Cybersecurity glossary

1 min read

A collection of cyber security terms and their meanings, with particular reference to the maritime industry

A
Advanced Persistent Threat (APT)APT is a user or a program conducting a cyber attack that uses sophisticated techniques to conduct cyber espionage or other malicious activity on an ongoing basis. Typically conducted by an adversary with sophisticated levels of expertise and significant resources – frequently associated with nation-state players. These attacks tend to come from multiple entry points and may use several attack vectors (e.g. cyber, physical, deception). Once a system has been breached, it can be very difficult to end the attack.
Advanced Threat Protection (ATP)Highly sophisticated AI based systems that defend against malware and hacking based attacks. Uses deep content inspection to protect against malware which is not detected by standard antivirius solutions.
AIS RF SpoofingAttacker changes the apparent location of a ship or a navigational aid to interfere with the safe operation of shipping.*
AlertA notification that a cyber security threat to your information system has been detected or is underway.
AntivirusAntivirus software is used to monitor a computer or network, to detect cyber security threats ranging from malicious code to malware. As well as alerting you to the presence of a threat, antivirus programs may also remove or neutralise malicious code.
Attack signatureA characteristic or distinctive pattern that can help link one attack to another, identifying possible actors and solutions.
AttackerThe agent behind the threat: a malicious actor who seeks to change, destroy, steal or disable the information held on computer systems and then exploit the outcome.
AuthenticationThe process of verifying the identity or other attributes of a user, process or device.
B
Behaviour monitoringObserving the activities of users, information systems, and processes. Can be used to measure these activities against organisational policies and rule, baselines of normal activity, thresholds, and trends.
BlacklistA list of entities (users, devices) that are either blocked, denied privileges or access.
Blue teamThe defence group in a mock cyber security attack. The Blue Team defends the enterprise’s information systems while the Red Team attacks. These mock attacks typically take place as part of an operational exercise established and monitored by a neutral group, the White Team.
BotA computer connected to the internet that has been compromised with malicious logic to undertake activities under the command and control of a remote administrator.
BotnetA network of infected devices, connected to the internet, used to commit coordinated cyber attacks without their owner's knowledge.
BreachThe unauthorised access of data, computer systems or networks.
Bring your own device (BYOD)A strategy or policy whereby an organisation permits employees to use their personal devices for work purposes.
Brute force attackAn attack in which computational power is used to automatically enter a vast quantity of number combinations in order to discover passwords and gain access.
BugA relatively minor defect or flaw in an information system or device.
C
CertificateA digital certificate is a form of digital identity verification that allows a computer, user or organisation to securely exchange information.
Certified Information Systems Auditor (CISA)A certification for professionals who monitor, audit, control and assess information systems.
Certified Information Systems Security Manager (CISM)An advanced certification from ISACA for professionals with the knowledge and experience to develop and manage an enterprise information security program.
Certified Information Systems Security Professional (CISSP)A management certification for CISOs and other information security leaders.
CipherAn algorithm for encrypting and decrypting data. Sometimes used interchangeably with the word ‘code’.
Computer Incident Response Team (CIRT)A team of investigators focused on network security breaches. Their role is to analyse how the incident took place and what information has been affected/lost. They then use this insight to provide a response.
Computer Network Defence (CND)Typically applied to military and government security, CND refers to the measures taken to protect information systems and networks against cyber attacks and intrusions.
Control Objectives for Information and Related Technologies (COBIT)A business framework developed and continually updated by ISACA comprising practices, tools and models for management and governance of information technology, including risk management and compliance.
CredentialsThe information used to authenticate a user’s identity – for example, password, token, certificate.
Crew SystemsSystems which serve the personal requirements of crew or passengers. As opposed to IT or OT Systems.
Cross Site Scripting (XSS)Cross-site scripting (XSS) is a software vulnerability usually found in web applications that allows online criminals to inject client-side script into pages that other users view. The cross-site scripting vulnerability can be employed at the same time by attackers to over-write access controls. This issue can become a significant security risk unless the network administrator or the website owner doesn't take the necessary security means.
CryptographyThe study of encoding. Also, the use of code/cipher/mathematical techniques to secure data and provide authentication of entities and data.
Cyber AttackDeliberate and malicious attempts to damage, disrupt or gain access to computer systems, networks or devices, via cyber means.
Cyber EssentialsA UK Government-backed self-assessment certification that helps you protect against cyber attacks while also demonstrating to others that your organisation is taking measures against cyber crime.
Cyber Incident
Cyber SecurityCyber security is a collective term used to describe the protection of electronic and computer networks, programs and data against malicious attacks and unauthorised access.
D
Data At RestData that is in persistent storage – i.e. data that remains on a device whether or not it is connected to a power source – such as hard disks, removable media or backups.
Data BreachThe unauthorised movement or disclosure of information, usually to a party outside the organisation.
Data IntegrityThe quality of data that is complete, intact, and trusted and has not been modified or destroyed in an unauthorized or accidental manner.
Data Loss  No longer having data, whether because it has been stolen, deleted, or its location forgotten.
Data Loss Prevention (DLP)A security strategy and related programs to prevent sensitive data from passing a secure boundary.
Data SecurityThe measures taken to protect confidential data and prevent it from being accidentally or deliberately disclosed, compromised, corrupted or destroyed.
DecryptionThe process of deciphering coded text into its original plain form.
Denial of Service (DoS)This is a type of cyber attack that prevents the authorised use of information system services or resources, or impairs access, usually by overloading the service with requests.
Dictionary AttackKnown dictionary words, phrases or common passwords are used by the attacker to gain access to your information system. This is a type of brute force attack.
Distributed Denial of Service (DDoS)A denial of service technique where multiple systems are used to perform the attack, overwhelming the service.
Download AttackMalicious software or a virus that is installed on a device without the user’s knowledge or consent – sometimes known as a drive-by download.
E
Electronic Warfare (EW)The use of energy, such as radio waves or lasers, to disrupt or disable the enemy’s electronics. An example would be frequency jamming to disable communication equipment.
EncodeThe use of a code to convert plain text to cipher text.
EncryptionThe use of a cipher to protect information, making it unreadable to anyone who doesn’t have the key to decode it.
EndpointA collective term for internet-capable computer devices connected to a network – for example, modern smartphones, laptops and tablets are all endpoints.
Ethical HackingThe use of hacking techniques for legitimate purposes – i.e. to identify and test cyber security vulnerabilities. The actors in this instance are sometimes referred to as ‘white hat hackers’.
ExfiltrationThe transfer of information from a system without consent.
ExploitThe act of taking advantage of a vulnerability in an information system. Also used to describe a technique that is used to breach network security.
Exploit KitComputer programs designed to discover vulnerabilities in software apps and use them to gain access to a system or network. Once they have infiltrated a system they will feed it with harmful code.
F
FirewallA virtual boundary surrounding a network or device that is used to protect it from unwanted access. Can be hardware or software.
G
GCHQGovernment Communications Headquarters. This organisation uses foreign intelligence to help combat terrorism, cyber crime and child pornography.
GDPRGeneral Data Protection Regulations. European legislation designed to prevent the misuse of data by giving individuals greater control over how their personal information is used online.
Governance, Risk Management and Compliance (GRC)Three aspects of organisational management that aim to ensure the organisation and its people behave ethically, run the organisation effectively, take appropriate measures to mitigate risks and maintain compliance with internal policies and external regulations.
GPS Spoofing / GPS JammingSpoofing attacks result in an erroneous reading that can mislead a vessels navigation. Jamming distorts the reception of the GPS signal making it unusable. These attacks can also effect other positioning systems such as Glonass, Galileo or Beidou.
H
HackerSomeone who breaks into computers, systems and networks.
HashingUsing a mathematical algorithm to disguise a piece of data.
Honeypot (honeynet)A decoy system or network that serves to attract potential attackers, protecting actual systems by detecting attacks or deflecting them. A good tool for learning about attack styles. Multiple honeypots form a honeynet.
IMO Resolution MSC.428(98)Maritime Cyber Risk Management in Safety Management Systems. The resolution encourages Administrations to ensure that cyber risks are appropriately addressed in existing safety management systems required by the International Safety Management (ISM) Code no later than the first annual verification of the Company's Document of Compliance after 1 January 2021.
I
Incident
Incident Response PlanA predetermined plan of action to be undertaken in the event of a cyber incident.
IndicatorA signal that a cyber incident may have occurred or is in progress.
Industrial Control System (ICS)An information system used to control industrial processes or infrastructure assets. Commonly found in manufacturing industries, product handling, production and distribution.
Information Security PolicyThe directives, regulations, rules, and practices that form an organisation’s strategy for managing, protecting and distributing information.
International Organization for Standardization (ISO)An independent body that develops voluntary industry standards, including two major information security management standards: ISO 27001 and ISO 27002.
Internet of Things (IoT)The ability of everyday objects, such as kettles, fridges and televisions, to connect to the internet.
Intrusion Detection System/Intrusion Detection and Prevention (IDS/IDP)Hardware or software that finds and helps prevent malicious activity on corporate networks.
IP ProxySecures a network by keeping machines behind it anonymous; it does this through the use of NAT.
IP SpoofingA tactic used by attackers to supply a false IP address in an attempt to trick the user or a cyber security solution into believing it is a legitimate actor.
ISO 27001The gold standard in information security management systems (ISMS), demonstrating the highest level of accreditation.
IT SystemsInformation technology - systems involved in the vessels administration. As opposed to OT Systems and Crew Systems.
J
JailbreakThe removal of a device’s security restrictions, with the intention of installing unofficial apps and making modifications to the system. Typically applied to a mobile phone.
K
KeyThe numerical value used to encrypt and decrypt cipher text.
KeyloggerA type of software or hardware that tracks keystrokes and keyboard events to monitor user activity.
L
Locally Shared Objects (LSOs)Also known as Flash Cookies, these are files stored on users’ computers that allow websites to collect information about visitors. Also referred to as “local shared objects.”
Logic bombA piece of code that carries a set of secret instructions. It is inserted in a system and triggered by a particular action. The code typically performs a malicious action, such as deleting files.
M
Macro VirusA type of malicious code that uses the macro programming capabilities of a document’s application to carry out misdeeds, replicate itself and spread throughout a system.
Malicious CodeProgram code designed for evil. Intended to hurt the confidentiality, integrity or availability of an information system.
MalvertisingThe use of online advertising to deliver malware.
MalwareShort for malicious software. Any viruses, Trojans, worms, code or content that could adversely impact organisations or individuals.
Man-in-the-Middle Attack (MitM)Cyber criminals interpose themselves between the victim and the website the victim is trying to reach, either to harvest the information being transmitted or alter it. Sometimes abbreviated as MITM, MIM, MiM or MITMA.
Masquerade AttacksA masquerade attack is any attack that uses a forged identity (such as a network identity) to gain unofficial access to a personal or organisational computer. Masquerade attacks are generally performed by using either stolen passwords and logons, locating gaps in programs, or finding a way around the authentication process.
MitigationThe steps taken to minimise and address cyber security risks.
Mobile Device Management (MDM)Mobile device management (MDM) is a type of security software, specifically for monitoring, managing and securing mobile, tablet and other devices, allowing remote administration and management of the device.
MSC-FAL.1/Circ.3IMO issued these guidelines on maritime cyber risk management.
N
National Cyber Security Centre (NCSC)Part of GCHQ. A UK government organisation set up to help protect critical services from cyber attacks.
National Institute of Standards and Technology (NIST)A U.S. federal agency. Responsible for the ‘Framework for Improving Critical Infrastructure Cybersecurity’ – voluntary guidelines used by organisations to manage their security risks.
NIST Cyber Security StandardA framework used in the U.S. to help businesses prepare their defence against cyber crime. Maritime Application: The NISC Framework forImproving Critical Infrastructure Cybersecurity (the NIST Framework) is referenced in the MSC-FAL.1/Circ.3
O
OT SystemsOperational Technology - systems involved directly in the Navigation, Propulsion, Cargo handling and Life Support of the vessel. As opposed to IT systems and Crew Systems.
P
Packet SnifferSoftware designed to monitor and record network traffic. It can be used for good or evil – either to run diagnostics and troubleshoot problems, or to snoop in on private data exchanges, such as browsing history, downloads, etc.
Passive AttackAttackers try to gain access to confidential information in order to extract it. Because they’re not trying to change the data, this type of attack is more difficult to detect – hence the name ‘passive’.
Password SniffingA technique used to harvest passwords by monitoring or snooping on network traffic to retrieve password data.
Patch ManagementPatches (updates) are provided by developers to fix flaws in software. Patch management is the activity of getting, testing and installing software patches for a network and the systems within it.
PatchingApplying updates (patches) to firmware or software, whether to improve security or enhance performance.
PayloadThe element of the malware that performs the malicious action – the cyber security equivalent of the explosive charge of a missile. Usually spoken of in terms of the damaging wreaked.
Payment Card Industry Data Security Standard (PCI-DSS)The security practices of the global payment card industry. Retailers and service providers that accept card payments (both debit and credit) must comply with PCI-DSS.
Pen Test/pentestA slang term for penetration test or penetration testing.
Penetration TestingA test designed to explore and expose security weaknesses in an information system so that they can be fixed.
Personally Identifiable Information (PII)The data that enables an individual to be identified.
PharmingAn attack on network infrastructure where a user is redirected to an illegitimate website, despite having entered the right address.
PhishingMass emails asking for sensitive information or pushing them to visit a fake website. These emails are generally untargeted.
Proxy ServerA go-between a computer and the internet, used to enhance cyber security by preventing attackers from accessing a computer or private network directly.
R
RansomwareRansomware is a type of malware (malicious software) which encrypts all the data on a PC or mobile device, blocking the data owner’s access to it. After the infection happens, the victim receives a message that tells him/her that a certain amount of money must be paid (usually in Bitcoins) in order to get the decryption key. Usually, there is also a time-limit for the ransom to be paid. There is no guarantee that the decryption key will be handed over if the victim pays the ransom. The most reliable solution is to back up your data in at least three different places (for redundancy) and keep those backups up to date, so you don’t lose important progress.
Red TeamA group authorised and organised to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s cyber security posture.
RedundancyAdditional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process.
Remote Access Trojan (RAT)Remote Access Trojans (RATs) use the victim’s access permissions and infect computers to give cyber attackers unlimited access to the data on the PC. Cyber criminals can use RATs to exfiltrate confidential information. RATs include backdoors into the computer system and can enlist the PC into a botnet, while also spreading to other devices. Current RATs can bypass strong authentication and can access sensitive applications, which are later used to exfiltrate information to cyber criminal-controlled servers and websites.
RootkitA set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges, and conceal the activities conducted by the tools.
S
Secret KeyA cryptographic key that is used for both encryption and decryption, enabling the operation of a symmetric key cryptography scheme.
Security AutomationThe use of information technology in place of manual processes for cyber incident response and management.
Security Information and Event Management (SIEM)Software used to monitor, log, provide alerts and analyse security events to support threat detection and incident response.
Security MonitoringThe collection of data from a range of security systems and the correlation and analysis of this information with threat intelligence to identify signs of compromise.
Security Operations Center (SOC)A central unit within an organisation that is responsible for monitoring, assessing and defending security issues.
Security PerimeterA well-defined boundary within which security controls are enforced.
Security PolicyA rule or set of rules that govern the acceptable use of an organisation's information and services to a level of acceptable risk and the means for protecting the organisation's information assets.
Single Sign-On (SSO)A software process to enable computer users to access more than one application using a single set of credentials, such as a username and password.
SmishingPhishing via SMS: mass text messages sent to users asking for sensitive information (eg bank details) or encouraging them to visit a fake website.
Social EngineeringManipulating people into carrying out specific actions or divulging information that is of use to an attacker. Manipulation tactics include lies, psychological tricks, bribes, extortion, impersonation and other type of threats. Social engineering is often used to extract data and gain unauthorised access to information systems, either of single, private users or which belong to organisations.
Software as a Service (SaaS)Describes a business model where consumers access centrally-hosted software applications over the Internet.
SpamThe abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.
Spear PhishingSpear phishing is a cyber attack that aims to extract sensitive data from a victim using a very specific and personalised message designed to look like it's from a person the recipient knows and/or trusts. This message is usually sent to individuals or companies, and it is extremely effective because it’s very well planned. Attackers invest time and resources into gathering information about the victim (interests, activities, personal history, etc.) in order to create the spear phishing message (which is usually an email). Spear phishing uses the sense of urgency and familiarity (appears to come from someone you know) to manipulate the victim, so the target doesn’t have time to double check the information.
SpoofingFaking the sending address of a transmission to gain unauthorised entry into a secure system.
SpywareSpyware is a type of malware designed to collect and steal the victim’s sensitive information, without the victim’s knowledge. Trojans, adware and system monitors are different types of spyware. Spyware monitors and stores the victim’s Internet activity (keystrokes, browser history, etc.) and can also harvest usernames, passwords, financial information and more. It can also send this confidential data to servers operated by cyber criminals so it can be used in consequent cyber attacks.
SQL InjectionThis is a tactic that uses code injection to attack applications that are data-driven. The maliciously injected SQL code can perform several actions, including dumping all the data in a database in a location controlled by the attacker. Through this attack, malicious hackers can spoof identities, modify data or tamper with it, disclose confidential data, delete and destroy the data or make it unavailable. They can also take control of the database completely.
SSL / Secure Sockets LayerThis is an encryption method to ensure the safety of the data sent and received from a user to a specific website and back. Encrypting this data transfer ensures that no one can snoop on the transmission and gain access to confidential information, such as card details in the case of online shopping. Legitimate websites use SSL (start with https). Users should avoid inputting their data in websites that don’t use SSL.
SteganographyA way of encrypting data, hiding it within text or images, often for malicious intent.
Symmetric KeyA cryptographic key that is used to perform both the cryptographic operation and its inverse, for example to encrypt plain text and decrypt cipher text, or create a message authentication code and to verify the code.
T
Threat AnalysisThe detailed evaluation of the characteristics of individual threats.
Threat AssessmentThe product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations, and/or property.
Threat HuntingCyber threat hunting is the process of proactively searching across networks and endpoints to identify threats that evade existing security controls.
Threat ManagementThere is no silver bullet to prevent 100% of cyber threats. Successful threat management requires a multi-layered approach encompassing prevention, detection, response and recovery.
Threat MonitoringDuring this process, security audits and other information in this category are gathered, analysed and reviewed to see if certain events in the information system could endanger the system’s security. This is a continuous process.
TicketIn access control, a ticket is data that authenticates the identity of a client or a service and, together with a temporary encryption key (a session key), forms a credential.
TokenIn security, a token is a physical electronic device used to validate a user’s identity. Tokens are usually part of the two-factor or multi-factor authentication mechanisms. Tokens can also replace passwords in some cases and can be found in the form of a key fob, a USB, an ID card or a smart card.
Traffic Light ProtocolA set of designations employing four colours (RED, AMBER, GREEN, and WHITE) used to ensure that sensitive information is shared with the correct audience.
Trojan HorseA computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorisations of a system entity that invokes the program.
Two-Factor Authentication (2FA)The use of two different components to verify a user's claimed identity. Also known as multi-factor authentication.
Typhoid AdwareThis is a cyber security threat that employs a man-in-the-middle attack in order to inject advertising into certain web pages a user visits while using a public network, like a public, non-encrypted WiFi hotspot. In this case, the computer being used doesn’t need to have adware on it, so installing a traditional antivirus can’t counteract the threat. While the ads themselves can be non-malicious, they can expose users to other threats. For example, the ads could promote a fake antivirus that is actually malware or a phishing attack.
U
Unauthorised AccessAny access that violates the stated security policy.
URL InjectionA URL (or link) injection is when a cyber criminal creates new pages on a website owned by someone else that contain spam words or links. Sometimes, these pages also contain malicious code that redirects your users to other web pages or makes the website's web server contribute to a DDoS attack. URL injection usually happens because of vulnerabilities in server directories or software used to operate the website, such as an outdated WordPress or plugins.
V
Virtual Private Network (VPN)An encrypted network often created to allow secure connections for remote users, for example in an organisation with offices in multiple locations.
VirusPrograms that can self-replicate and are designed to infect legitimate software programs or systems. A form of malware.
VulnerabilityA weakness, or flaw, in software, a system or process. An attacker may seek to exploit a vulnerability to gain unauthorised access to a system.
W
WabbitsA wabbit is one of four main classes of malware, among viruses, worms and Trojan horses. It's a form of computer program that repeatedly replicates on the local system. Wabbits can be programmed to have malicious side effects. A fork bomb is an example of a wabbit: it's a form of DoS attack against a computer that uses the fork function. A fork bomb quickly creates a large number of processes, eventually crashing the system. Wabbits don't attempt to spread to other computers across networks.
Water-Holing (watering hole attack)Setting up a fake website (or compromising a real one) in order to exploit visiting users.
Watering HoleWatering hole is the name of a computer attack strategy that was detected as early as 2009 and 2010. The victim is a particular, very targeted group, such as a company, organisation, agency, industry, etc. The attacker spends time gaining strategic information about the target: for example, observing which legitimate websites are more often visited by the members of the group. Then the attacker exploits a vulnerability and infects one of those trusted websites with malware, without the knowledge of the site's owner. Eventually, someone from that organisation will fall into the trap and their computer will be infected, giving the attacker access to the target's entire network. These attacks work because of the constant vulnerabilities in website technologies, even with the most popular systems, such as WordPress, making it easier than ever to compromise websites without being noticed.
WhalingHighly targeted phishing attacks (masquerading as a legitimate emails) that are aimed at senior executives.
White TeamA group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of information systems.
WhitelistA list of entities that are considered trustworthy and are granted access or privileges.
WormA self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.
Z
Zero-Day AttackRecently discovered vulnerabilities (or bugs), not yet known to vendors or antivirus companies, that hackers can exploit.
ZombieA zombie computer is one connected to the Internet that, in appearance, is performing normally, but can be controlled by a hacker with remote access to it who sends commands through an open port. Zombies are mostly used to perform malicious tasks, such as spreading spam or other infected data to other computers, or launching DoS (Denial of Service) attacks, with the owner being unaware of it.

Share