CYBER SECURITY TERMS & GLOSSARY
This glossary contains information security terms that appear frequently in the cyber security industry and their associated impacts.
Information Security Terms & Impact
|No application segmentation will result in the spread of an attack from one tier to other tiers as privileges are not monitored or separated.
Without application whitelisting, the organisation is prone to unauthorised applications being executed on devices, leading to malware.
Lack of asset management could result in a lack of asset information, asset failure and ghost assets. Multiple threats including but not limited to asset theft, asset tampering, introducing unauthorised assets etc. must be considered and appropriate controls must be implemented.
Audit Log Baselining
|Without appropriate audit logging, an attacker's activities can go unnoticed, and evidence of whether or not the attack led to a breach can be inconclusive.
Organisations are expected to ensure that assets are generating quality logs (ensuring event details, target details, timestamps, the outcome of the event etc.) are generated to enable effective monitoring.
Cloud Access Security Broker (CASB)
|A cloud access security broker (CASB) provides a critical security tool that helps enterprises set policy, monitor behaviour and manage multiple cyber risks across the entire set of enterprise cloud services and providers.
Without a securely configured and deployed CASB organisations could be exposed to multiple threats including shadow IT, data leak from cloud environments including unauthorised data sharing (on SharePoint etc.). CASBs are designed and implemented based on the organisation's cloud adoption techniques, implementation architecture and threats applicable.
If a company is legally or contractually required to be compliant with any data security guidelines or cybersecurity frameworks (e.g. Australian Privacy Principles, Mandatory Data Breach notifications, ISO 27001 framework, PCI DSS etc.) and fails to do so, they will face penalties and may lose customers.
Moreover, not having these compliances in place means that the company is not following cyber security best practices and may result in customers auditing the practices and operations on a periodic basis.
|Manufacture default settings are rarely the most secure. Lack of configuration management can cause serious problems with reliability, uptime, and the ability to scale a system. Additionally, this will result in having open unaddressed security vulnerabilities that can be exploited by an external or internal threat actor, which could result in a data breach of availability of key systems and services.
Dark Web Monitoring
|Because the dark web is hidden from the regular internet user and its shabby history, it's essential to know if your information is out there. Criminals can use your information to commit any of the vast arrays of identity theft crimes (using stolen identities to commit fraud, primarily for financial gain). Without an ongoing dark web, monitoring process organisations will have no visibility of employee credentials lost and available on the dark web for grab.
Database Audit Monitoring (DAM)
|Database monitoring is crucial for the maintenance, performance and health of the database. Lack of it could result in performance and availability issues. Additionally DAM will also assist organisations with monitoring high-value database accesses and report in case of any unauthorised access identified.
Without appropriate database encryption, an internal or external threat actor, gaining access to a database, would be able to access the data retained which could result in a data breach. If high-value data retained on databases are not encrypted using strong encryption techniques, the data retained, if accessed or copied, can be readable.
|Distributed denial of service attacks can cause server outages and monetary loss and place excessive stress on IT professionals trying to bring resources back online.
|Without device authentication, unauthorised actors could connect to the gateway or central server. Additionally, unused USB ports can be used to run exploits by attackers. Organisations are expected to assess the risks applicable based on their technology implementation and implement appropriate controls as applicable.
Disaster Recovery Planning/BCP
Business continuity and disaster recovery plan help organizations prepare for potentially disruptive events. It enhances an organization's ability to continue business operations with little or no disruption and minimizes the risk in the event of a natural or man-made disaster. Additionally, organisations must be incorporate possible cybersecurity incidents as part of the BCP (e,g, ransomware attack) to ensure they are ready in case of such incidents.
|Edge antimalware protection will ensure that malware analysis is performed as part of content monitoring at the perimeter of the environment for all ingress or egress data.
|An Edge DLP solution will assist organisations with implementing DLP at the perimeter of the environment and ensure that any data flowing out is monitored for data loss.
eDiscovery and Forensics
|Digital forensics can help identify what was stolen, and help trace whether the information was copied or distributed. Some hackers may intentionally destroy data in order to harm their targets. In other cases, valuable data may be accidentally damaged due to interference from hackers or the software that hackers use
A high number of cyberattacks begin with phishing emails. Lack of appropriate email security controls could result in credential theft, fraudulent payment, trojan installation and ransomware delivery. Multiple threats like impersonation attacks, malware delivery, phishing and fraud must be considered and protection controls must be implemented.
Endpoint Detection & Response
|The primary functions of an EDR security system are to Monitor and collect activity data from endpoints that could indicate a threat. Without EDR tools, the organisation is prone to malware (such as polymorphic malware), APTs, phishing,
Endpoint EDR Solutions
|Lack of EDR tools leaves the organisation open to suspicious behaviour, with no process in place to alert in case of a compromise, no process to identify the attacker and respond appropriately to prevent further damage
Endpoint IOC Scans
|Lack of IOC could result in intrusion attempts or other malicious activities going unnoticed. Additionally in case of a data breach/attack IOC scans will enable organisations to identify and report the breach based on the signature left by the attackers (as part of the tools used, techniques utilised or malware used etc. )
|Endpoint protection is important to secure every device connected to the central network to avoid data breaches. Every remote endpoint can be an entry point for an attack including malware infections, hence, the lack of EPP will result in malicious activity going unnoticed and devices being exploited by hackers
|DLP helps to prevent the accidental exposure of confidential information across all devices. The lack of it could lead to loss of sensitive information over network communications such as web applications, emails, and different data transfer mechanisms of the company, specifically in the case of remote working and BYOD.
File Integrity Monitoring
|Lack of FIM increases the risk of data being stolen or compromised, which would cost you time and money in lost productivity, lost revenue, reputation damage, and legal and compliance penalties.
|Top management reporting allows management to predict and prepare for future incidents, without this the organisation is at risk of data breach and/or breach of regulatory or legislative compliance requirements; and unproductive use of people and IT assets.
|A honeypot provides increased visibility and allows IT, security teams, to defend against attacks that the firewall fails to prevent. There are considerable benefits of honeypots, and many organizations have implemented them as additional protection against internal and external attacks
Identity & Access Management
Identify and Access Management is a core part of any ICT deployment. If the IAM is not securely deployed, it could impact the key principles of security (accountability, authenticity, confidentiality etc.). Organisations must ensure that privileged and non-privileged access to assets and services are segregated and established with appropriate security controls enforced.
Additionally, solutions like IDAM and PAM could assist organisations with enforcing the protection controls and reduce/minimise any such security violations.
Incident Response & Recovery
|The importance of incident response is such that it can have a massive impact on the life of a business. A security incident and cyber-attack can cost an organisation time, money, its reputation and, ultimately, its customers. Having an effective incident response function will minimise these negative impact
|Lack of intrusion prevention/intrusion detection could result in a variety of attacks and possible data leaks not identified automatically and reported by the firewall making its way through.
|Without IDS/IPDS/NIDS/HIDS abnormal activities in the system will go unnoticed resulting in breaches.
Data is encrypted and decrypted via the use of encryption keys, which means the loss or compromise of the encryption key would invalidate the data security measures put into place.
Mobile Device Management
|An MDM should be deployed on every single device. Lack of this could result in data breaches and data theft as there would be no process in place to remotely lock or wipe devices to keep data secure.
Network Access Control (NAC)
|NAC provides visibility into the devices and users trying to access the network. Lack of network access control could result in unauthorised activity and insecure nodes from the network infecting the network as there would be no process to place them in quarantined areas. Additionally, NAC can address the risk like unauthorised asset installation, attackers piggy-backing on unused network ports or printer ports etc.
Lack of proper or weak network protection could lead to harmful spyware accessing workstations, leading to data theft and sabotage. Additionally, ineffective network protection controls will result in unauthorised data leaks from the internal network as part of a data breach.
Lack of periodic penetration testing of the key assets and services would result in organisations not being aware of exposed vulnerabilities that could be targetted by malicious actors. it is very important that organisations do threat modelling to arrive at the correct approach, test vectors and the scope of testing to fit their specific threat landscape based on the technology utilised and implementation architecture.
Public Key Infrastructure
|No PKI will result in a lack of data protection and accountability as the identity of people and devices is not established.
Remote Access Protection
|Lack of strong security controls to secure an organisation's remote access technologies could lead to attackers utilising the channel to gain access to organisations' assets and data. This could result in significant data breaches and in many cases attackers being persistent in the network without getting noticed.
Not having a current risk register will result in significant cyber security risks not being suitably identified, assessed and managed & monitored.
Secure Code Analysis/Review
|Lack of secure coding practices could lead to bad coding practices and vulnerabilities being introduced to the deployed code. Automating this process and incorporating it as part of SDLC will allow organisations to effectively identify, prioritise and remediate any code level vulnerabilities at the development stage prior to production rollout.
SIEM and Analytics
|Without SIEM and analytics, the organisation is not equipped to detect and respond to incidents in a timely manner. Deficiencies in security logging and analysis allow attackers to hide their location, malicious software, and activities on victim machines. Additionally triaging a security incident involved reviewing and root cause by the way of analysing logs from multiple log sources and reviewing them centrally through a single pane of glass.
Additionally, the audit logs that are not retained on the asset itself is more likely to get not tampered with as part of the attack (that can be used for cyber forensics).
Attackers often lurk for weeks, or even months, before discovery. Hence, not having threat hunting in place could result in sophisticated threats getting past automated cybersecurity, resulting in breaches, ransomware or persistent attacks in the environment.
Threat Intelligence Feeds
Without threat intelligence, the organisation will not be taking a proactive approach towards the threat. Threat intelligence provides organized and analyzed information about past, present, and potential attacks that could be a security threat to an enterprise
User Behaviour Analytics
Without user behaviour analytics, the organisation will not have visibility over user behaviours and will not be able to leverage data.
Not conducting periodic vulnerability scans will leave your system exposed to vulnerabilities that could be exploited by any external or internal threat actor (opportunistic or targeted attack)
Web Application Firewall
The absence of WAF means that there are no policies in place to monitor malicious traffic on the internet exposed web applications. ie. malicious HTTP/S traffic travelling to the web application is not monitored or blocked, resulting in hacks, brute force attacks, DDoS attacks, cross-site scripting, SQL injection, and zero-day exploits (due to an application-level vulnerability existing)
Web Filtering Controls
|Web filtering controls enables organisations with the ability to control the locations where employees are accessing the internet. The lack of it could result in malware, phishing and malicious sites delivering malicious content directly to employees and key staff (especially when accessed from home/remote locations).
|Without wireless IDS, DOS and a variety of wireless network attacks will go unnoticed. A wireless intrusion detection system (WIDS) monitors & reports the radio spectrum for the presence of unauthorized, rogue access points and the use of wireless attack tools.
Need more help?
Arm yourself with up-to-date information and insights into building a successful cybersecurity strategy, with blogs and webinars from the StickmanCyber team, and industry experts.
Cybersecurity Leadership - Expert CxO Panel
There is a misconception about leadership, especially Cybersecurity Leadership and what it actually means for businesses and industry. This panel discussion will unravel the misconception and create a space for deep thought and questions to understand Leadership in Cybersecurity from a CxO perspective.
Facts Pertaining to PCI DSS Compliance for Retailers in Australia
Tips for Identifying the Best Managed Security Services in Australia
Ready to Improve and Enhance Your Cybersecurity Posture?
Know your exact challenge and want a solution partner? Just starting out on the cybersecurity journey? The StickmanCyber team can help.