SOT

SOT

SOAR
Security Orchestration, Automation and Response

Automation of response to information security incidents using dynamic playbooks and information security tools, building an attack chain and with an object-oriented approach

NG SOAR
Next Generation SOAR

Automation of response to information security incidents with built-in basic correlation (SIEM), vulnerability Scanner (VS), collection of raw events directly from information security tools, dynamic playbooks, building an attack chain and an object-oriented approach. AM and VM are included

AM
Asset Management

Description of the IT landscape, detection of new objects on the network, categorization of assets, inventory, life cycle management of equipment and software on automated workstations and servers of organizations

VS
Vulnerability Scanner

Scanning information assets with enrichment from any external services (additional scanners, The Data Security Threats Database and other analytical databases) to analyze the security of the infrastructure.

VM
Vulnerability Management

Building a process for detecting and eliminating technical vulnerabilities, collecting information from existing security scanners, update management platforms, expert external services and other solutions

FinCERT
Financial Computer Emergency Response Team

Bilateral interaction with the Central Bank, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

GovCERT
Government Computer Emergency Response Team

Bilateral interaction with the state coordination center for computer incidents, namely the transfer of information about incidents and receipt of prompt notifications/bulletins from the regulator

Mail us to sales@securityvision.ru or get demo presentation

SDA

SDA

TIP
Threat Intelligence Platform

Cybersecurity threat data collection, analysis, enrichment, infrastructure detection, investigation and response.

UEBA
User and Entity Behavior Analytics

Building behavior models and detecting deviations from them using several dozen built-in static analysis rules.

AD + ML
User and Entity Behavior Analysis

Dynamic behavioral analysis to search for anomalies using machine learning and to search for possible incidents.

Mail us to sales@securityvision.ru or get demo presentation

GRC

GRC

RM
Risk Management

Formation of a register of risks, threats, protection measures and other control parameters, assessment using the chosen methodology, formation of a list of additional measures to change the level of risk, control of execution, periodic reassessment.

ORM
Operational Risk Management

Accounting and recording of operational risk events, monitoring of key risk indicators and self-assessment/control

CM
Compliance Management

Audit of compliance with various methodologies and standards

BCM
Business Continuity Management

Automation of ensuring continuity and restoration of activities after emergencies.

OTS
Operational Technology Security

Operational Technology Security

Mail us to sales@securityvision.ru or get demo presentation

DEMO
presentation

SOT

Technology
SOAR

Security Orchestration, Automation and Response
NG SOAR

Next Generation SOAR
AM

Asset Management
VS

Vulnerability Scanner
VM

Vulnerability Management
FinCERT

Financial Computer Emergency Response Team
GovCERT

Government Computer Emergency Response Team

GRC

Processes
RM

Risk Management
ORM

Operational Risk Management
CM

Compliance Management
BCM

Business Continuity Management
OTS

Operational Technology Security

SDA

Analytics
TIP

Threat Intelligence Platform
UEBA

User and Entity Behavior Analytics
AD + ML

User and Entity Behavior Analysis

All products

SOT

Technology

SOAR

Security Orchestration, Automation and Response

NG SOAR

Next Generation SOAR

AM

Asset Management

VS

Vulnerability Scanner

VM

Vulnerability Management

FinCERT

Financial Computer Emergency Response Team

GovCERT

Government Computer Emergency Response Team

GRC

Processes

RM

Risk Management

ORM

Operational Risk Management

CM

Compliance Management

BCM

Business Continuity Management

OTS

Operational Technology Security

SDA

Analytics

TIP

Threat Intelligence Platform

UEBA

User and Entity Behavior Analytics

AD + ML

User and Entity Behavior Analysis
All products
Clients FAQ

Information security terms and definitions

Information security terms and definitions
27.11.2023

Ruslan Rakhmetov, Security Vision


Dear friends, when learning the basics of information security - whether at a university, at a refresher course, or on your own - a newcomer inevitably has a lot of questions about the basic terms and definitions used in cybersecurity. In this article, we will define the most common cybersecurity terms and definitions, but where possible, we will try to explain the terms in simple language and avoid unnecessary clericalisms. It should also be noted that when developing any documents (e.g., internal regulatory documents in a company), an official glossary should be used, so we can recommend using a list of the most basic terms from the following documents:


- Standard GOST R 50922-2006 ‘Information Protection. Basic terms and definitions’;

- Standard GOST R 53114-2008 ‘Information Protection. Provision of information security in the organisation. Basic terms and definitions’;

- Standard GOST R 59709-2022 ‘Information protection. Computer Incident Management. Terms and definitions’;

- Recommendations on standardisation R 50.1.053-2005 ‘Information technologies. Basic terms and definitions in the field of technical protection of information’;

- Recommendations on standardisation R 50.1.056-2005 ‘Technical protection of information. Basic terms and definitions’;

- Federal Law No. 149-FZ dated 27.07.2006 ‘On Information, Information Technologies and Information Protection’;

- Federal Law of 27.07.2006 No. 152-FZ ‘On Personal Data’;

- Federal Law dated 26.07.2017 No. 187-FZ ‘On the security of critical information infrastructure of the Russian Federation’.


So, let's move on to the main definitions in the field of information security:


Information protection is ensuring the integrity, confidentiality, availability of information.


Information security (or information security, abbreviated as IS) is a state of information security, when its integrity, confidentiality, availability are ensured.


Integrity of information is a state of information in which it either remains unchanged or changes are made only by those who have the right to do so.


Confidentiality of information is a state of information in which only those who have appropriate access rights have access to it.


Availability of information (resources of the information system) is a state of information (resources of the information system) in which those who have the necessary access rights can realise them without hindrance.


Access rights are the authority of a user or an entity (for example, a programme or a device) to process information - read, write, change, copy, transfer, delete.


An access subject is a user or entity that performs information processing in accordance with the access rights assigned to them.


Access object is information or a resource of the information system (for example, a file or a record in a database) with which the access subject interacts in accordance with the access rights assigned to it.


Asset (information asset) is information or a resource of an information system that has value for the organisation, is used to achieve the organisation's goals, and is the object of protection and cyberattack to violate security properties.


A cyberattack (computer attack) is a targeted malicious impact on an asset to disrupt its normal functioning and/or to realise an IS threat to the information processed by the resource.


An IS incident is an IS event (or a group of events) that may lead or has already led to a successful cyberattack, disruption of an information asset, or damage to the company's interests.


An IS event is a recorded change in the state of an information asset that may be the cause of an IS incident.


Damage from the realisation of a cyber attack is the negative consequences for the interests and well-being of the company. Damage can be direct or indirect:

1) direct damage is the direct and easily predictable losses of the company, such as loss of intellectual property rights, disclosure of trade secrets, reduction in the value of assets or their partial or complete destruction, legal costs and payment of fines and compensation, etc.;

2) indirect losses are indirect and difficult to predict qualitative or indirect losses of the company:

2a) qualitative losses are, for example, suspension or reduction in the efficiency of the company's operations, loss of customers, reduction in the quality of goods produced or services rendered;

2b) indirect losses are, for example, lost profits, loss of business reputation, additional expenses incurred.


An information security threat (cyber threat, IS threat) is a set of conditions and factors that create a risk of information security breach and are a potential cause of an IS incident.


The realisation of an IS threat is a combination of conditions and factors that lead to the occurrence of an IS incident.

Threat modelling is the identification of all threats that can cause damage to the company and the attack vectors that can be used by threat sources to cause damage.


An IS threat can occur when there is:

1) a threat source,

2) the vulnerability of the asset,

3) the way in which the threat is realised,

4) the target of exposure,

5) malicious impact and its consequences.


1. threat source is the entities (intruders, third parties, technical means, physical phenomena, natural forces) that cause the emergence of a threat to information security.


Intruders may be external or internal to the object of protection under consideration:


1) external intruders are subjects who do not have legitimate access to the object of protection. They are not employees of the company, legitimate users of internal information systems, outsourcers, contractors, suppliers, customers and other persons who have valid legal relations with the organisation in question;


2) insiders (or insiders, from the English insider) are employees and managers of the company, as well as legal entities that have a valid legal relationship with the company. They have good knowledge of the operation of the resource under attack and have or can gain access to it, often authorised and with extended powers. Insiders are roughly divided into:


- negligent, who may realise IS threats unintentionally,

- saboteurs, who disrupt the company's business processes due to their disloyalty,

- resigning employees, who seek to keep confidential work information for use in their new jobs,

- the targeted, who may be deliberately introduced by competitors for business intelligence.


Intruder modelling is an assessment of the danger of attackers, taking into account whether they have the means, motives, capabilities to carry out cyber threats, and the attractiveness of a particular company to attackers.


2. Vulnerability is a weakness in an asset or control and management tool that can be exploited by attackers to realise information security threats. Vulnerability is characterised by the degree of danger, including the ease of exploitation (use) of the vulnerability and its impact on information security properties (confidentiality, integrity, availability).


3. Threat implementation method is the threat source's use of identified vulnerabilities, violations and errors in the company's technical and organisational processes, control and management deficiencies to have a malicious impact on the protected object. Threat implementation methods can also be classified by the tactics, techniques, and procedures of cyberattacks used by attackers (abbreviated as TTPs, from Tactics, Techniques, Procedures).


4 The target is people, information, processes and technologies, including development, production and delivery processes, data transmission channels, software and hardware, and information system components. For example, attackers send phishing links to employees to implement cyberattacks using social engineering methods, launch encryption viruses to obtain a ransom for decrypting data or not disclosing stolen information, infiltrate software development processes to embed a virus in the next software update, and connect hardware keyloggers (devices for the unauthorised capture of information) to computers.


5. Malicious influence is a direct cyberattack, such as DDoS attack, data theft, infection with an encryption virus, and theft of funds. Malicious impact leads to consequences in the form of damage to the interests and well-being of the company.


Information security risk (IS risk, cyber risk) is the potential for asset vulnerabilities to be exploited by a specific threat to cause damage to the company. There are the following ways to handle cyber risk:


1) ignore - but this will sooner or later lead to a successful cyber attack,

2) accept - with a considered and collegial judgement, this is acceptable for non-significant risks or risks that cannot be handled in any other way,

3) avoid - avoiding the implementation or use of certain risky technologies, but the productivity of the company's processes may suffer,

4) transfer - use of cyber insurance services,

5) minimise - implementation of cyber security strategy, implementation of information protection measures (organisational, technical, physical), installation and operation of information protection equipment.


Information protection means (abbreviation: IPS or IPS) against unauthorised access/impact is a technical, software or software-technical means designed to prevent or significantly impede unauthorised access/impact on information or information system resources.

Recommended

Review of the publication NIST SP 800-210 "General Access Control Guidance for Cloud Systems"
Review of the publication NIST SP 800-210 "General Access Control Guidance for Cloud Systems"
information security

29.03.2022

IPS / IDS systems. Intrusion detection and prevention
IPS / IDS systems. Intrusion detection and prevention
information security SOAR

20.03.2023

Benefits of Pentest for the post-incident patient
Benefits of Pentest for the post-incident patient
information security SOC

13.06.2024

Using MITRE ATT&CK in the Threat Intelligence Platform
Using MITRE ATT&CK in the Threat Intelligence Platform
information security TIP MITRE

24.07.2023

Artificial intelligence in information security
Artificial intelligence in information security
information security

23.08.2021

Review of NIST Publication SP 800-190, ‘Application Container Security Guide’
Review of NIST Publication SP 800-190, ‘Application Container Security Guide’
information security

20.06.2022

Review of the publication NIST SP 800-161 Rev. 1 (Draft) "Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations"
Review of the publication NIST SP 800-161 Rev. 1 (Draft) "Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations"
information security

08.02.2022

MITRE's publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #7 ‘Choose and Collect the Right Data’
MITRE's publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #7 ‘Choose and Collect the Right Data’
information security SOC MITRE

19.06.2023

Review of NIST Publication SP 800-128 "Guide for Security-Focused Configuration Management of Information Systems"
Review of NIST Publication SP 800-128 "Guide for Security-Focused Configuration Management of Information Systems"
information security

11.04.2022

Threat Database Overview
Threat Database Overview
information security MITRE

25.03.2024

Features of the new versions of UEBA and Anomaly Detection products on the Security Vision 5 platform
Features of the new versions of UEBA and Anomaly Detection products on the Security Vision 5 platform
information security UEBA (User and Entity Behavior Analytics)

25.04.2024

Review of the publication NIST SP 800-207 "Zero Trust Architecture"
Review of the publication NIST SP 800-207 "Zero Trust Architecture"
information security

22.03.2022

Recommended

Review of the publication NIST SP 800-210 "General Access Control Guidance for Cloud Systems"
information security

29.03.2022

Review of the publication NIST SP 800-210 "General Access Control Guidance for Cloud Systems"
IPS / IDS systems. Intrusion detection and prevention
information security SOAR

20.03.2023

IPS / IDS systems. Intrusion detection and prevention
Benefits of Pentest for the post-incident patient
information security SOC

13.06.2024

Benefits of Pentest for the post-incident patient
Using MITRE ATT&CK in the Threat Intelligence Platform
information security TIP MITRE

24.07.2023

Using MITRE ATT&CK in the Threat Intelligence Platform
Artificial intelligence in information security
information security

23.08.2021

Artificial intelligence in information security
Review of NIST Publication SP 800-190, ‘Application Container Security Guide’
information security

20.06.2022

Review of NIST Publication SP 800-190, ‘Application Container Security Guide’
Review of the publication NIST SP 800-161 Rev. 1 (Draft) "Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations"
information security

08.02.2022

Review of the publication NIST SP 800-161 Rev. 1 (Draft) "Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations"
MITRE's publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #7 ‘Choose and Collect the Right Data’
information security SOC MITRE

19.06.2023

MITRE's publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #7 ‘Choose and Collect the Right Data’
Review of NIST Publication SP 800-128 "Guide for Security-Focused Configuration Management of Information Systems"
information security

11.04.2022

Review of NIST Publication SP 800-128 "Guide for Security-Focused Configuration Management of Information Systems"
Threat Database Overview
information security MITRE

25.03.2024

Threat Database Overview
Features of the new versions of UEBA and Anomaly Detection products on the Security Vision 5 platform
information security UEBA (User and Entity Behavior Analytics)

25.04.2024

Features of the new versions of UEBA and Anomaly Detection products on the Security Vision 5 platform
Review of the publication NIST SP 800-207 "Zero Trust Architecture"
information security

22.03.2022

Review of the publication NIST SP 800-207 "Zero Trust Architecture"

Other articles

Automating Routine Activities with Security Vision SOAR: A Case Study
Automating Routine Activities with Security Vision SOAR: A Case Study
information security SOAR

29.01.2024

DLP systems (Data Loss Prevention, DLP) - what it is
DLP systems (Data Loss Prevention, DLP) - what it is
information security

29.11.2021

Information security trends. Part 2
Information security trends. Part 2
information security

09.08.2021

Biometric personal data, changes in regulation of its processing and market impact
Biometric personal data, changes in regulation of its processing and market impact
information security

17.01.2022

Business Continuity Product (Security Vision BCP) as a link between IT and IS processes
Business Continuity Product (Security Vision BCP) as a link between IT and IS processes
information security

02.11.2023

OWASP Top 10 methodology attacks on web-based systems
OWASP Top 10 methodology attacks on web-based systems
information security

27.05.2024

SD-WAN - Orchestrator for large scale networks
SD-WAN - Orchestrator for large scale networks
information security SOAR SIEM

30.10.2023

Fantastic TI and Where He Dwells
Fantastic TI and Where He Dwells
information security SOC TIP

25.04.2024

MITRE's publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #1 ‘Know what you are protecting and why’
MITRE's publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #1 ‘Know what you are protecting and why’
information security SOC MITRE

02.05.2023

Other articles

Automating Routine Activities with Security Vision SOAR: A Case Study
information security SOAR

29.01.2024

Automating Routine Activities with Security Vision SOAR: A Case Study
DLP systems (Data Loss Prevention, DLP) - what it is
information security

29.11.2021

DLP systems (Data Loss Prevention, DLP) - what it is
Information security trends. Part 2
information security

09.08.2021

Information security trends. Part 2
Biometric personal data, changes in regulation of its processing and market impact
information security

17.01.2022

Biometric personal data, changes in regulation of its processing and market impact
Business Continuity Product (Security Vision BCP) as a link between IT and IS processes
information security

02.11.2023

Business Continuity Product (Security Vision BCP) as a link between IT and IS processes
OWASP Top 10 methodology attacks on web-based systems
information security

27.05.2024

OWASP Top 10 methodology attacks on web-based systems
SD-WAN - Orchestrator for large scale networks
information security SOAR SIEM

30.10.2023

SD-WAN - Orchestrator for large scale networks
Fantastic TI and Where He Dwells
information security SOC TIP

25.04.2024

Fantastic TI and Where He Dwells
MITRE's publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #1 ‘Know what you are protecting and why’
information security SOC MITRE

02.05.2023

MITRE's publication ‘11 Strategies for a World-Class SOC Centre’. Strategy #1 ‘Know what you are protecting and why’

This website uses cookies to ensure you get the best experience.