Asset: An item perceived as having value to an organization or something that need to be protected.

Risk: Anything that can impact the confidentiality, integrity, or availability of an asset.

Vulnerability: A gap or weakness in protecting organization’s valuable assets and information. A weakness or flaw in a system’s design, implementation, or operation that could be exploited to violate the system’s security objectives. A weakness that can be exploited by a threat.

Both vulnerability and threat must be present for there to be a risk.

Threat: Threat is something or someone that aims to exploit a vulnerability to gain unauthorized access. Any potential danger to information systems, encompassing both intentional attacks and unintentional events that may cause harm. Any circumstance or event that can negatively impact assets.

Exploit: An exploit is a piece of software, a sequence of commands, or a technique used to take advantage of a vulnerability in a system or application. Exploits are often used by attackers to gain unauthorized access, escalate privileges, or execute malicious code on a target system. Security researchers also use exploits to demonstrate vulnerabilities and help improve security measures.

Malware: Software designed to harm devices or networks.

Ransomware: A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access.

HIPAA: Health Insurance Portability and Accountability Act 1996 - USA law that aims to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.

PII: Personally Identifiable Information refers to any information that can be used to identify an individual and is related to confidentiality in CIA triad. This can include a wide range of data, such as a person’s name, social security number, driver’s license number, email address, physical address, phone number, or biometric records.

PHI: Protected Health Information is information regarding one’s health status.

GDPR: General Data Protection Regulation is a comprehensive data privacy and protection regulation enacted by the European Union (EU).

NIST: National Institute of Standards and Technology - It is a voluntary security framework that consists of standards, guidelines, and best practices to manage cybersecurity risk.

ISO: International Organization for Standardization - It is an independent, non-governmental organization that develops and publishes international standards across various industries and sectors. ISO standards cover a wide range of topics, including quality management, environmental management, information security, and occupational health and safety. ISO standards are designed to ensure products, services, and processes are safe, reliable, and of good quality.

Authentication: Process to prove the identity of the requestor/user.

IETF: The Internet Engineering Task Force (IETF) is a global community of experts who develop and promote voluntary standards for the Internet. They create documents called RFCs that define Internet protocols and technologies.

Policy - A high-level overall plan embracing the general goals and acceptable procedures.

Procedure - The specific way activities and tasks are carried out to meet a policy. Procedures define the specific, repeatable activities necessary to accomplish a task or set of tasks.

Standard - An established minimum level of quality or attainment used as a measure, criterion, or model in comparative evaluations. Standards provide criteria for consistency, quality, or safety.

Regulation - A rule or directive made and maintained by an authority such as a government or other organization. Regulations are enforceable by law.

In summary:

• Policy sets goals and direction
• Procedure provides instructions to meet policy
• Standard establishes minimum levels of quality
• Regulation is a rule enforced by an authority

Precendence order is Regulation –> Standards –> Policy –> Procedures

The key difference is that policies and procedures are set internally by an organization, while standards and regulations are established externally and have broader application/enforcement.

Non-Repudiation: Non-repudiation refers to the concept that someone cannot deny or refute something they have done. It is the assurance that a sender cannot deny the authenticity or integrity of a message they have sent, and the recipient cannot deny receiving it.

Breach: A breach refers to an unauthorized access to sensitive data or information. It occurs when a system, network, or application is accessed by an individual, group, or entity without proper authorization. Breaches can result in the exposure, theft, or compromise of confidential data.

Event: An event is any occurrence that is noteworthy or significant within a system or organization. Events can include routine activities, incidents, or anomalies that may require attention or investigation. Events can be monitored and logged to provide insights into the functioning of a system.

Incident: An incident refers to any event that disrupts the normal operation of a system, network, or organization. Incidents can include security breaches, data leaks, system failures, or other disruptions that impact the confidentiality, integrity, or availability of information. Incident response teams are responsible for managing and mitigating the impact of incidents to minimize damage and restore normal operations.

Intrusion: An intrusion refers to unauthorized access or entry into a system, network, or application by an external entity. Intrusions can be malicious in nature, with the intent to steal data, disrupt operations, or cause harm. Intrusion detection systems are used to monitor and identify unauthorized access attempts and alert security teams to potential threats.

Zero Day: A zero-day vulnerability is a security flaw or weakness in a software application or system that is unknown to the vendor or developers. This means that attackers can exploit the vulnerability before a patch or fix is available, giving defenders zero days to respond or protect against the threat. Zero-day exploits are highly sought after by cybercriminals and can pose significant risks to organizations until a security patch is released. As it is new vulnerability for which a patch is not yet ready, it doesn’t fit any existing patterns, signatures or methods.

Computer Incident Response Teams (CIRTs) or Computer Security Incident Response Teams (CSIRTs) are specialized groups of cybersecurity professionals tasked with detecting, analyzing, responding to, and recovering from security incidents within an organization. Their primary goal is to minimize the impact of security breaches, investigate incidents, mitigate threats, and enhance overall security measures. CIRTs/CSIRTs collaborate closely with IT teams, management, and external partners to ensure a coordinated response to cybersecurity incidents. They also engage in proactive measures such as incident response planning, training, and simulations to strengthen the organization’s resilience against potential threats.

SIEM (Security Information and Event Management): A SIEM system provides real-time analysis of security alerts generated by applications and network hardware. SIEM systems collect and analyze security data from various sources, such as network devices, servers, and applications, to identify potential threats and vulnerabilities. By correlating events and logs, SIEM helps organizations gain insights into their security posture, streamline incident response, and comply with regulatory requirements.

IDS (Intrusion Detection System): An IDS is a security tool that monitors network or system activities for malicious activities or policy violations.

IPS (Intrusion Prevention System): An IPS is a security tool that monitors network or system activities for malicious activities and can take action to prevent those activities.

Sensitive PII (Personally Identifiable Information): Sensitive PII refers to any information that can be used to identify an individual and is considered sensitive or confidential, such as social security numbers, financial information, or health records.

Transferable skills: Skills from other areas that can apply to different careers. A transferable skill is a skill that can be applied and utilized across different roles, industries, or situations. These skills are not specific to a particular job or task but can be valuable in various contexts. Some examples of transferable skills include communication, problem-solving, teamwork, time management, leadership, and adaptability.

Malware: Malicious software designed to harm, disrupt, or gain unauthorized access to systems or data, including viruses, worms, Trojans, ransomware, etc.

Payload: A payload in cybersecurity refers to the part of malicious code that gets delivered and executed on a compromised system after exploiting a vulnerability. It’s the active component of malware or an attack that performs specific actions, like installing malware, granting remote access, stealing data, or causing damage to the system.

Firewall: A security device or software that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

Authentication: Verifying the identity of users or systems attempting to access resources through credentials, biometrics, or other authentication methods.

Authorization: Granting authenticated users or systems appropriate access rights and permissions to resources based on their roles or privileges.

Phishing: Deceptive attempts to obtain sensitive information or access by impersonating a trustworthy entity in emails, messages, or websites. Phishing exploits human error to get sensitive data and private information. It is one method of social engineering.

Encryption: The process of encoding information to make it unreadable without the correct decryption key, used to protect data confidentiality.

Encryption Key: A piece of information used to encrypt and decrypt data, securing communication and ensuring confidentiality.

Patch: Software update that addresses security vulnerabilities or improves functionality.

Zero-day Vulnerability: A security flaw in software or hardware that is exploited by attackers before the vendor releases a patch or fix. Vendor has zero days to create patch or a fix as the vulnerability is already exposed.

Two-Factor Authentication (2FA): A security method that requires two different forms of identification before granting access, often combining a password with a code sent to a mobile device.

Incident Response: A structured approach to addressing and managing the aftermath of a security breach or cyber attack.

Access Control: Methods and measures used to regulate and restrict access to systems, networks, or data.

Penetration Testing: Ethical hacking conducted to identify vulnerabilities in systems by simulating real-world attacks.

Social Engineering: Manipulative techniques used by attackers to deceive individuals into divulging confidential information or performing actions that compromise security. It is a manipulation technique that exploits human error to gain private information, access or valuables.

Denial of Service (DoS) Attack: Overwhelming a system or network with excessive traffic or requests to disrupt its normal functioning and deny legitimate users access.

Endpoint Security: Protecting network endpoints (devices like computers, mobile devices) from security threats with measures like antivirus software, firewalls, etc.

Security Framework: Guidelines used for building plans to help mitigate risk and threats to data and privacy. Security frameworks are guidelines used for building plans to help mitigate risks and threats to data and privacy. They have four core components:

• Identifying and documenting security goals
• Setting guidelines to achieve security goals
• Implementing strong security processes
• Monitoring and communicating results

Compliance: Compliance is the process of adhering to internal standards and external regulations.

CIA Triad: A foundational model that helps inform how organizations consider risk when setting up systems and security policies.

Health Insurance Portability and Accountability Act (HIPAA): A U.S. federal law established to protect patients’ health information.

Log: A record of events that occur within an organization’s systems and networks.

Playbooks: A playbook is a manual that provides details about any operational action, such as how to respond to a security incident

Security and Risk Management: Focused on defining security goals and objectives, risk mitigation, compliance, business continuity, and legal regulations

Risk Mitigation: The process of having the right procedures and rules in place to quickly reduce the impact of a risk like a breach

Business Continuity: An organization’s ability to maintain their everyday productivity by establishing risk disaster recovery plans.

Security Audit: A security audit is a review of an organization’s security controls, policies, and procedures against a set of expectations. Audits are independent reviews that evaluate whether an organization is meeting internal and external criteria.

A Security information and event management (SIEM) tool is an application that collects and analyzes log data to monitor critical activities in an organization. SIEM tools offer real-time monitoring and tracking of security event logs.

SIEM tools provide dashboards that help cybersecurity professionals organize and focus their security efforts. This allows analysts to reduce risk by identifying, analyzing, and remediating the highest priority items in a timely manner.

Chronicle: A cloud-native tool designed to retain, analyze, and search data

Incident response: An organization’s quick attempt to identify an attack, contain the damage, and correct the effects of a security breach

Playbook: A manual that provides details about any operational action

Metrics: Key technical attributes such as response time, availability, and failure rate, which are used to assess the performance of a software application

Playbooks are used by cybersecurity teams in the event of an incident. Playbooks help security teams respond to incidents by ensuring that a consistent list of actions are followed in a prescribed way, regardless of who is working on the case. Playbooks can be very detailed and may include flow charts and tables to clarify what actions to take and in which order. Playbooks are also used for recovery procedures in the event of a ransomware attack. Different types of security incidents have their own playbooks that detail who should take what action and when. Playbooks are changed by security teams as needed.

Playbooks are generally used alongside SIEM tools. If, for example, unusual user behavior is flagged by a SIEM tool, a playbook provides analysts with instructions about how to address the issue.

Incident response: An organization’s quick attempt to identify an attack, contain the damage, and correct the effects of a security breach