Kingdom of Lies
Page 17
DATA MINING: The process or techniques used to analyze large sets of existing information to discover previously unrevealed patterns or correlations.
DECRYPTING: The process of transforming ciphertext into its original plaintext. The process of converting encrypted data back into its original form, so it can be understood. Synonyms: decoding, deciphering
DENIAL OF SERVICE (DOS): An attack that prevents or impairs the authorized use of information system resources or services.
DIGITAL FORENSICS: The processes and specialized techniques for gathering, retaining, and analyzing system-related data (digital evidence) for investigative purposes. Synonyms: computer forensics, forensics
DISTRIBUTED DENIAL OF SERVICE (DDOS): A denial of service technique that uses numerous systems to perform the attack simultaneously.
ENCRYPTION: The process of transforming plaintext into ciphertext. Converting data into a form that cannot be easily understood by unauthorized people.
ENTERPRISE RISK MANAGEMENT: A comprehensive approach to risk management that engages people, processes, and systems across an organization to improve the quality of decision-making for managing risks that may hinder an organization’s ability to achieve its objectives. May also involve identifying mission dependencies on enterprise capabilities, identifying and prioritizing risks due to defined threats, implementing countermeasures to provide both a static risk posture and an effective dynamic response to active threats, and assessing enterprise performance against threats and adjusting countermeasures as necessary.
EVENT: An observable occurrence in an information system or network. Something that provides an indication that an incident is occurring or at least raises the suspicion that an incident may be occurring.
EXFILTRATION: The unauthorized transfer of information from an information system.
EXPLOIT: A technique to breach the security of a network or information system in violation of security policy.
EXPOSURE: The condition of being unprotected, thereby allowing access to information or capabilities that an attacker can use to enter a system or network.
FIREWALL: A capability to limit network traffic between networks and/or information systems. A hardware/software device or software program that limits network traffic according to a set of rules of what access is and is not allowed or authorized.
HACKER: An unauthorized user who attempts to gain or gains access to an information system.
HASHING: A process of applying a mathematical algorithm against a set of data to produce a numeric value (a “hash value”) that represents the data.
IDENTITY AND ACCESS MANAGEMENT: The methods and processes used to manage subjects and their authentication and authorizations to access specific objects.
IMPACT: The consequence of an action.
INCIDENT: An occurrence that actually or potentially results in adverse effects on or poses a threat to an information system or the information that the system processes, stores, or transmits, and that may require a response action to mitigate the consequences. An occurrence that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.
INCIDENT MANAGEMENT: The management and coordination of activities associated with an actual or potential occurrence of an event that may result in adverse consequences to information or information systems.
INCIDENT RESPONSE: The activities that address the short-term, direct effects of an incident and may also support short-term recovery. Cybersecurity work where a person: responds to crises or urgent situations within the pertinent domain to mitigate immediate and potential threats; uses mitigation, preparedness, and response and recovery approaches, as needed, to maximize survival of life, preservation of property, and information security.
INDUSTRIAL CONTROL SYSTEM: An information system used to control industrial processes such as manufacturing, product handling, production, and distribution or to control infrastructure assets.
INFORMATION ASSURANCE: The measures that protect and defend information and information systems by ensuring their availability, integrity, and confidentiality.
INFORMATION TECHNOLOGY: Any equipment or interconnected system or subsystem of equipment that processes, transmits, receives, or interchanges data or information.
INSIDER THREAT: A person or group of persons within an organization who pose a potential risk through violating security policies. One or more individuals with the access to and/or inside knowledge of a company, organization, or enterprise that would allow them to exploit the vulnerabilities of that entity’s security, systems, services, products, or facilities with the intent to cause harm.
INTEGRITY: The property whereby information, an information system, or a component of a system has not been modified or destroyed in an unauthorized manner. A state in which information has remained unaltered from the point it was produced by a source, during transmission, storage, and eventual receipt by the destination.
INTRUSION: An unauthorized act of bypassing the security mechanisms of a network or information system.
INTRUSION DETECTION: The process and methods for analyzing information from networks and information systems to determine if a security breach has occurred.
INVESTIGATION: A systematic and formal inquiry into a qualified threat or incident using digital forensics and/or other traditional criminal inquiry techniques to determine the events that transpired and to collect evidence. Any cybersecurity work in which a person applies tactics, techniques, and procedures for a full range of investigative tools and processes, including interview and interrogation techniques, surveillance, countersurveillance, and surveillance detection, and appropriately evaluates the benefits of prosecution versus intelligence gathering.
KEY: The numerical value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification.
KEYLOGGER: Software or hardware that tracks keystrokes and keyboard events, usually to monitor actions by the user of an information system.
KEY PAIR: A public key and its corresponding private key. Two mathematically related keys having the property that one key can be used to encrypt a message that can only be decrypted using the other key.
MALICIOUS CODE: Program code intended to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system.
MALWARE: Software that compromises the operation of a system by performing an unauthorized function or process. Synonyms: malicious code, malicious applet, malicious logic.
MITIGATION: The application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences. Can also involve implementing appropriate risk-reduction controls based on risk management priorities and analysis of alternatives.
OUTSIDER THREAT: A person or group of persons external to an organization who are not authorized to access its assets and pose a potential risk to the organization and its assets.
PACKETS: Packets, or network packets, consist of data, formatted to be carried over a network, typically including information about controls and end users. When a website receives too many packets at once, it can become unbalanced, resulting in a crash of the website or a takeover of the website by a malicious actor.
PASSIVE ATTACK: An actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system but does not attempt to alter the system, its resources, its data, or its operations.
PASSWORD: A string of characters (letters, numbers, and/or other symbols) used to authenticate an identity or to verify access authorization.
PENETRATION: Intrusion into a network or system.
PEN TEST: A colloquial term for penetration test or penetration testing.
PENETRATION TESTING: An evaluation methodology whereby assessors search for vulnerabilities and attempt to circumvent the security features of a network and/or
information system.
PERSONAL IDENTIFYING INFORMATION/PERSONALLY IDENTIFIABLE INFORMATION: The information that permits the identity of an individual to be directly or indirectly inferred.
PHISHING: A digital form of social engineering to deceive individuals into providing sensitive information.
PRIVACY: The assurance that the confidentiality of and access to certain information about an entity is protected. The ability of individuals to understand and exercise control over how information about themselves may be used by others.
PRIVATE KEY: A cryptographic key that must be kept confidential and is used to enable the operation of an asymmetric cryptographic algorithm. The secret part of an asymmetric key pair that is uniquely associated with an entity.
PUBLIC KEY: A cryptographic key that may be widely published and is used to enable the operation of an asymmetric cryptographic algorithm. The public part of an asymmetric key pair that is uniquely associated with an entity.
PUBLIC KEY CRYPTOGRAPHY: A branch of cryptography in which a cryptographic system or algorithm uses two uniquely linked keys: a public key and a private key (a key pair).
RECOVERY: The activities after an incident or event to restore essential services and operations in the short and medium term and to fully restore all capabilities in the longer term.
RED TEAM: A group authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s cybersecurity posture.
REDUNDANCY: Additional or alternative systems, subsystems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, subsystem, asset, or process.
RESILIENCE: The ability to adapt to changing conditions and prepare for, withstand, and rapidly recover from disruption.
RESPONSE: The activities that address the short-term, direct effects of an incident and may also support short-term recovery.
RISK ASSESSMENT: The product or process that collects information and assigns values to risks for the purpose of setting priorities, developing or comparing courses of action, and informing decision-making. The appraisal of the risks facing an entity, asset, system, or network, organizational operations, individuals, geographic areas, other organizations, or society, including determining the extent to which adverse circumstances or events could result in harmful consequences.
RISK MANAGEMENT: The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring, or controlling it to an acceptable level considering associated costs and benefits of any actions taken. These actions may include (1) conducting a risk assessment; (2) implementing strategies to mitigate risks; (3) continuously monitoring risk over time; and (4) documenting the overall risk management program.
ROOTKIT: A set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges, and conceal the activities conducted by the tools.
SECURITY PROGRAM MANAGEMENT OR PROJECT MANAGEMENT: Work where a person manages information security implications within the organization, a specific program, or other area of responsibility, to include strategic, personnel, infrastructure, policy enforcement, emergency planning, security awareness, and other resources.
SIGNATURE: A recognizable, distinguishing pattern.
SITUATIONAL AWARENESS: Comprehending information about the current and developing security posture and risks based on information gathered, observation, analysis, knowledge, and/or experience. In cybersecurity, comprehending the current status and security posture with respect to availability, confidentiality, and integrity of networks, systems, users, and data, as well as projecting future states of these.
SOFTWARE ASSURANCE: The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that the software functions in the intended manner.
SPAM: The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.
SPOOFING: Faking the sending address of a transmission to gain illegal or unauthorized entry into a secure system. The deliberate inducement of a user or resource to take incorrect action. Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing.
SPYWARE: Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.
SUPPLY CHAIN: A system of organizations, people, activities, information, and resources for creating and moving products, including product components and/or services from suppliers, to their customers.
SYSTEM ADMINISTRATOR: The person who installs, configures, troubleshoots, and maintains server configurations (hardware and software) to ensure their confidentiality, integrity, and availability. Also manages accounts, firewalls, and patches and is responsible for access control, passwords, and account creation and administration.
TABLETOP EXERCISE: A discussion-based exercise where personnel meet in a classroom setting or breakout groups and are presented with a scenario to validate the content of plans, procedures, policies, cooperative agreements, or other information for managing an incident.
THREAT: A circumstance or event that indicates the potential to exploit vulnerabilities and to adversely impact organizational operations, organizational assets, including information and information systems, individuals, other organizations, or society. May include an individual or group of individuals, an entity such as an organization, or a nation, action, or occurrence.
THREAT ACTOR: An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.
THREAT ANALYSIS: The detailed evaluation of the characteristics of individual threats. Cybersecurity work that includes identifying and assessing the capabilities and activities of cybercriminals or foreign intelligence entities and producing findings to help initialize or support law enforcement and counterintelligence investigations or activities.
THREAT ASSESSMENT: The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations, and/or property.
TICKET: In access control, data that authenticates the identity of a client or a service and, together with a temporary encryption key (a session key), forms a credential.
TRAFFIC LIGHT PROTOCOL: A set of designations employing four colors (red, amber, green, and white) used to ensure that sensitive information is shared with the correct audience.
TROJAN HORSE: A computer program that appears to have a useful function but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.
UNAUTHORIZED ACCESS: Any access that violates the stated security policy.
VIRUS: A computer program that can replicate itself, infect a computer without user permission or knowledge, and then spread or propagate to another computer.
VULNERABILITY: A characteristic or specific weakness that renders an organization or asset open to exploitation by a given threat or susceptible to a given hazard.
WEAKNESS: A shortcoming or imperfection in software code, design, architecture, or deployment that, under proper conditions, could become a vulnerability or contribute to the introduction of vulnerabilities.
WHITELIST: A list of entities that are considered trustworthy and are granted access or privileges.
WORM: A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.
Appendix B
Epilogue Explained
NBS, JOHN CURTISS, MATH LAB, NEW CENSUS
In 1901, Congress created the National Bureau of Standards (NBS), which would later turn into the National Institute for Standards in Technology, the organiza
tion that would create the country’s primary framework for cybersecurity. Throughout the 1930s and 1940s, NBS produced the “math tables project,” a division of Roosevelt’s Works Projects Administration, which led to some of the foundational mathematics for today’s internet.
John Curtiss—a pioneer in “the salt mines of computing”—came up with some of the first computational algorithms associated with modern computing. Curtiss helped found the Applied Mathematics Laboratories, which would become the U.S.-based Applied Mathematics Division of the U.S. Department of Energy’s Office of Science. It would ultimately develop some of the earliest software and hardware in the United States.
One of the first applications for this computing capability was with the new U.S. Census in 1951, which relied on an early version of a computer database called UNIVAC, regarded as the world’s first commercial computer.
LANCZOS, KRYLOV, HESTENES AND STIEFEL
Cornelius Lanczos, a Hungarian, developed several new uses for algorithmic computing throughout the 1950s and 1960s, as well as the mathematical technology that allows us to zoom in and out of digital images and videos.
One of Lanczos’s methods, known as Krylov, was a collaboration between himself and Magnus Hestenes and Eduard Stiefel in the 1950s. The Krylov algorithm was named the algorithm of the century because it led to foundational elements behind the scale at which computers can sift through information.
SEAC, UNIVAC, FBI AND FINGERPRINTS
SEAC, or Standards Eastern Automatic Computer, was one of the first computers that could be accessed remotely, created for government use in 1964.
Also around this time, the FBI started using the early computing technology to digitize its database of fingerprints.
BROOKS ACT, MAGIC FACTS, CHURCHILL EISENHART
In 1964, the Brooks Act established automatic data-processing standards, and the federal government launched the first MAGIC terminal, one of the earliest computers to use graphics to display information. Churchill Eisenhart, a mathematician and chief of the U.S. statistical engineering laboratory, advocated for the federal government to favor “sound mathematical analysis [over] costly experimentation.”