CYBER SECURITY

Advanced Persistent Threat (APT) is a term used to refer to advanced cyberattacks that aim to gain access to a specific target, such as a company, an organization or an individual, and remain active there for a long period of time. APT attacks are often aimed at stealing data or gaining access to sensitive systems, and are often carried out by professional hackers or state-sponsored groups.

"Attack Based Vulnerability Management" refers to an approach to vulnerability management that focuses on identifying, assessing, and prioritizing vulnerabilities based on their potential impact on potential attacks.

"Attack Surface Management" refers to the process of identifying, evaluating and mitigating the potential vulnerabilities and exposed entry points that an attacker can use to compromise a system, application or network.

In other words, attack surface management involves mapping out all the possible ways an attacker could try to gain access to an organization's systems and data. This can range from unused services and open ports on network devices to security weaknesses in applications and outdated software.

BEC or CEO fraud is a form of cybercrime in which fraudulent emails are sent to employees of a company, where the sender poses as the CEO or other senior executive of the company. These emails often contain a request to transfer money to a specific bank account or to provide confidential information. This type of fraud can lead to financial losses for the company and the leakage of confidential information. To protect against BEC or CEO fraud, it is important to train employees to be critical of suspicious emails and to verify that a request for money transfer or information is actually from the manager from the company.

A group of individuals who conduct information systems analysis to ensure security, identify security flaws, verify the effectiveness of each security measure, and ensure that all security measures remain effective once implemented. The Blue Team is also seen as the defending team.

Breach & Attack Simulation is a cybersecurity technique used to assess and improve an organization's security posture by simulating realistic cyber-attacks in a controlled environment. The primary purpose of a breach and attack simulation is to identify vulnerabilities, test the effectiveness of security measures, and evaluate the organization's response to various types of cyber threats.

Cloud Security Posture Management (CSPM) refers to a set of tools, processes, and best practices used to assess, monitor, and improve the security health and compliance level of cloud infrastructures. CSPM's goal is to ensure that cloud resources are properly configured and secured according to best practices and policies to minimize potential security risks.

A Command & Control (C&C) server is a server used to communicate with malware installed on a computer or a network. The C&C server can be used to send commands to the malware, run the malware, and collect data from the affected computer or network.

Compliance is a term used to describe how well an organization complies with the laws and regulations that apply to it. Compliance means that an organization is aware of the risks it runs if it does not comply with the rules, and that it takes measures to limit or prevent those risks. Compliance helps an organization to protect its reputation, customer satisfaction and financial results.

A Computer Emergency Response Team (CERT) is an organization or group responsible for responding to and coordinating cybersecurity incidents, providing security advice, and helping systems recover from a cyberattack. They work with government agencies, businesses and other organizations to ensure a rapid and effective response to cyber threats and incidents.

A "Computer Misuse Detection System" (CMDS) is a system designed to detect and prevent suspicious or malicious activity on computer systems and networks. It can use various techniques and methods to detect and signal potential intrusion attempts, malware attacks and other forms of cyber abuse to administrators or security teams so that appropriate measures can be taken to protect the systems.

Content Disarm and Reconstruction (CDR) is a technique used to improve document security by removing or neutralizing dangerous content. CDR solutions analyze documents for dangerous content, such as malware or malicious links, and remove this content or replace it with safe alternatives. This technique can be used to protect documents sent via email or shared via a cloud storage service. CDR solutions can help reduce the risks of opening dangerous documents and infecting a computer or network with malware

"Continuous Security Validation" (CSV) refers to an approach in which a system's or organization's security measures and controls are continuously tested and evaluated to ensure consistent and effective protection.

Continuous security validation uses automated tools and techniques to regularly monitor and assess the security status of systems, networks, and applications. This includes simulating attacks, testing security measures and identifying potential weaknesses. By validating continuously, organizations can quickly respond to new threats, vulnerabilities and changes in IT infrastructure to ensure that security is maintained at all times.

Continuous Threat Exposure Management (CTEM) refers to an approach in which a system, network or organization's exposure to potential threats is continuously assessed, analyzed and managed to improve security.

Continuous management of threat exposure involves regularly identifying, measuring and evaluating risks and vulnerabilities. This includes monitoring potential threats, analyzing vulnerabilities and taking corrective actions to reduce exposure to threats. This approach enables organizations to proactively respond to new and emerging threats and continuously adapt their security measures to better protect against potential attacks.

DLP stands for "Data Loss Prevention". DLP refers to a set of technologies and processes used to prevent sensitive information from being accidentally or intentionally leaked, stolen or damaged. This may include personal data, financial information, trade secrets and intellectual property. By implementing DLP measures, organizations can protect their data and reduce the risks of security breaches.

DoS (Denial of Service) and DDoS (Distributed Denial of Service) refer to a form of cyber attack in which the attacker attempts to overload a server or network with traffic, rendering the system unable to process legitimate requests and provide services. is interrupted.

An "Email Gateway" is a technology solution used to manage, filter and secure emails flowing in and out of an organization. It is a type of security and management platform designed to monitor and control email traffic, both to block unwanted content (such as spam and malicious attachments) and to ensure the security of the email communication.

Endpoint Detection and Response (EDR) refers to an approach to security that continuously monitors, detects, and analyzes the activities and events on endpoints, such as individual computers, laptops, servers, and mobile devices, to identify and respond to potential security threats.

Endpoint Security refers to protecting individual devices (endpoints) such as computers, laptops, mobile devices, and servers against a wide variety of security risks and threats. The goal of endpoint security is to protect these devices against potential attacks, data leaks, malware infections and other forms of cyber threats.

The "Kill Chain" is a model for understanding and describing a typical cyber attack and consists of several phases.

The General Data Protection Regulation (GDPR) is an European privacy law that came into effect on May 25, 2018. The GDPR is designed to give individuals more control over their personal data and to regulate and harmonize the way organizations process and protect personal data.

"Immediate Threat Intelligence" (ITI) refers to real-time information and data that identifies and reports immediate threats, attacks or risks. It is a type of cyber threat intelligence (CTI) that focuses on detecting and responding to current and immediate cyber threats.

An Intrusion Detection and Prevention System (IDPS) is a security technology designed to detect, prevent, and respond to unauthorized activity and attacks within a computer network. The main purpose of an IDPS is to identify potential intrusion attempts and other malicious activities so that appropriate measures can be taken to maintain security.

"Lateral Movement" refers to the technique used by malicious actors to move from one system to another within a compromised network. It is a stage in a cyberattack where an attacker, after gaining initial access to one system, move to other systems within the same network to gain further control, gather information, elevate privileges, and generally increase their reach and impact to increase.

Magecart is a form of cybercrime in which hackers steal credit card information from unsuspecting victims by injecting malicious code into third-party websites. This process is known as "web-skimming" or "formjacking". 

Malware is short for "malicious software" and is also referred to as "malicious software". It is software designed to harm computer systems, networks or mobile devices and can take various forms, such as viruses, trojans, spyware, ransomware and adware.

Managed Detection and Response (MDR) is a comprehensive cybersecurity service provided by specialist security companies. It focuses on detecting, investigating and responding to advanced cyberthreats and attacks within an organization. MDR goes beyond traditional security solutions by providing active monitoring, analytics and incident response to quickly and effectively respond to threats that might otherwise go undetected.

A Managed Security Service Provider (MSSP) is an external service provider that offers specialized security services to organizations. MSSPs provide comprehensive security solutions and services to help businesses monitor, detect, prevent, and respond to cyber threats and security incidents. This enables organizations to reduce the complexity of security management and access expertise and resources they may not have in-house.

MITRE ATT&CK is an extensive knowledge base of tactics, techniques and procedures (TTPs) used by cybercriminals in their attacks. All this knowledge serves as a basis for the development of specific threat models and methodologies in virtually all sectors of our society. According to MITRE, attack is the best form of defense. A strong red team makes the blue team better at detecting and stopping break-ins and attacks.

Multi-Factor Authentication (MFA), also known as Two-Factor Authentication (2FA), is a security method used to strengthen access to a system, application, or account by requiring multiple authentication steps. Rather than relying solely on a single password, MFA requires users to provide at least two different forms of authentication before gaining access. This greatly increases security and makes it more difficult for unauthorized persons to gain access, even if they know the password.

The National Institute of Standards and Technology (NIST) is a scientific institution under the United States federal government. NIST is committed to standardization in science, such as defining units.

NIST was founded in 1901 under the name National Bureau of Standards (NBS). In 1988, the institution received its current name

The NIST Risk Management Framework (RMF) is a structured approach to identifying, assessing, controlling and monitoring information security risks within an organization.

OSINT stands for Open-Source Intelligence and is a method of collecting information from publicly accessible sources, such as social media, news articles, online forums and databases. This can be used for various purposes such as research, journalism, business strategies and security analysis. OSINT is an important part of modern information and security methods and is increasingly used by governments, companies and individuals.

The Payment Card Industry Data Security Standard (PCI DSS) is a global security standard developed to ensure and enhance the security of payment card data. It is established by the Payment Card Industry Security Standards Council (PCI SSC), an organization founded by major credit card companies such as Visa, MasterCard, American Express, Discover, and JCB.

A penetration test is a test performed to evaluate the security of a system. It is also referred to as a "pen test" and its purpose is to identify vulnerabilities that can be exploited by attackers. During the test, an attempt is made to break into the system in order to discover the weaknesses and report them to the owner of the system. A penetration test can be performed by a specialist company or by an internal security team.

PowerShell is a powerful and versatile command line shell and scripting language developed by Microsoft for managing and automating tasks on Windows and other Microsoft platforms. It gives system administrators and developers the ability to run commands, automate tasks, and write scripts to perform complex tasks and streamline processes.

The Purple Team is a term often used in the cybersecurity world to describe a team that represents both attackers and defenders. The team consists of red team members, who try to penetrate an organization's systems, and blue team members, who try to detect and prevent the attack.

Ransomware is a type of malicious software (malware) that encrypts files on a computer and then demands a ransom from the owner of the computer to unlock the files. This type of malware can be spread through email attachments, hacked websites, infected software or USB sticks.

Ransomware can wreak havoc, especially if it spreads within a network. It can lead to data loss, business process disruption and financial loss. It is therefore important to regularly back up important files and keep up with software updates

The term "Red Team" is generally used to describe a group of people responsible for testing the security of a system or organization by pretending to be hackers and trying to break into the system.

Risk mitigation refers to the actions, strategies and measures taken to reduce or minimize the impact and likelihood of potential risks. The aim of risk mitigation is to reduce the negative consequences of risks and limit the likelihood of loss, damage or disruption of activities.

Risk-Based Vulnerability Management (RBVM) is an approach to managing security vulnerabilities in an IT environment based on the risk they represent to the organization. RBVM focuses on prioritizing vulnerabilities based on the potential impact and likelihood of a successful attack, rather than simply responding to each individual vulnerability.

SAML (Security Assertion Markup Language) and SSO (Single Sign-On)

SAML/SSO is widely used by companies and organizations that want to offer their employees a secure and efficient way to log in to various systems and applications. By using SSO, employees do not have to log in every time and they can quickly and easily access the systems they need.

Secure Email Gateways (SEGs) are secure email gateways used to scan incoming and outgoing emails for potential threats and ensure secure communications between email users. They are commonly used by organizations to protect their emails from spam, phishing attacks, malware and other forms of cyber threats.

Security Information and Event Management (SIEM) is a technology used to collect, analyze, and report security events and information from various sources within an IT environment. SIEM systems provide organizations with the ability to gain a centralized view of the security status of their network, systems and applications, and detect suspicious activity or anomalies that may indicate potential security threats.

"Security Posture Management" refers to the process of assessing, analyzing and managing an organization's overall security posture and controls. This includes identifying vulnerabilities, evaluating security controls and policies, and taking steps to improve and maintain overall security. The goal of security posture management is to increase an organization's resilience to cyberthreats and maintain a strong security posture.

SIEM stands for Security Information and Event Management, while SOAR stands for Security Orchestration, Automation, and Response. Both processes play an important role in the security of IT systems and networks.

Sigma is an open standard for defining detection rules for security information and event management (SIEM) and security analytics software. Sigma's goal is to provide a common language and syntax that allows security professionals to write detection rules that can be used across different SIEM systems and security tools.

Sigma rules describe patterns and conditions that can indicate potential security threats, such as attacks, intrusion attempts, malware infections, and other malicious activities. These rules are written in human-readable text format and can be interpreted by SIEM systems and other security tools that support Sigma.

A Security Operating Center (SOC) is a central location where security activities and procedures are monitored and controlled to protect an organization's IT infrastructure and data from potential threats. The SOC team works closely with the IT department and other stakeholders to ensure and improve the security of the organization.

Tactics, Techniques, and Procedures (TTP) is a concept used in the context of cybersecurity and cyberthreats to describe and categorize different aspects of attacker behavior and their methods of attack. TTP is a framework used to understand how attackers operate, what strategies and techniques they use, and what procedures they follow to achieve their goals.

Third party risks refer to the risks that arise when an organization engages a third party to perform certain tasks or provide services. These risks can relate to various areas, including legal issues, financial risks, reputational risks and operational risks.

TPRM stands for Third Party Risk Management. This is a process by which organizations identify, assess and manage the risks associated with outsourcing activities or services to external parties.

TPRM helps organizations ensure the quality, compliance and performance of their suppliers and avoid potential reputational damage, financial loss or legal disputes.

A trojan is a type of malware that hides in an innocent program or file. If you open such a program or file, the trojan can cause damage to your computer. For example, a trojan can steal, delete or change data, take over your computer or install other malware. A trojan is not a virus, because a trojan cannot spread itself to other computers. A trojan is often used to create a backdoor in your security, making it easier for hackers to gain access to your system.

Vulnerability management is the process of identifying, analyzing and remediating vulnerabilities in systems, networks and applications. The goal of vulnerability management is to improve the security and resilience of the organization by reducing the risk of cyber-attacks. Vulnerability management includes regularly scanning the IT environment, prioritizing the vulnerabilities found based on their severity and impact, and implementing appropriate measures to fix or mitigate them.

WannaCry is a type of ransomware malware that infected more than 200,000 computers in 150 countries in May 2017. The malware used a vulnerability in the Microsoft Windows operating system to spread rapidly and encrypt files on the infected computers, making them inaccessible to their users. The attackers demanded payment in Bitcoin in exchange for the decryption key to unlock the files. The attack caused significant disruption to businesses, hospitals and government agencies around the world. It is believed to have been created by North Korean hackers.

A web application firewall (WAF) is a security solution used to protect web applications against various types of attacks, such as SQL injections, cross-site scripting (XSS), and other exploits that can compromise the application.

Web skimming, also known as "Magecart attacks", refers to a form of cyber attack in which attackers inject malicious code into e-commerce websites to steal customer payment information. These attacks target online shopping carts and payment pages of websites to pass sensitive information, such as credit card information, to the attackers.

This refers to a type of malicious software that can spread itself over a computer network without human intervention. A computer worm can replicate itself and move to other computers on the same network, posing a threat to the security and integrity of data on those computers.

XDR stands for Extended Detection and Response. It is a new approach to threat detection and response that provides holistic protection against cyber-attacks, unauthorized access and misuse.

Zero day in the context of cybersecurity refers to the fact that there is no delay between the discovery of a vulnerability and its exploitation by malicious parties. This gives attackers a temporary advantage as defenders have not had time to prepare or protect against the attack. It is a term that emphasizes the acute threat and urgency of such attacks.

A Zero-Day Vulnerability (also referred to as Zero-Day Exploit) refers to a security vulnerability in software, hardware or any other digital system that is discovered and exploited by malicious actors before the developer of the system is aware of its existence . The term "zero-day" refers to the zero days that the developer is aware and has been able to take action to patch or fix the vulnerability before attackers exploit it.

A "Watering Hole" attack is a form of cyber-attack in which the attacker distributes malicious code or malware on websites likely to be visited by the intended victims. This approach focuses on infecting legitimate websites that are popular with a certain target group, so that when the targeted victims visit these websites, they are unknowingly infected with the malicious code.