Risk management and monitoring terms

Vulnerability assessment is the practice of identifying weaknesses in computer systems, networks, apps, and hardware.

A vendor patch is a piece of code or software update provided by a software vendor (e.g., developer) to fix or improve a specific aspect of their software.

UEBA is a cybersecurity solution for detecting potential threats based on network anomalies.

True positives are instances where a positive condition, such as an intrusion or attack, is correctly identified.

Transactions per second (TPS) measures the performance and capacity of a system that processes transactions.

A tiger team is commonly defined as a group of specialists brought together to work on a specific goal or solve a critical problem.

A threat vector is a path, method, or means by which a hacker can break into a computer system.

Threat monitoring is the process of monitoring and analyzing networks, systems, and data to identify threats and respond to them.

The threat landscape is the big picture of potential risks and dangers people may face online.

Threat hunting is a proactive approach to cybersecurity where experts actively search for hidden threats or malicious activity within a network or system.

Threat assessment systematically analyzes the organization's information systems, infrastructure, workforce, and companies to identify any potential weaknesses or vulnerabilities to safeguard against cyberattacks and security breaches.

Third-party risk management (TPRM) refers to a process of limiting business risks related to third parties that include vendors, partners, and contractors.

Technical debt, often dubbed code liability, represents shortcuts taken during software development.

Taint analysis is a process to determine what impact user input can have on a system’s security.

System integration testing (SIT) is a phase in the software testing process that combines individual software modules or components and tests them as a single system to ensure they work together correctly.

Sysmon is an add-on for detecting malicious activity on Windows.

Stress testing is a technique used to test the limits of a system or a product under extreme conditions.

STIX (Structured Threat Information eXpression) and TAXII (Trusted Automated eXchange of Indicator Information) are technologies designed to facilitate the exchange of cyber threat intelligence (CTI).

Steganalysis is a procedure that focuses on detecting hidden information or data within various types of digital media.

Static code analysis is a technique employed to examine and assess a computer program's source code without running it.

Source code analysis is a software tool engineered to examine a program or application's source code with the intent of pinpointing potential security risks, code defects, and instances of non-adherence to coding patterns.

Software assurance is an important process conducted by developers and organizations to ensure that their software products are reliable, safe, and secure.

A site survey evaluates the security posture and vulnerabilities of a physical location or a wireless network.

Signals analysis is a type of analysis that professionals perform on different systems.

Security monitoring refers to the ongoing process of collecting, analyzing, and escalating security-related information to detect security incidents in real time.

Security incident and event management (SIEM) is a comprehensive way to provide real-time analysis of security alerts in an organization.

Security hardening, alternatively referred to as system hardening or cyber hardening, denotes the strategy of strengthening system security through various tactics; potentially incorporating configuration modifications, application of updates, and integration of patches; and enforcing security precautions that surpass the default setup.

Security event management is the process of identifying, gathering, monitoring, and reporting security events in systems and software.

A security audit is a comprehensive evaluation of an organization's computer systems, networks, policies, and procedures.

Security assessment is a process of evaluating the security of an organization's IT systems, applications, and policies.

The secure software development lifecycle (SSDLC) serves as a blueprint that infuses security protocols into each phase of software creation.

Secure coding refers to the principle of code design that adheres to the highest security standards and best practices.

Screen scraping refers to organizations extracting data from a screen or a GUI and converting it into a format they can use for further processing.

Static application security testing (SAST) is a technique to scrutinize source code for potential security weaknesses.

Risk monitoring forms a crucial segment of risk management, encompassing the consistent observation and tracking of identified risks impacting a network or information system.

Risk modeling is a technique used in cybersecurity to predict and assess potential threats and vulnerabilities that a system or network might face.

Risk assessment is the process of identifying, analyzing, and evaluating potential risks that may arise from the use of technology or the implementation of tech solutions in a particular context.

Residual risk refers to the remaining threat to an information system after security controls and mitigation strategies have been set.

Remote monitoring and management is software designed to help managed IT service providers remotely and proactively monitor client endpoints, networks, and computers.

A red team refers to a group of cybersecurity professionals contracted to simulate actual cyberattacks and assess an organization's security protocols.

Real-time data is delivered or processed as it is generated or received, with little to no delay.

A purple team is an assembly in the field of cybersecurity that performs synergistic penetration testing and vulnerability evaluations.

Proactive defense is a framework or a wide range of different techniques and strategies designed to prevent future cyber attacks and prevent cyber attacks before they can cause significant harm.

Predictive maintenance (PdM) is a proactive maintenance strategy designed to detect anomalies and predict equipment failures before they happen.

Pentest, a condensed term for penetration testing, denotes a procedure in the realm of cybersecurity wherein professionals deliberately seek to breach the security defenses of a digital system, network, or web-based application.

Pattern recognition identifies and classifies data patterns and regularities.

Patch Tuesday refers to the second Tuesday of the month when Microsoft releases security patches for its software.

Patch management is the process of identifying, acquiring, installing, and verifying software updates (patches) to fix known security vulnerabilities or bugs in an application, operating system, or network infrastructure.

OPSEC is an analytical security process used in business to prevent sensitive information from being exposed or getting into the wrong hands.

Operational testing is a phase of software testing.

OffSec, an abbreviation for offensive security, denotes a forward-leaning, aggressive strategy to safeguard digital systems, networks, and personal data against security violations.

Offensive security refers to taking proactive measures (such as offensive testing) to protect an organization’s computer systems, individuals, and networks from cyberattacks.

Not-a-virus is a notification from a cybersecurity tool (usually antivirus software) that a file or application contains possible threats that are not viruses.

Network telescope refers to a set of IP addresses intentionally kept inactive in order to observe and analyze internet traffic, especially malicious activity.

Network detection and response (NDR) refers to a category of measures in cybersecurity, designed to identify threats on computer networks.

Network based intrusion detection system, or NIIDS refers to a security system that monitors network traffic for suspicious activity and alerts network administrators when potential intrusions are detected.

NetSecOps is an approach that aims to make the collaboration between network operations (NetOps) and security operations (SecOps) teams more efficient by integrating their workflows and creating a better and more productive infrastructure.

A Monte Carlo simulation is a technique to obtain information on the behavior of complex processes through the use of repeated random sampling.

Monitoring software is a tool that tracks user, app, and network activity on a system.

Monitoring as a service (MaaS) is an IT service model where various aspects of a company's networks and systems are managed by a third-party service provider.

A memory leak refers to a situation where a computer program incorrectly manages memory allocations, decreasing available memory.

Mean time to patch is a metric that tracks the average time an organization applies patches to vulnerabilities, software bugs, or other security issues.

Mean time between repair (MTBR) is the average time between successive repairs of a specific system.

Mean time between failures (MTBF) is a way to measure how long a mechanical or electronic system usually runs before it fails.

A managed service provider platform is the software framework for delivering IT services, software, and hardware to clients.

Machine data refers to the information generated by digital devices, systems, and processes.

A log is a computer-generated file recording events, such as online activities, system errors, or user communication.

The log file represents a record of everything that occurs within a system, such as errors, intrusions, and transactions, which can help security experts undercover potential vulnerabilities or breaches.

Log clipping refers to the practice of selectively discarding or truncating log entries or records.

Location intelligence (LI) involves extracting valuable insights from geospatial information to guide decision-making, streamline operations, and improve user interactions.

Least privilege is allowing minimal clearance to users, processes, applications, systems, and devices so that they only have access to information and resources that are necessary for their legitimate purpose.

A key risk indicator is a metric used to assess and measure possible risks.

Just-in-time (JIT) access grants permissions only when required.

ITSM is the delivery of IT as a service to a customer.

An intrusion detection system is a security technology designed to detect and respond to unauthorized access attempts or malicious activities within a computer network or system.

Integrated threat management (ITM) is a holistic cybersecurity approach that combines different tools and strategies into a single system.

Interactive application security testing (IAST) is a methodology that analyzes a web application's behavior during runtime to identify security vulnerabilities.

Host-based intrusion detection system is a security mechanism designed to detect unauthorized or malicious activities occurring on a single host or endpoint device.

Honeytokens are a clever security technique used to detect and monitor unauthorized access or attempted breaches in a system.

A honeypot is a seemingly vulnerable computer or computer system consisting of applications and data intended as bait to catch hackers.

HoneyMonkey is a honeypot developed by Microsoft Research.

Hardening is the process of making a specific system more resistant to attack.

File integrity monitoring (FIM) is an internal control and IT security process that runs tests on files to see whether they have been corrupted or tampered with, which is often a sign of a cyberattack.

Fault tolerance in computing refers to the ability of a system, network, or application to continue functioning effectively even when a component fails, such as a server, data center, or connection.

An event log keeps track of all system events and activities on a specific network, including logins and failed and successful password attempts.

An error log is a record of errors that occur within a system, application, or process.

End-of-Support is the stage when a product, be it software or hardware, stops receiving updates and technical help from its creator.

Electronic software distribution (ESD) is a method where software is downloaded directly from the internet rather than bought on physical media like CDs or DVDs.

Dynamic analysis is the process of evaluating software or systems by observing their behavior and execution in real time.

Digital optimization is the process of using technology and data to fine-tune current digital processes, systems, and strategies.

In cybersecurity, DevOps refers to the principles and practices integrated throughout the whole field of cybersecurity.

Deprecation is the process of discouraging developers from using some feature, code, terminology or practice, because it is no longer useful or safe and has been superseded by a better and newer alternative.

Defense in Depth aka (DiD) is an approach or cybersecurity strategy that involves multilayered defense mechanisms and various measures that protect networks and computer systems to save vulnerable data and information from unauthorized access and potential threats.

Deception technology is a category of cybersecurity that uses defense mechanisms to alert companies and individuals of unauthorized access or potential cyberattacks early on.

In the late 1990s and early 2000s, dcs1000, also known as Carnivore, was a questionable and controversial electronic surveillance system used by the Federal Bureau of Investigation (FBI).

Datafication is a method that helps organizations convert everyday aspects, such as human behavior, economic transactions, and social interactions, into digital data by using cameras, sensors, and other data-collection devices.

Database activity monitoring (DAM) refers to a suite of tools designed to monitor and analyze activities in databases such as SQL.

Data verification refers to the process of ensuring that data is accurate, complete, and consistent.

Data mining is the process of finding and extracting patterns, correlations, and anomalies in large data sets — basically turning raw data into useful information.

Data logging refers to the process of collecting data with the aim of analyzing it or storing it long-term.

Data intelligence is the process of analyzing data to help users make informed decisions, improve business efficiency and gain insights.

Data breach prevention is the employment of a range of strategies, policies, and tools to protect sensitive information from being accessed, disclosed, or misused without authorization.

A data audit is the systematic review and analysis of an organization's data assets to assess their security and privacy risks.

Data analytics is the process of analyzing data (e.g., social media, sales figures, web traffic) to get insights, identify trends, and support decision-making.

Data acquisition is a process that involves collecting, measuring, and storing information from various sources for further analysis or processing.

Cyber threat hunting is a proactive defense method that involves actively searching for cyber threats within a network.

Cyber resiliency is a broad field that encompasses the ways organizations can prepare for, respond to, and recover from cyber threats.

Cyber hygiene refers to practices users should take to maintain system health and safeguard against cyberattacks, data breaches, identity theft, and other security risks.

CVSS, or Common Vulnerability Scoring System, is an industry-standardized framework calculating the numerical score of specific vulnerabilities based on their characteristics and properties.

CVE is a list launched in 1999 by the MITRE corporation containing all publicly available information-security vulnerabilities and exposures.

CPU utilization showcases the percentage of a computer’s central processing unit used at any given time.

In cybersecurity, computer-aided software testing (CAST) is the act of using automated tools, methods, and software to test computer systems for their vulnerabilities and security “holes.”

Computer-Aided Software Engineering (CASE) can be defined as the use of computer-based software and various tools that assist the software development life cycle throughout different development phases.

A canary token, also known as a honey token, is a specialized digital identifier that indicates when it has been accessed or utilized.

Business process engine refers to a software component that executes business processes described in a specific notation or format, such as the business process model and notation (BPMN).

A bug fix is a software update developers make to correct an error (known as a 'bug') causing the software to malfunction.

Bot mitigation is the process of identifying and stopping attacks of bots — unwanted automated programs that can flood various online platforms.

Behavior monitoring refers to a proactive approach to detecting threats by analyzing the behavior of users, applications, and systems to identify abnormal patterns that could indicate a potential security incident.

An audit trail registers actions, occurrences, or transactions in a system, app, or network.

An audit log refers to a chronological record that provides evidence of activity on your system within a certain period.

Attack taxonomy is a systematic categorization of cyber attacks based on their characteristics, techniques, goals, or targets.

Attack surface refers to the cumulative vulnerabilities or points of entry that an attacker can exploit to launch a cyberattack against a system, network, or application.

Attack surface management (ASM) is the process of identifying, assessing, and securing the externally accessible points in a software environment that an attacker can potentially exploit.

An attack signature is a specific characteristic associated with a known type of cyber attack or malicious activity.

Application performance monitoring (APM) refers to a practice of managing, tracking, and ensuring the performance of applications.

An application log records events, transactions, or errors within a software application.

Anomaly-based detection is a method used to identify and alert about threats.

Alert fatigue happens when cybersecurity professionals become overwhelmed and desensitized by too many security alerts.

Advanced threat detection (ATD) is a cybersecurity method for finding and stopping cyber threats that standard security measures may miss.