Common cybersecurity terms defined
There is no doubt that cybersecurity is becoming one of the top priorities across governments, organizations, and individuals. However, not everyone is familiar with the technical cybersecurity terms and definitions. Throughout this article, we will define some of the key terms and cybersecurity jargon commonly used in the industry.
Chief Information Security Officer (CISO): CISOs monitor and manage their organization’s cybersecurity policies, practices, and governance. They oversee the development and deployment of cyber strategy and act as the main point of contact for cybersecurity related issues.
Cybersecurity Health Check: This is an evaluation of an organization’s security posture. This may include risk assessments, policy and procedure reviews, vulnerability assessments, and penetration tests.
Industrial Control Systems (ICS): This is a general term that describes multiple types of computer-based systems used to monitor and control industrial processes.1 For example, ICS includes supervisory control and data acquisition (SCADA) systems used in power plants, manufacturing facilities, and oil refineries. These have multiple components like electrical, mechanical, hydraulic, and/or others that work together to achieve an industrial objective.
Incident Response: A capability all IT programs need to have in place, an incident response is systematic, ensuring the appropriate actions are taken. Incident response helps personnel to minimize loss or theft of information and disruption of services caused by cybersecurity incidents. 2
Incident Response Plan (IRP): An Incident Response Plan (IRP), sometimes called a Cybersecurity Incident Response Plan or CIRP, is a written document, formally approved by the senior leadership team, that guides an organization throughout a confirmed or suspected security incident. An IRP includes a list of key cybersecurity personnel who may be needed, as well as roles and responsibilities outlining a clear procedure to respond to a cybersecurity incident.3
Interoperability: This refers to the ability of one entity to communicate with and exchange data with different systems and applications.4 It is critical for effective cybersecurity, as it allows different security technologies to work together seamlessly. For example, a security information and event management (SIEM) system can communicate with firewalls and intrusion detection systems to detect and respond to cyber threats.
Managed Detection and Response (MDR): A managed cybersecurity service providing clients with intrusion detection of any malicious activity within their network and preventing them from causing any harm. This service is most effective when it includes containment, investigation, response, and threat hunting. Sometimes this is combined with an XDR service (see below).
National Security Memorandum (NSM): This is issued by the US president to establish national security policy and objectives. NSMs often address cybersecurity issues, such as protecting critical infrastructure from cyberattacks.
Operational Technology (OT): Programmable hardware/software that is used to control and monitor physical devices.5 Most commonly seen in the manufacturing and industrial sectors, an example includes industrial control systems such as sensors, valves, and building management systems used in manufacturing plants, power grids, and transportation systems. OT systems are often isolated from traditional IT systems to protect against cybersecurity threats, but digital transformation has changed this as OT and IT are now increasingly integrated.
Phishing: A common tactic used by cybercriminals, perpetrators typically impersonate a legitimate business or reputable person in an attempt obtain access to sensitive data, such as bank account numbers, or access to a larger computerized system through a fraudulent solicitation in email or on a website. While widely known, these tactics are becoming increasingly more sophisticated.
Ransomware: A type of malware that attempts to deny access to a user’s data, usually by encrypting the data with a key known only to the hacker who deployed the malware, until a ransom is paid.
Extended Detection and Response (XDR): XDR provides detection and response at the endpoint, network, cloud, and even through employee actions. It pulls together detection and response capabilities in a single platform. This is often provided in conjunction with an MDR service (see above).
We will continue to update this cybersecurity glossary with the latest trends and developments in cybersecurity terms and definitions.
Endnotes
- NIST, CSRC Content. 2011. “Industrial Control System (ICS) - Glossary | CSRC.” Csrc.nist.gov. CSRC NIST. March 2011. https://csrc.nist.gov/glossary/term/industrial_control_system. ↩
- Cichonski, Paul, Tom Millar, Tim Grance, and Karen Scarfone. 2012. “Computer Security Incident Handling Guide: Recommendations of the National Institute of Standards and Technology.” Computer Security Incident Handling Guide 2 (2): 1–10. https://doi.org/10.6028/nist.sp.800-61r2. ↩
- Cybersecurity & Infrastructure Security Agency. 2018. “Incident Response Plan (IRP) Basics.” 2018. https://www.cisa.gov/sites/default/files/publications/Incident-Response-Plan-Basics_508c.pdf. ↩
- National Institute of Standards and Technology Special Publication 800-175B Revision 1 Natl. Inst. Stand. Technol. Spec. Publ. 800-175B Rev. 1, 91 pages (March 2020) CODEN: NSPUE2. ↩
- NIST, Computer Security Resource Center. 2018. “Operational Technology - Glossary | CSRC.” Csrc.nist.gov. CSRC NIST. December 2018. https://csrc.nist.gov/glossary/term/operational_technology. ↩