Glossary Flashcards
Advanced Persistent Threat (APT)
An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception) (NIST, 2013).
Adversary Model (resources, capabilities, intent, motivation, risk aversion, access)
The model that describes the type of adversary, the objective, the motivation, and the payload ramifications. The model described is extensible and the tactics are clear and concise (Invincea, 2015).
Asset
Any software, hardware, data, administrative, physical, communications, or personnel resource within an IS (CNSS, 2003)
Attack Timing
The measured and planned time that the cyber incident will be carried out. This could lead to a sequences of events that over a period of time are meant to weaken the defenses of the system by using planned timing sequences to carry out the attacks (Brocklehurst, 2014).
Attack Trees
These provide a formal, methodical way of describing the security of systems, based on varying attacks. The structure is used represent attacks against a system, with the goal as the root node and different ways of achieving that goal as leaf (Saini, V., Duan & Paruchuri, 2008).
Attack Vectors
The approach used to assault a computer system or network. A fancy way of saying “method or type of attack,” the term may refer to a variety of vulnerabilities. For example, an operating system or Web browser may have a flaw that is exploited by a website. Human shortcomings are also used to engineer these. For example, a novice user may open an email attachment that contains a virus, and most everyone can be persuaded at least once in their life to reveal a password for some seemingly relevant reason (PC Magazine, 2018).
Backdoor
A secret way to take control of a computer. Also called “trap doors,” these are built into software by the original programmer, who can gain access to the computer by entering a code locally or remotely. For example, in an application, this would enable a person to activate either normal or hidden functions within the software. In an operating system, it would provide access to all system functions in the computer (PC Magazine, 2018).
Bots
- ) A search engine program that indexes the Web;
- ) A program on the Internet that performs a repetitive function such as posting a message on blogs, newsgroups and social networks, or searching for information. These reside in the background waiting to respond to certain conditions. The term is used for myriad “intelligent agents” that continuously or periodically perform some function. It is estimated that as much as 60% of Web traffic comes from these, not humans. (PC Magazine, 2018)
Brute Force - Password Guessing
The systematic, exhaustive testing of all possible methods that can be used to break a security system. For example, in cryptanalysis, trying all possible keys in the keyspace to decrypt a ciphertext (PC Magazine, 2018).
Calculate the asset value (AV)
An asset is anything of value to an organization. Assets can be tangible (buildings) or intangible (reputation). A first step in risk assessment is to determine all the organization’s assets and their value—that is, the importance of each asset to the organization’s ability to meet its mission. Asset value should consider the replacement value of equipment or systems. It should also include factors such as lost productivity and loss of reputation or customer confidence.
Calculate the exposure factor (EF)
This represents the percentage of the asset value that will be lost if an incident were to occur. For example, not every car accident is a total loss. Insurance companies have actuaries who calculate the likely percentage loss for every claim. They know the cost of repairs for every make and model and can predict this value per claim. Their prediction won’t be right for any single claim (except by chance), but it will be right when grouped by the hundreds or thousands.
Calculate the single loss expectancy (SLE)
You can calculate the value of a single loss using asset value and exposure factor. If an actuary calculates that the EF of a late-model SUV is 20 percent, then every time he receives a claim, all he needs to do is look up the asset value, multiply by the EF, and he’ll have a very good prediction of the payout. This allows the actuary to calculate insurance premiums accurately and reduce the risk of the insurance company losing money. (Equation: SLE = AV * EF)
Determine how often a loss is likely to occur every year (ARO)
This is the annualized rate of occurrence, also called the risk likelihood. Some are greater than one. For example, a snowstorm in Buffalo or Berlin will happen many times per year. Others are likely to happen far less often. For example, a warehouse fire might happen once every 20 years. It is often difficult to estimate how often an incident will happen. Sometimes internal or external factors can affect that assessment. Historical data do not always predict the future. An incident such as one stemming from an internal threat is far more likely during times of employee unrest or contract negotiations than at other times.
Determine annualized loss expectancy (ALE)
This value is the SLE (the loss when an incident happens) multiplied by the ARO. It helps an organization identify the overall impact of a risk. For infrequent events, this value will be much less than the SLE. For example, if you expect an event to occur only once every 10 years, the value will be 0.10, or 10 percent. If the SLE is $1,000, this is only $100 ($1,000 × 0.10). On the other hand, if the ARO is 20, indicating that it is likely to occur 20 times every year, the value is $20,000 ($1,000 × 20). (Equation: ALE = SLE * ARO) (Kim & Solomon, 2013)
Capability
In information security, an indicator (token, semaphore, etc.) that authorizes an access mode to an object such as a file or a device for a specific user or process (PC Magazine, 2018)
CIA Triad
A widely used formulation of the INFOSEC mission of the U.S. military. Also known as the “Classic Triad,” the three concepts fail to include important problems intuitively seen as breaches of security, forgeries or counterfeits; mislabeling of data; and problems of data usability (PC Magazine, 2018).
Covert Channels
An unintended or unauthorized intra-system channel that enables two cooperating entities to transfer information in a way that violates the system’s security policy but does not exceed the entities’ access authorizations (CNSS, 2003)
Cross-Site Scripting (XSS)
Causing a user’s Web browser to execute a malicious script. There are several ways this is done. One approach is to hide code in a “click here” hyperlink attached to a URL that points to a non-existent Web page. When the page is not found, the script is returned with the bogus URL, and the user’s browser executes it (PC Magazine, 2018).
Cyber Threats Motivations and Techniques (EXAMPLES: fraud, sabotage, vandalism, theft)
- ) Fraud — a deliberate action taken to benefit oneself or a collaborator at the expense of the organization;
- ) Sabotage — a deliberate action taken to cause a failure in an organizational asset or process, generally carried out against targeted key assets by someone possessing or with access to inside knowledge;
- ) Vandalism — the deliberate damaging of organizational assets, often at random;
- ) Theft — Taking something that doesn’t belong to you that you have not paid for (Cebula, Popeck, & Young, 2014)
5.)Denial-of-Service Attacks — An assault on a network that floods it with so many requests that regular traffic is either slowed or completely interrupted. Unlike a virus or worm, which can cause severe damage to databases, this interrupts network service for some period (PC Magazine, 2018).
Data-at-rest
Inactive data stored in any form (for example, on hard drives or in offsite cloud backup). Data at rest is in a stable state, not currently being transmitted across a network or actively being read or being used by any application (Saltzer & Schroeder, 1975).
Data-in-motion
Data that is currently traveling across a network or has been accessed by computer’s RAM ready to be read, updated, or processed (Saltzer & Schroeder, 1975).
Data-in-use
Data that is actively being generated, updated, viewed or erased. It also includes data being viewed by users accessing it through various endpoints. (Saltzer & Schroeder, 1975).
Denial-of-Service Attacks
An assault on a network that floods it with so many requests that regular traffic is either slowed or completely interrupted. Unlike a virus or worm, which can cause severe damage to databases, this interrupts network service for some period (PC Magazine, 2018).
Separation (of Domains)
The division of power within a system. No one part of a system should have complete control over another part. There should always be a system of checks and balances that leverage the ability for parts of the system to work together (Tjaden, 2015)
Isolation
Individual processes or tasks running in their own space. This ensures that the processes will have enough resources to run and will not interfere with other processes running (Tjaden, 2015).
