The cyber world seems to be full of difficult to understand jargon and phrases. It’s difficult to know what protection you need (and against what) when you don’t actually know what any of it means. Let’s dive in to our cyber jargon buster and help you sort your SOCs out for CERT.
Behavioural monitoring is the part of a cyber security system that watches files on a network for any unusual or unprecedented changes or modification that might suggest that a piece of malicious software had made it into the system.
You could think of this as the cyber equivalent of CCTV. It won’t do much to stop an actual intrusion, but it can certainly let you know when there’s a burglar on your drive with one leg in your car.
Short for ‘penetration test’, this is a simulated attack on a computer system attempts to find vulnerabilities and weaknesses in that hope that they can be covered up and protected before being exploited by folk with more malicious intentions. Letting an ethical hacker have a pop at your system is a good way of judging your security.
Zero Day Attack
With a suitably intense and damaging sounding name, a zero day attack or exploit can be one of the more dangerous. When a company creates software with an unknown flaw in it, an attacker quickly writes and implements exploit code before the company is either aware of the flaw or has time to create a patch for it.
World of Acronyms
If you’ve ever had a conversation with either someone who works in cyber security or in IT in general you may have noticed an interesting phenomenon about the way they talk – almost exclusively in jargon and, particularly, acronyms. You probably find yourself confused and yet simultaneously impressed that someone has managed to create such lengthy and (allegedly) meaningful communications that contain so few actual words.
With that in mind here is a brief (and definitely not exhaustive) run down of some common acronyms, along with an explanation – because sometimes, finding out what the letters stand for makes things worse.
Security Information and Event Management
SIEM is the part of cyber security management that deals with monitoring and the collating of real-time information from a system. This includes notifications of outsider threats, the retention and analysis of real time data on security alerts triggered by a system.
Just to make everything super clear, this system also goes by the acronyms SEM or SIM, and you would find one of these in a SOC. What is a SOC you ask?
Security Operations Centre
A SOC is a centralised location where multiple websites, networks and databases are monitored, assessed and defended. A SOC contains a team of security experts who monitor and respond to threats across the world. They usually look like something a James Bond villain would build and are very physically secure.
Computer Security Incident Response Team
As the name suggests, this is a dedicated team that receives reports of breaches and then analyses them as they occur.
And Just in case we weren’t fed up with acronyms by now, there are staggeringly at least six variations for this one, all of which mean roughly the same thing – CIRC, CIRT, IRC, IRT, SERT or SIRT.
Distributed Denial of Service
A DDOS attack is am attack that comes from multiple compromised systems, as opposed to a DOS attack which comes from one. In an attack, the malicious code coming towards the victim originates from multiple sources, making it nearly impossible to block or distinguish from standard traffic.
Intrusion Detection System
Intrusion Detection Systems monitor a network for malicious activity. This links directly to the SIEM for reporting and analysis, which is of course housed inside a SOC (getting there yet?). IDS’s can vary and the most two common types are NIDS (network) and HIDS (host-based).
See also: Conservative politician.
Supply Chain Risk Management
You’ve probably heard the phrase that a chain is only as strong as it’s weakest link? Well the same applies to cyber security. If, for example, a large defence client with military-grade, world class cyber security was using a smaller supplier for one particular element of their work, that supplier presents a possible vulnerability a hacker could exploit. It’s a way in for them, and good SCRM identifies this weakness.
General Data Protection Regulation
Unlike all of the acronyms above, this often used one is actually a soon-to-be-enforced government regulation that is aimed at strengthening data protection by changing the rules on how companies deal personal data. We recommend you read this article for more information on the GDPR, particularly if you’re a business owner – as failure to comply could lead to a fine of some 8% of your turnover.
Still confused? Let our expert cyber managed service team help.