Table of Contents
This refers to both a tool and a process. Access Control is designed to only give access to information or systems to those that need it. For example, access control can limit your frontline workers from being able to access all employee HR files.
Access control is primarily done in 3 ways:
- Discretionary Access Control (DAC) – Gives permission/privileges to specific people to access specific things.
- i.e. John Smith has access to Payroll.
- Mandatory Access Control (MAC)- Assigns people and systems a label then limits access based on the labels with those having higher clearance being able to access more.
- i.e. John Smith has a “Top Secret” label and Payroll access is granted to anyone with “Classified” designation or higher.
- Role Based Access Control (RBAC) – Controls access through use of job labels for people so they can accomplish job-related tasks.
- i.e. John Smith is in an Accountant, so he can access any software in the Accounting department list.
APT (Advanced Persistent Threat)
An asset is a person, place, or — tangible or intangible — used to complete business tasks. Assets include equipment (like phones and computers), software code, data, facilities, personnel, and more.
- Something they know (like a password or security question)
- Something they are (a biometric measure like a fingerprint or face scan)
- Something you have (like a token or authenticator app on a phone)
BCP (Business Continuity Planning)
CND (Computer Network Defense)
Common Vulnerabilities and Exposures (CVE)
An online database of attacks, exploits, and compromises organized by the MITRE organization for the benefit of the public. It includes any and all types of attacks and abuses known for any type of computer system or software product.
DDoS/DoS (Distributed Denial of Service/ Denial of Service) Attacks
- Flooding attacks – massive amounts of network traffic is sent in efforts to overload devices/servers
- Connection exhaustion – Repeatedly making connection requests to a target to consume all system resources
- Resource demand – repeatedly requesting a resource from a server in order to keep it too busy to respond to other requests
The act of transforming plaintext (the original, readable form of normal data) into ciphertext (i.e. unintelligible, and seemingly random data). Encrypt and encode are often used interchangeably.
Endpoints are (mostly) physical devices that connect to a network system such as a mobile devices, laptops, desktop computers, IoT Devices (thermostats, sensors, etc), Servers, POS devices, printers, wearables, Cloud-based servers/Apps, and other network devices.
EDR (Endpoint Detection and Response)
A security tool, which may be a hardware or software solution, that is used to filter network traffic. A firewall is based on an “implicit deny” stance where all traffic is blocked by default. Rules, filters or access control lists can be defined to indicate which traffic is allowed to cross the firewall. Advanced firewalls can make allow/deny decisions based on user authentication, protocol, header values and even payload contents.
IaaS (Infrastructure as a Service)
IDS (Intrusion Detection System)
An Intrusion Detection System (IDS) is a tool that attempts to detect the presence of intruders or the occurrence of security violations. The goal of an IDS is to notify administrators, enable more detailed or focused logging, or trigger a response like blocking an IP or disconnecting a session. IDS is considered a passive security tool as it detects and responds to threats after they have started instead of preventing them.
IPS (Intrusion Prevention System)
MDR (Managed Detection and Response)
MSP (Managed Services Provider)
MSSP (Managed Security Services Provider)
NIST CSF (National Institute for Standards & Technology Cyber Security Framework)
The National Institute for Standards & Technology (NIST) has been charged with creating a standardized cybersecurity framework by the U.S. Government. The NIST CSF was originally designed to help ensure the security of critical infrastructure systems, but has been widely adopted by non-governmental organizations. A main advantage to using the NIST CSF is that it provides standardized language so that security and risk levels can be quantified across businesses and industries in a supply chain.
Penetration Testing (Pen Test)
Security Information and Event Management (SIEM)
SOC (Security Operations Center)
VPN (Virtual Private Network)
XDR (Extended Detection and Response)
Tristin Zeman is the Digital Marketing Manager at Foresite. For the past 10 years, she has helped organizations of all sizes create and scale marketing programs through digital and traditional marketing channels and efficient marketing operations.