An access control list (ACL) is a list of permissions attached to an object in

a computer file. Each ACL contains a list of access control entries (ACE)
that specifies which users or system processes are granted access, denied
access or are audited for a securable object.

Accountability in the cyber security space entails ensuring that activities

on supported systems can be traced to an individual who is held
responsible for the integrity of the data.

Asymmetric Key Cryptography, also known as Public key cryptography, is

an cryptographic system that uses pairs of keys: public keys which may be
disseminated widely, and private keys which are known only to the owner.

An attack is a malicious intent to gain unauthorized access to a system , or

compromise system integrity or confidentiality. It interrupts the operations
of a network.

Authentication is the proces of confirming the correctedness of the claimed

identity of an individual user, machines or software component, to allow
access to the system.

Availability is the time duration a system or resource is ready for use.

A black hat hacker is the “bad guy” who violates computer security for few
reasons beyond maliciousness or personal gain. Black Hat Hackers may
share information about the hack with other black hats so that the same
vulnerabilities can be exploited before the victim becomes aware and takes
appropriate measures.
A botnet is a remote network of zombie drones under the control of a black
hat. Attackers use various malware and viruses to take control of
computers to form a botnet (robotic network), which will send further
attacks such as spam and viruses to target computers or networks. Most
often, the users of the systems will not even know they are involved .
A bridge is an electronic device that connects two networks such as LAN
that uses the same protocol such as Ethernet or Token Ring, and creates
two distinct LAN's or Wide Area Networks. Operating at the Data Link
Layer of the Open System Interconnect model, bridges have the ability to
filter the information and can pass such information to the right nodes, or
decide not to pass any information. They also help in streamlining or
reducing the volume of traffic on a LAN by dividing the data into two
segments.
A brute force attack is the process of finding the solution by trying many
probable variants of information such as passwords, deciphered keys,
randomly.

Business continuity management refers to preparing for and maintaining

continued business operations following disruption or crisis.

A Business Continuity Plan, also known as business emergency plan,

offers safeguards against a disaster, and outlines the strategies, action plan
on how to continue business as usual in the event of any disaster.

A cold site is a backup site that can become operational fairly quickly,
usually in one or two days. A cold site might have standard office
equipment such as furniture and telephones, however there is unlikely to
be any computer equipment. Basically, a cold site is a backup facility ready
to receive computer equipment should a group need to move to an alternate
location.
Confidentiality ensures that rules are set that places restrictions on access
to, or sharing of information with the aim of preserving and protecting the
privacy of the information.

Configuration Management (CM) is a systems engineering process for

ensuring consistency of a product's performance, functional, and physical
attributes with its requirements, design, and operational information.
Content filtering is a process by which access to certain content,
information, data is restricted or completely blocked based on
organization's rules, by using either software or hardware based tools.

A cracker, also known as a black hat hacker, is an individual with extensive

computer knowledge whose purpose is to breach or bypass internet
security or gain access to software without paying royalties. As opposed to
hackers who can be internet security internet experts to hire vulnerabilities
in systems, crackers has the malicious intent to do damage for criminal
gain.

Cross-site scripting (XSS) is a type of computer security vulnerability

typically found in web applications. XSS enables attackers to inject
client-side scripts into web pages viewed by other users. A cross-site
scripting vulnerability may be used by attackers to bypass access controls
such as the same-origin policy.
Cryptography is a method to of protect the privacy of information by
encrypting it into a secret code, so no one but the authorized person with an
encryption key can read or view the information. The use of mathematical
techniques to provide security services, such as confidentiality, data
integrity, entity authentication, and data origin authentication. The art or
science concerning the principles, means, and methods for converting
plaintext into ciphertext and for restoring encrypted ciphertext to plaintext.

A Data Encryption Standard is a form of algorithm to convert plain text to

a cipher text. Data Encryption Standard uses the same key to encrypt and
decrypt the data, and hence it is a symmetric key algorithm.

Data that is complete, intact, and trusted and has not been modified or
destroyed in an unauthorised or accidental manner.

A decryption key is a piece of code that is required to decipher or convert

encrypted text or information into plain text or information.
A Disaster Recovery Plan (DRP) prescribes steps required to carry on the
business as usual in the event of a disaster. Disaster recovery plan aims to
bring business activities back to normalcy in the shortest possible time. An
in-depth understanding of a business's critical processes and their
continuity needs is required to create the plan.
Domain Hijacking
An attack in which an attacker takes over a domain by first blocking access
to the domain's DNS server and then putting his own server up in its place.

Domain name system is the system by which internet domain names and
addresses are tracked and regulated.

Dumpster diving refers to the act of rummaging the trash of others to

obtain useful information to access a system.

Eavesdropping is when one secretly listens to a conversation.

The process of transforming plaintext into ciphertext. Converting data into

a form that cannot be easily understood by unauthorised people.

An exploit is a taking advantage of a vulnerability, weakness or flaw in the

sytem to intrude and attack the system.

The File Transfer Protocol (FTP) is a standard network protocol used for
the transfer of computer files from a server to a client on a computer
network. FTP is built on a client-server model architecture and uses
separate control and data connections between the client and the server.

A firewall is a security barrier that monitors and controls incoming and

outgoing network traffic based on predetermined security rules, designed
to keep unwanted intruders “outside” a computer system or network. A
firewall should be regularly checked and updated to ensure continued
function, as malicious hackers learn new tricks to breach the firewall.

Flooding is an attack that attempts to cause a failure in a system by

providing more input than the system can process properly.

Gateways act as an entrance to another network. A node or stopping point

can be either a gateway node or a host (end-point) node.

Governance is a system for directing an organization. It includes a set of

rules and practices established to evaluate the conditions of the
stakeholders (e.g. management, suppliers, financiers, customers). It also
includes framework for attaining the established goals of an organization,
alongside achieving a balance between the goals of organization and
interests of the stakeholders. It aims to protect the interests of the
organization by protecting assets of the organization, and the interests of
the creditors, customers.

A gray hat is a white hat/ black hat hybrid. A gray hat is a hacker with no
intention to do damage to a system or network, but to expose flaws in the
system security. However, they may use illegal means to gain access to the
net work to expose the security weakness.

A hacker is a programmer who gains unauthorized access to a computer

system. The mainstream usage of "hacker" mostly refers to computer
criminals who gathers information on computer security flaws and breaks
into computers without authorization.

Handshaking procedures are the dialogue between two information

systems for synchronizing, identifying, and authenticating themselves to
one another.
A process of applying a mathematical algorithm against a set of data to
produce a numeric value (a 'hash value') that represents the data. It's a way
to maintain data integrity and accuracy.

A honeypot is a trap set to detect, deflect, or in some manner counteract

attempts at unauthorized use of information systems. Generally it consists
of a computer, data, or a network site that appears to be part of a network,
but is actually isolated and monitored, and which seems to contain
information or a resource of value to attackers.

HTTPS (also called HTTP over TLS, HTTP over SSL, and HTTP Secure)
is an Internet protocol used for secure communication over a computer
network. HTTPS is very important over insecure networks (such as public
WiFi), as anyone on the same local network can discover sensitive
information not protected by HTTPS. HTTPS consists of communication
over Hypertext Transfer Protocol (HTTP) within a connection encrypted
by Transport Layer Security or its predecessor, Secure Sockets Layer.

A hub is a network device that is a common connection point for devices in

a network. These are commonly used to connect segments of a LAN. A
hub contains multiple ports. When a data packet is received at one port, it is
transmitted to the other ports on the hub.

HTTP is the underlying protocol used by the World Wide Web (WWW).
This protocol defines how messages are formatted and transmitted on the
Internet and what actions web servers and browsers should take in
response to various commands.

Intrusion Detection and Prevention Systems are network security

appliances that monitor network and/or system activities for malicious
activity. The main functions of intrusion prevention systems are to identify
malicious activity, log information about this activity, attempt to
block/stop it, and report it.

An incident is an unplanned disruption of a network or system service and

needs to be resolved immediately. An example would be a server crash that
causes a disruption in the business process.

IaaS is the provision of computing infrastructure (such as server or storage

capacity) as a remotely provided service accessed online (ie via the
internet).

The integrity of a system or network is the assurance that information is

protected, and is only made available to those who are authorised. The
property whereby information, an information system, or a component of a
system has not been modified or destroyed in an unauthorised manner.

The Internet Control Message Protocol (ICMP) is one of the key Internet
protocols and is used by network devices such as routers to generate error
messages to the source IP address when network problems prevent
delivery of IP packets. Any IP network device has the capability to send,
receive or process ICMP messages.

The Internet Message Access Protocol (IMAP) is a standard Internet

protocol that is used by e-mail clients to retrieve e-mail messages from a
mail server over TCP/IP. IMAP is defined by RFC 35 1. An IMAP server
typically listens on port number 143. IMAP over SSL (IMAPS) is assigned
the port number 993.

Intrusion
An unauthorised act of bypassing the security mechanisms of a network or
information system.
Intrusion Detection System is a security service that monitors and analyzes
network or system events for the purpose of finding, and providing
real-time or near real-time warning of, attempts to access system resources
in an unauthorized manner.

Intrusion Prevention System is a system that can detect an intrusive

activity and can also attempt to stop the activity, ideally before it reaches
its targets.

An Internet Protocol address (IP address) is a numerical label that is

assigned to any device that is using Internet Protocol and is connected to an
internet network. An IP address allows network interface identification and
location addressing.

IP Spoofing is also known as IP address forgery or a host file hijack. It is a

hijacking technique where a hacker impersonates as a trusted host to
conceal his identity, spoof a web site, hijack browsers, or gain access to a
network.

A local area network (LAN) is a computer network that links devices

within a building or group of adjacent buildings.

A logic bomb is a malicious program designed to execute when a certain

criterion is met. This criteria can be: when a certain time is met, when a
certain file is accessed, or when a certain key combination is pressed.

A Media Access Control address (MAC address) is the physical address

and is a unique identifier assigned to the network interface for
communication. MAC addresses are generally used as a network address
for most IEEE 8 2 network technologies (Ethernet, WiFi). MAC addresses
are used in the media access control protocol sub-layer of the OSI
reference model.
A macro virus is a malware (ie malicious software) that uses the macro
capabilities of common applications such as spreadsheets and word
processors to infect data. A type of malicious code that attaches itself to
documents and uses the macro programming capabilities of the
document’s application to execute, replicate, and spread or propagate
itself.

Malware is a term used for malicious software. Malware can be any

software that is used to interrupt or disrupt computer operations, gather
sensitive information, or gain access to certain files or programs. It
includes viruses, Trojans, worms, time bombs, logic bombs, or anything
else intended to cause damage upon the execution of the payload.

Posing as an online bank or merchant, a cyber criminal allows a victim to

sign in over a Secure Sockets Layer (SSL) connection. The attacker then
logs onto the real server using the client's information and steals credit card
numbers.

The MD5 message-digest algorithm is the most widely used cryptographic

hash function producing a 128-bit (16-byte) hash value, typically
expressed in text format as a 32 digit hexadecimal number. MD5 is
currently a standard, Internet Engineering Task Force (IETF) Request for
Comments (RFC) 1321.

A netmask isused to divide an IP address into subnets and specify the

network's available hosts. The netmask screen out the network part of an IP
address so that only the host computer part of the address remains.

A network happens when two or more computer systems that are grouped
together share information, software and hardware.

Network Address Translation (NAT) is an approach that is used to remap

an IP address space into another by modifying network address
information in IP datagram packet headers while they are in transit. This
technique was originally used for rerouting traffic in IP networks without
renumbering every host.

OSI stands for Open System Interconnection and is an ISO standard for
worldwide communications. OSI defines a networking framework for
implementing protocols in seven layers. OSI defines seven layers of
functions that take place at each end of a communication. Although OSI is
not always strictly adhered to in terms of keeping related functions
together in a well-defined layer, many products involved in
telecommunication attempt to describe themselves in relation to the OSI
model.

OSI layer is a physical layers that conveys the bit stream, electrical impulse,
light, or radio signal through the network at the electrical and mechanical
level. Fast Ethernet, RS232, and ATM are protocols with physical layer
components.

A packet is a unit of data that is routed between an origin and a destination

on the Internet or any other packet-switched network. When any file (such
as e-mail message, HTML file, Graphics Interchange Format file) is sent
from one place to another, the Transmission Control Protocol (TCP) layer
of TCP/IP divides the file into smaller chunks ideal for routing.

Passive Attack
An assault perpetrated by an intentional threat source that attempts to learn
or make use of information from a system, but does not attempt to alter the
system, its resources, its data, or its operations.

Password Authentication Protocol (PAP) is a password-based

authentication protocol used by Point to Point Protocol (PTP) to validate
users. Almost all network operating system remote servers support PAP.
Password cracking is the process of trying to guess or crack passwords to
gain access to a computer system or network. Crackers generally use a
variety of tools, scripts, or software to crack a system password. Password
cracks work by comparing every encrypted dictionary word against the
entries in system password file until a match is found.

Password sniffing is a technique used to gain knowledge of passwords

that involves monitoring traffic on a network to pull out information.
Softwares can be used for automatic password sniffing.

A patch is a piece of software security update designed to update a

computer program or its supporting data, to fix or improve it. This includes
fixing security vulnerabilities and other bugs in existing programs, usually
called bug fixes.

Payload
In computing, a payload is the actual intended message within transmitted
data. In cybersecurity, however, a payload is the part of malware that
performs the malicious action.

A penetration test, is a method of evaluating the security of a computer

system or network by simulating an attack from malicious outsiders. The
process involves an active analysis of the system for any potential
vulnerabilities from improper system configuration, or operational
weaknesses in process or technical countermeasures. This analysis is
carried out from the position of a potential attacker and can involve active
exploitation of security vulnerabilities. Penetration Testing is also known
as pen testing.

Pharming is a type of cyber attack that redirect a website's traffic to a

masquerading website. Pharming is achieved by corrupting a DNS server
to steer the URL to the IP address of the pseudo website instead of the real
IP address. This attack is used to gather private information such as login
credentials.
Phishing is a form of social engineering carried out by black hats in
electronic form, usually by email, with the purpose of gathering sensitive
information by impersonating a trustworthy entity. Phishing
communications are made to look like they come from a legitimate source
like a social networking site, entity or bank.

A polymorphic virus is a virus that will change its digital footprint every
time it replicates. Anti virus software relies on a constantly updated and
evolving database of virus digital footprint signatures to detect any virus
that may have infected a system. By changing its signature upon
replication, a polymorphic virus may elude antivirus software, making it
very hard to eradicate.

A port is an end point of communication in an operating system, identified

by a 16 bit port number. It is the entry or exit point from a computer for
connecting communications or peripheral devices.

A port scan is a sequence of messages sent by an attacker attempting to

break into a computer. Port scanning provides the attacker with an idea of
where to probe for weaknesses. A port scan consists of sending a message
to each port, one at a time to determine which ports on a system are open.

Private Key
A cryptographic key that must be kept confidential and is used to enable
the operation of an asymmetric (public key) cryptographic algorithm.

A protocol is a set of rules to implement and control communications and

associations between systems. Protocols guide connections between end
points in a telecommunication connection, and specify interactions
between the communicating entities. Protocols exist at several levels in a
telecommunication connection.
A proxy server is a server that acts as an intermediary for requests from
clients seeking resources from other servers. Most proxies are web proxies,
facilitating access to content on the World Wide Web and providing
anonymity.

A Public Key is the publicly-disclosed component of a pair of

cryptographic keys used for asymmetric cryptography. A cryptographic
key that can be obtained and used by anyone to encrypt messages intended
for a particular recipient, such that the encrypted messages can be
deciphered only by using a second key that is known only to the recipient
(the private key).

Ransomware is a form of computer malware that can be easily installed

covertly on a victim’s computer. Ransomware prevents a user from being
able to operate their PC normally unless they comply with the demands of
the attacker. To regain access to your PC and files, you typically have pay
money – a ‘ransom’ – to the attacker in exchange for unlocking your
system.

Active reconnaissance is a type of computer attack in which an intruder

engages with the targeted system to gather information about
vulnerabilities. The attacker often uses port scanning, for example, to
discover any vulnerable ports.

A reverse proxy is a device or service that is placed between a client and a

server in a network. All the incoming HTTP requests are handled by the
proxy (back-end webservers), so the proxy can then send the content to the
end-user.

Reverse engineering is the process of extracting any kind of sensitive

information by disassembling and analyzing the design of a system
component.
Risk is the probability of that a vulnerability in a system or network will be
exploited for attack, both intentionally or accidentlly. The level of impact
of having risk gives the potential impact of losing valuable and sensitive
information.

Risk assessment is a systematic process to identify, analyze and evaluate

any possible threats that may leave sensitive information vulnerable to
attacks. It also employs methods to calculate the risk impact and eliminate
the impact.

Risk management is the process of managing risks to agency operations,

assets, or individuals resulting from the operation of an information system.
It includes risk assessment; cost-benefit analysis; the selection,
implementation, and assessment of security controls; and the formal
authorization to operate the system.

A rootkit is a malicious malware programme that allows the attacker to

gain administrator access to a network. Once installed, the attacker gains
privileged access. What makes a rootkit particularly lethal is the ability to
erase tracks and mask the intrusion from the vulnerable system, allowing
the attacker to navigate the entire network without being noticed.

A router is a hardware device that transfers data packets to the appropriate

networks. Many Internet Service Providers (ISPs) provide routers to their
customers, with inbuild firewall protections.

Script Kiddie
An individual uses existing codes to hack into a system, lacking the
expertise to write their own. While they may not possess a lot of computing
talent, they're easily as dangerous as hackers.
A Secure Shell (SSH) is also known as Secure Socket Shell. SSH is a
UNIX-based command interface and protocol used to log into another
computer over a network, to execute commands in a remote machine, and
to move files from one machine to another.

A Secure Sockets Layer (SSL) is the standard security technology for

establishing an encrypted link between a web server and a browser. SSL
was developed by Netscape for transmitting private documents via the
internet.

Security Policy is a set of rules and practices that specify how a system or
organization delivers security services to protect sensitive and critical
information. It defines the objectives and constraints for the security
program.

A server is a computer entity or a machine that waits for requests from

other machines or software (clients) and responds to them. The purpose of
a server is to share data or hardware and software resources, hence
allowing for the provision of services and data within a network.

Session hijacking is also known as cookie hijacking. It is an exploitation of

a valid computer session, sometimes also called a session key, to gain
unauthorised access to sensitive information or services in a computer
system or network.
Security information and event management (SIEM) is an approach to
security management that seeks to provide a holistic view of an
organization’s information technology (IT) security. The acronym is
pronounced “sim” with a silent e.

Simple Network Management Protocol (SNMP) is an Internet-standard

protocol for managing devices on IP networks. Devices that typically
support SNMP include routers, switches, servers, workstations, printers,
modem racks and more. SNMP is widely used in network management
systems to monitor network-attached devices for conditions that warrant
administrative attention.
Skimming is a high-tech method by which thieves capture your personal or
account information from your credit card, driver's license or even passport
using an electronic device called a skimmer. Such devices can be
purchased online for under $5.

Sniffing is also known as passive wiretapping. Packet sniffing allows

individuals to capture data as it is transmitted over a network. Packet
sniffer programs are used by network professionals to diagnose network
issues and by malicious users to capture unencrypted data like passwords
and usernames in network traffic. Once this information is captured, the
user can then gain access to the system or network.

Social engineering is the physcological method to deceive someone for the

purpose of acquiring sensitive and personal information (e.g. credit card
details, passwords) for unauthorized use. To prevent yourself from
becoming a victim of social engineering, do not give your personal and
sensitive information to anyone you are not absolutely sure about.

Security operations center. A security operations center (SOC) is a

centralized unit that deals with security issues on an organizational and
technical level. A SOC within a building or facility is a central location
from where staff supervises the site, using data processing technology.

Spam is simply unsolicited email, also known as junk email. Spammers

gather lists of email addresses, which they use to bombard users with this
unsolicited mail. Spam emails are used to achieve objectives such as
advertising and phishing.

A subnet mask is used to determine the number of bits that are used for the
subnet and host portions of the address. It is used as a screen of numbers
used for routing traffic within a subnet. Once a packet has arrived at a
gateway or connection point with its unique network number, it can be
routed to its destination within the internal gateways using the subnet
number.
SCADA is a generic name for a computerized system that is capable of
gathering and processing data and applying operational controls over long
distances. The typical uses include power transmission and distribution
and pipeline systems.

A switch is also called switching hub, bridging hub, officially MAC bridge.
It is a computer networking device that connects devices together on a
computer network by using packet switching to receive, process and
forward data to the destination device.

TCP/IP stands for Transmission Control Protocol/Internet Protocol. It is a

basic communication language or protocol of the internet and can be used
as a communications protocol in a private network as well (either an
intranet or an extranet).

Telnet is a TCP-based, application-layer, internet standard protocol and an

essential TCP/IP protocol for accessing remote computers. Through Telnet,
an administrator or another user can access someone else's computer
remotely.

A threat is a possible danger that might exploit a vulnerability to violate

security protocols and cause possible harm. In cybersecurity, advanced
persistent threat (APT) usually refers to a group, such as a foreign
government, with both the capability and the intent to persistently target a
specific entity. It can also refer to a circumstance or event that has or
indicates the potential to exploit vulnerabilities and to adversely impact
organisational operations, assets (including information and information
systems), individuals, other organisations, or society.

Topology is the geometric arrangement of a computer system. Two

networks have the same topology if the connection configuration is the
same, although the networks may have variations in physical
interconnections, distances between nodes, transmission rates, and signal
types.
Transmission Control Protocol (TCP) is a set of rules or protocol that is
used along with the Internet Protocol to send data in the form of message
units between computers over the Internet. Whereas the IP protocol deals
only with packets, TCP enables two hosts to establish a connection and
exchange streams of data. TCP takes care of keeping track of the individual
units of data called packets. TCP guarantees delivery of data and also
guarantees that packets will be delivered in the same order in which they
were sent. It originated in the initial network implementation in which it
complemented the Internet Protocol (IP). Therefore, the entire suite is
commonly referred to as TCP/IP.

A Trojan, or Trojan Horse, is a malicious program disguised to look like a

valid program, making it difficult to distinguish from programs that are
supposed to be there. Once introduced, a Trojan is designed to execute
malicious tasks such as destroy files, alter information, steal passwords or
other information. Alternatively, it may stay dormant, waiting for a hacker
to access it remotely and take control of the system. However, unlike
viruses, a Trojan doesn’t have the ability to replicate.

A tunnel is a communication channel that is created in a computer network

by encapsulating a protocol's data packets within a different type of
protocol. The purpose is to move data between computers that use a
protocol not supported by the network connecting them. For example, a
tunnel may encapsulate a transport protocol (such as TCP), in a network
layer protocol (such as IP).

Vishing is the act of collecting private information from customers by

fooling them into divulging confidential personal and financial
information. People are lured into sharing user names, passwords, account
information or credit card numbers, usually by an official-looking message
that urges them to act immediately.

A vulnerability is a flaw that allows someone to operate a computer system

with authorization levels in excess of that which the system owner
specifically granted.
A vulnerability assessment is the process of identifying, quantifying, and
prioritizing (or ranking) the vulnerabilities in the information technology
system.

White hats are ethical hackers who use. They use their knowledge and skill
to thwart the black hats and secure the integrity of computer systems or
networks. If a black hat decides to target you, it’s a great thing to have a
white hat around. But if you don’t, you can always call on one of ours at
Global Digital Forensics.

A zombie is a malware program that can be used by a black hat cracker to

remotely take control of a system, which is then used as a zombie drone for
further attacks (e.g. spam emails, Denial of Service attacks), without a
user’s knowledge. Zombie drones are used to cover the black hat’s tracks
and increase the magnitude of activities by using other’s resources. As
zombies are benign and non destructive, the users infected are usually
unaware that it is there.