoint is a remote computing device that communicates back and forth with a network to which is it connected. Examples of endpoints include desktops, laptops, servers and workstations.

Enterprise Network: Enterprise network refers to the physical, virtual, or logical connectivity of the organization’s users, devices, systems, and applications.

Exposure Management (EM): Exposure management is the process of addressing the access points – or attack vectors – and digital/physical assets along an organization's attack surface that could increase overall risk posture by being vulnerable to threat actors and breaches.

F

False Positive also known as False Negative: A false positive is when you think you have a specific vulnerability in your network but in fact you don't (wasting time). False negatives are when you think you don’t have a problem when in fact you do (leaving you vulnerable). .

Federal Information Security Modernization Act (FISMA): The Federal Information Security Management Act of 2002 (FISMA) is a United States federal law that defines a comprehensive framework to protect government information, operations, and assets against natural and manmade threats. FISMA was enacted as part of the E-Government Act of 2002 and is one of the most important regulations for federal data security standards and guidelines.

Related resource: FISMA Compliance Explained

Firewalls: A firewall is a system designed to prevent unauthorized access to or from a private network.

Related resource: Firewall Management: The Expert Guide

G

General Data Protection Regulation (GDPR): The EU general data protection regulation (GDPR) governs how the personal data of individuals in the EU may be processed and transferred.

H

Health Insurance Portability and Accountability Act (HIPAA): HIPAA compliance is a living culture that healthcare organizations must implement within their business to protect the privacy, security, and integrity of protected health information.

Related resource: Healthcare Cybersecurity Software

I

Industry assurance standards: A set of security standards by which certain companies must adhere to e.g. PCI DSS, DISA STIG, CDM.

Related resource: Network Infrastructure Security, Compliance, and Attack Surface Management Solutions

Information Technology Infrastructure Library (ITIL): ITIL is a framework for effectively managing IT services throughout the entire service lifecycle. The ITIL framework offers guidance and best practices for managing the five stages of the IT service lifecycle: service strategy, service design, service transition, service operation and continual service improvement.

Insider Threat: An insider threat is a user with authorized access to sensitive company assets or data who may misuse their access rights to compromise the organization's security. Internet of Things (IOT): The Internet of things describes devices with sensors, processing ability, software and other technologies that connect and exchange data with other devices and systems over the Internet or other communications networks. The Internet of things encompasses electronics, communication, and computer science engineering.

K

Known Exploited Vulnerabilities (KEVs): The KEV catalog provides a list of known vulnerabilities that have been exploited in cyber attacks.

Related resource: Software Vulnerability Management

Known issues: A known issue is either a vulnerability that has been reported and recorded on public vulnerability databases or a vulnerability which is on your network but is currently unresolved / unmitigated.

Related resource: Use Case: Identifying Network Compromise and Prioritizing Remediation

L

Live off the Land (LOTL): Living off the Land is a strategy which involves threat actors leveraging the utilities readily available within the target organization's digital environment to move through the cyber kill chain.

M

Macro Segmentation: Macro segmentation refers to the practice of dividing a network into large, distinct segments based on broad criteria like departmental or functional lines. This approach aims to control access and limit the spread of threats across the network by creating barriers between these large segments.

Major Command (MAJCOM): A major command (MAJCOM) represents a major Air Force subdivision having a specific portion of the Air Force mission. Each MAJCOM is directly subordinate to Headquarters, Air Force.

Mapping Document: Whenever data is moved from a source to a destination, it needs to go through some level of transformation. This is where data mapping steps in, effectively translating the data from one format to another using the pre-specified rules in a data mapping document template. At Titania, we have a mapping document that show how our compliance reports map on to standards such as PCI DSS, NIST 800-53 and more.

Related resource: Resources

Mean time to detect (MTTD): MTTD is a key performance indicator (KPI) for IT Incident Management and refers to the average amount of time it takes to discover an issue.

Mean time to repair (MTTR): MTTR is the average time it takes to repair a system (usually technical or mechanical). It includes both the repair time and any testing time. The clock doesn't stop on this metric until the system is fully functional again.

Related resource: Incident Prevention or Incident Recovery: Comparing MTTR definitions

Micro Segmentation: Micro segmentation is a security method of managing network access between workloads. With micro segmentation, administrators can manage security policies that limit traffic based on the principle of least privilege and Zero Trust. Organizations use micro segmentation to reduce the attack surface, improve breach containment and strengthen regulatory compliance.

Misconfiguration: An incorrect or suboptimal configuration of an information system or system component that could lead to vulnerabilities.

Related resource: The impact of exploitable misconfigurations on network security

Mitigation classification table: Prioritised log of security risks and how to resolve them

MITRE ATT&CK: MITRE is an organisation that have developed a knowledge base which consists of the methods that attackers use against enterprise systems, cloud apps, mobile devices, and industrial control systems. ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) can help you understand how cyber attackers think and work. The ATT&CK framework essentially describes attack vectors that attackers can use against a network. By understanding and mitigating these vectors, an organisation can reduce their attack surface. These vectors can also be used to put threats into context.

Related resource: MITRE ATT&CK® Monitoring

N

National Institute of Health (NIH): The National Institutes of Health, commonly referred to as NIH, is the primary agency of the United States government responsible for biomedical and public health research.

National Institute of Standards and Technology (NIST): The National Institiute of Standards and Technology is a US agency that provides measurements and standards to “support the smallest of technologies to the largest and most complex of human-made creations — from nanoscale devices so tiny that tens of thousands can fit on the end of a single human hair up to earthquake-resistant skyscrapers and global communication networks.

National Vulnerabilities Database (NVD): The NVD is the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

Network Access Control (NAC): Network access control can be defined as the set of rules, protocols, and processes that govern access to network-connected resources such as network routers, conventional PCs, IoT devices, and more.

Network Activity: Network activity monitoring helps identify bottlenecks impacting overall network performance, health, and uptime.

Network Administrator: A network administrator proactively identifies and resolves a computer network's security, reliability, and performance issues.

Network assurance: Quantifies risk from an IT network perspective, based on analysis of network facts. Examples could be identifying configuration errors in network equipment, which may result in loss of connectivity between devices, degradation of performance or network outages.

Network Availability: Network availability, also referred to as network uptime, denotes the overall duration for which the clients can seamlessly access the resources, such as servers and printers, available on a computer network.

Network Configuration: Network configuration refers to the organization, governance, and maintenance of a network with the right set of controls and policies.

Network devices: Network devices facilitate data transmission and manage digital connections on a computer network.

Firewalls - a firewall is a system designed to prevent unauthorized access to or from a private network
Switches – a switch is used to network multiple computers together
Routers - a router is a networking device that forwards data packets between computer networks

Network Infrastructure: Network infrastructure is a set of software and hardware components that help build, run, and maintain an IT network.

Network Monitoring: Network monitoring is a critical IT process to discover, map, and monitor computer networks and network components, including routers, switches, servers, firewalls, and more.

Network Operations Center (NOC): Network Operations Center, responsible for monitoring and maintaining the overall network infrastructure.

Network Optimization: Network optimization leverages a variety of strategies, tools, and programs to improve network performance.

Network Segmentation: Network segmentation is an architectural approach that divides a network into multiple segments or subnets, each acting as its own small network. This allows network administrators to control the flow of network traffic between subnets based on granular policies. Organizations use segmentation to improve monitoring, boost performance, localize technical issues and – most importantly – enhance security.

Related resource: Zero Trust Network Segmentation

North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP): NERC CIP provides a framework for ensuring that electric power companies and other entities that operate critical infrastructure take appropriate measures to protect against cyberattacks and other security threats.

P

Payment Card Industry Data Security Standard (PCI DSS): The Payment Card Industry Data Security Standard is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.

Related resource: PCI DSS Compliance

PCI Security Standards Council (PCI SSC): The PCI Security Standards Council (PCI SSC) is a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments worldwide.

Pen tester: Penetration testing, also called pen testing or ethical hacking, is the practice of assessing the security of computer system, network or web application to find vulnerabilities that an attacker could exploit.

Proactive Security: Proactive Security can be defined as a pre-emptive approach to cybersecurity that seeks out and mitigates likely threats before they pose a danger to an organization.

Related resource: Emerging Best Practice in the Use of Proactive Security Solutions

Probabilistic: Some tools (such as scanners) use audit methods that analyse device responses (to queries or attacks) rather than the underlying device settings and interactions (such as configuration data). Risks are derived or extrapolated from how the devices respond (which can vary dependant on many different network and device factors). Probabilistic analysis has more likelihood of error (such as false positives and negatives) than deterministic analysis.

Product Security Incident Response Team (PSIRT): PSIRT is created by Cisco to further enhance the NVDs – only available for their products; a dedicated, global team that receives, investigates, and publicly reports security vulnerability information that is related to Cisco products and networks.

R

Remediation advice: Advice on how to fix the device misconfiguration - prioritised according to the risk to the business.

Remediation Workflow: Remediation Workflows refer to structured processes and sets of actions designed to address and resolve vulnerabilities, compliance issues, or any identified problems within an organization's IT environment, operations, or security systems.

Risk Management Framework (RMF): A risk management framework (RMF) is a set of practices, processes, and technologies that enable an organization to identify, assess, and analyze risk to manage risk within your organization.

Routers: A router is a networking device that forwards data packets between computer networks.

S

Secure configuration: Refers to security measures that are implemented when building and installing network devices in order to reduce unnecessary cyber vulnerabilities.

Related resource: Configuration Drift Monitoring

Security Audit: Titania's own ‘best practice’ security standards report.

Related resource: Proactive Network Configuration Assessments

Security Content Automation Protocol (SCAP): The Security Content Automation Protocol (SCAP) is a synthesis of interoperable specifications derived from community ideas. Community participation is a great strength for SCAP, because the security automation community ensures the broadest possible range of use cases is reflected in SCAP functionality.

Security information and event management (SIEM): Software products and services provide real-time analysis of security alerts generated by applications and network hardware and can be used to log security data and generate reports for compliance purposes.

Related resource: Resources: Nipper Enterprise Use Case - Leveraging NE data in SIEM to report on the top exploited vulnerabilities identified by CISA

Security Operations Center (SOC): Security Operations Center, responsible for protecting networks, as well as web sites, applications, databases, servers and data centers.

Security Orchestration, Automation and Response (SOAR): Security Orchestration, Automation and Response is a solution stack of compatible software programs that allow an organization to collect data about security threats from multiple sources and respond to low-level security events without human assistance.

Security Technical Implementation Guides (STIG): STIG security refers to Security Technical Information Guides (STIG) and are security guidelines from DISA. There are 100s of STIGs maintained and updated (usually on a quarterly basis) by DoD STIG Viewer.

Related resource: STIG Compliance

SSL Certificate: SSL certificates are small data files designed to strengthen the overall website security through strong encryption and identity verification methods.

Switches: A switch is used to network multiple computers together.

T

Tactics, Techniques and Procedures (TTPs): TTPs describes the behavior of a threat actor and a structured framework for executing a cyberattack. Tactics are the highest-level description of behavior. Techniques are a more detailed description of the threat actor’s actions within the context of a tactic. Procedures are an even lower-level, more detailed description of activities within a technique's context.

The Cyber Assessment Framework (CAF): The CAF is a high-level framework developed by the National Cyber Security Center (NCSC). It represents an industry framework that is used by operators of essential services under the Network and Information Systems regulations as well as more widely across the private sector, including Critical National Infrastructure (CNI) sectors. CAF provides a systematic and comprehensive approach for assessing the extent to which cyber risks to essential functions are being managed by the organisation responsible for them, and is intended to be used both by the organisation itself (for self-assessment) and by the independent assessor during the assurance review.

The Federal Information Security Management Act (FISMA) compliance: FISMA compliance is compliance with The Federal Information Security Management Act (FISMA) is a United States federal law passed in 2002 that made it a requirement for federal agencies to develop, document, and implement an information security and protection program.

Related resource: Configuration Drift Monitoring

Trouble Ticket: A trouble ticket is another term for a support ticket. When a customer or employee has a problem, they submit a document, or ticket, to the IT team describing their issue. The team records important information on the ticket and uses it for communication between the customer and the team.

V

Vulnerability Assessment: Vulnerability assessment is a systematic approach to identify the security loopholes or weak points in your IT infrastructure and taking active measures to resolve them quickly.

Z

Zero Trust Network Segmentation (ZTS): Zero Trust Segmentation is where a network is split into different sub-networks which each limit access to sensitive information only to the people, applications, and servers that need it. This creates a barrier within the network minimizing the ability of an attacker to move laterally should they gain access.

Related resource: Zero Trust Network Segmentation

Zero Trust: Zero trust is a strategic approach to cybersecurity that secures an organization by eliminating implicit trust and continuously validating every stage of a digital interaction. With Zero Trust, security is never assumed, it takes a "never trust, always verify” approach. No devices or connections are to be implicitly trusted. Instead of one-time access decisions, security is addressed dynamically, always adapting to observed changes in the environment.

Related resource: Zero Trust