<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1175921925807459&amp;ev=PageView&amp;noscript=1">
Vendor Risk Management

The Cybersecurity Pocket Dictionary: 24 Terms You Should Know

Melissa Stevens | September 22, 2016

Like many technical industries, cybersecurity has a lot of specialized lingo. But there are two dozen cybersecurity terms in particular that are critical to understand. We’ve defined them here (in alphabetical order) and linked to a few articles that may help you better understand them along the way.

Looking to streamline your vendor risk management process? Take a look at these tools and techniques.

The Cybersecurity Pocket Dictionary: 24 Terms You Should Know

1, 2, & 3. Availability, Confidentiality, & Integrity

These three terms make up the triad of information security (often abbreviated “CIA”):

  • Confidentiality is what a company needs to do to ensure sensitive information stays private.
  • Integrity focuses on the life cycle of the data, ensuring it is always accurate.
  • Availability means your hardware and software systems have constant uptime and everything is maintained properly.

Read More: 3 Critical CISO Roles & Responsibilities

4. Botnet security

According to Heimdal Security, “Botnets are entire networks of computers controlled and instructed to...attack other computers, send spam or phishing emails, deliver ransomware, spyware, or [perform] many other similar malicious acts.”

Our research has shown that companies with a higher number of botnets (or a BitSight Botnet Grade of “B” or lower) are twice as likely to experience a publicly disclosed data breach. You can read more about these findings in our BitSight Insight report How Do Botnet Grades Correlate With Significant Data Breaches?

5. Continuous Monitoring

Cyber risk is a major part of every vendor risk management (VRM) program. But traditional risk assessment methodologies—like on-site assessments, audits, penetration tests, and vulnerability scans—only provide you with a cybersecurity snapshot of the exact moment they were performed.

Continuous monitoring is used to describe a solution—like BitSight Security Ratings—that gives you a constant, real-time look into your network and your vendors’ networks for observing any potential vulnerabilities.

Read More: Analyzing Vendor Risk Tools: Vulnerability Scans, Penetration Tests, & More

6. Data Breach

A data breach has taken place when confidential or personally identifiable information (PII) has been compromised in any way. Unfortunately, it’s almost impossible to fully prevent a data breach from happening—but there are some best practices you can put in place to reduce the risk of a hack and make sure a data breach in your organization wouldn’t be catastrophic.

7. DDoS

Distributed denial-of-service (DDoS) is an attack vector that happens when a bad actor creates a slew of traffic requests on a website at once in order to crash it or severely cripple it for a period of time. This impacts information availability or creates a noticeable disruption in service—which is often the hacker’s intent

Read More: 3 Attack Vectors That Lead To Cybersecurity Breaches

8. Encryption

Encryption is defined as the “activity of converting data or information into code.” Encrypting critical data is an important step in preventing large-scale data leakage from a cybersecurity breach. If the data is encrypted, a bad actor may have access to the data but may not be able to harvest it in a useable form.

9. Exploitation

Exploitation is typically discussed in regard to software vulnerabilities that hackers are able to take advantage of. Consider this Heimdal Security statistic: “99% of computer users are vulnerable to exploit kits (software vulnerabilities).”

Read More: 28 Data Breach Statistics That Will Inspire You (To Protect Yourself)

10. Malware

Malicious software—or malware—is one of many types of attacks a bad actor can use to exploit a software vulnerability in order to gain access to data or systems. All 350 North American Eddie Bauer retail locations as well as 20 properties managed by HEI Hotels were affected by point-of-sale (PoS) malware attacks recently.

Read More: How Point Of Sale Breaches Happen

11. Man-In-The-Middle (MITM) Attack

A man-in-the-middle (MITM) attack is when a hacker intercepts communication between two (or more) parties and relays the information to both sides. Common vulnerabilities like POODLE facilitate MITM attacks.

12. Patching Cadence

Patching cadence involves determining how many vulnerabilities you have in your system and how many critical vulnerabilities have yet to be patched. It is one of four critical cybersecurity metrics we recommend reporting to the board.

13, 14, & 15. Phishing, Spear Phishing, & Whaling

To conduct a phishing attack, a bad actor tries to impersonate either a legitimate person or a corporation through an email that asks the user to take an action. This action would give the “phisher” an access point to critical data or information.

Spear phishing is a more targeted form of phishing. The bad actor will usually pose as a trusted individual from the victim’s own company or assume the identity of an authority figure to give their email the gravitas it needs.

Read More: The Top Cybersecurity Threats Of 2016: An Overview For Board Meetings

Whaling is similar to phishing and spear phishing, but the target is an important person or a high-profile individual, like a C-level executive or a celebrity. The methods used to phish them are usually highly personalized.

16. Ransomware

Ransomware is a type of malware attack where the victim is forced to pay a ransom in order to get their network or data back. This, along with targeted spear phishing attacks, is one of the biggest cybersecurity threats of 2016.

Read More: The Rising Face Of Cyber Crime: Ransomware

17. SQL Injection

A structured query language (SQL) injection attack targets back-end databases and applications that use the SQL programming language. Along with phishing attacks and DDoS attacks, it’s considered a critical attack vector that can lead to a cybersecurity breach.

18, 19, & 20. SPF, DKIM, & DMARC

SPF, DKIM, and DMARC are email authentication protocols that reduce the likelihood of employees falling victim to phishing attacks by quarantining suspicious emails to spam folders. Proper application of these email authentication protocols will help lower the chances of a breach.

Read More: 3 Recent Data Breaches & What You Can Learn From Them

20 & 21. SSL & TLS

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are both authentication protocols hackers can exploit.

Read More: DROWN: Breaking Down The Latest TSL / SSL Vulnerabilities

22. Third-Party Cyber Risk Management

Third-party cyber risk management—or vendor risk management (VRM)—is the process of measuring and mitigating threats and risk that vendor relationships pose to your information, network, and organization.

Read More: How Third-Party Risk Management Will Change In 2016

23. Torrents

Torrenting is a peer-to-peer file sharing technology that has a good, bad, and ugly side when it comes to cybersecurity.

24. Vulnerability

In cybersecurity, vulnerability typically refers to a system or network that is, for one reason or another, more susceptible to attacks.

Read More: Cyber Vulnerability: Where Do You Stand?

What cybersecurity terms would you add?

Tweet us @BitSight and let us know! Your response could show up in our next cybersecurity dictionary update.

security-managers-guide-to-VRM

Suggested Posts

Worthwhile TPRM Certifications for Security & Risk Professionals

As the importance of third-party risk management (TPRM) continues to grow, organizations are hiring for related roles more seriously than ever before. To compensate, security and risk professionals are seeking out certification programs in...

READ MORE »

Which Third-Party Risk Management Tools Do You Really Need?

With high-profile breaches being traced back to supply chain vulnerabilities and a regulatory environment that’s waking up to the realities of vendor risk, many organizations are investing heavily in third-party risk management (TPRM)...

READ MORE »

New Study: Organizations Struggle to Manage Cyber Risk in Their Supply Chains

A new report from McKinsey & Company sheds light on something we’ve known for many years – organizations are struggling to make significant progress in managing cybersecurity risk in their supply chains.

READ MORE »

Subscribe to get security news and updates in your inbox.