What These 9 Cyber Security Buzzwords and Jargon Terms Really Mean

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.cio.com/article/2879295/security0/what-these-9-cyber-security-buzzwords-and-jargon-terms-really-mean.html

Hybrid cloud. BYOD. Big Data. Internet of Things. These are terms that have
become part of the daily lexicon, not only within the IT world but also in
the mainstream. Jargon is integral to IT. They make complicated terms more
accessible to the non-technical person, even if they aren’t easier to
understand.

Buzzwords are commonplace in IT security, as well, but are they truly
understood? As Frank Ohlhorst writes in Tech Republic, “it seems that IT
security managers are giving too much power to terms and buzzwords, letting
them dictate security best practices.” Ohlhorst goes on to point out that
while BYOD is just an acronym that means, simply, Bring Your Own Device
(such as when a company allows its employees to use their personally-owned
phones, laptops, and other devices to access the network for work
purposes), security professionals see it as Bring Your Own Disaster and the
beginning of a security nightmare.

Some security buzzwords and jargon are to the point, like ransomware or
phishing, while others, like cloud security or compliance, are a little
more ambiguous. Here are a few popular terms and what they really mean for
security.

Cloud security. It’s easy to lump all security within cloud computing under
one term, but it differs between public clouds and private clouds. Private
cloud security is approached in the same manner as any other in-house
network security, while public cloud security will involve a third-party
vendor. In basic terms, Ari Zoldan CEO, Quantum Networks, breaks down
“cloud security” as a component of computer security which deals with the
policies, technologies, and controls put into place to protect data,
applications, and the associated infrastructure of cloud computing, but for
IT security professionals, it really needs to be disseminated based on the
type of cloud.

Compliance. It seems like everyone wants to have their company become
compliant with all types of rules and regulations meant to keep data
secure. That’s a good thing. But for many companies, “compliant” is doing
the bare minimum toward data security while claiming the company meets
regulatory standards. Real compliance is an on-going process to do
everything possible to prevent breaches and other threats.

Cyber espionage. This is the act of stealing secrets from one company or
individual via the Internet with the intent on using them for personal, or
more often, political or military, gain. Often this term is used when
individuals or groups representing a country or organization infiltrate an
“enemy’s” network. Countries like China and Russia and groups like the
Syrian Electronic Army are often accused of cyber espionage. This buzzword
shouldn’t be confused with cyberwarfare, which consists of different types
of threats, including cyber espionage, conducted specifically by nation
states.

Data Loss Prevention. Data Loss Prevention (DLP) is often the term used to
describe the last point of defense against a cyberattack, but it is
actually the strategy and software the security team develops to protect
data.

Endpoint Protection Platforms. Gartner explains endpoint protection
platforms (EPP) as “a solution that converges endpoint device security
functionality into a single product that delivers antivirus, anti-spyware,
personal firewall, application control and other styles of host intrusion
prevention (for example, behavioral blocking) capabilities into a single
and cohesive solution.” It’s an essential need for information security, as
every device we use – from our computers to smartphones – is considered an
endpoint and needs to be secured. The problem it helps to solve is
protecting the overwhelming number and types of devices now being connected
to networks.

Privacy. When it comes to data security, privacy is tricky because what it
means to one person (say the employee using BYOD) isn’t what it means to
another (say the NSA). For the IT security professional, however, data
privacy is ensuring that sensitive information, such as personally
identifiable information of customers and others, remains hidden and
inaccessible to network intruders.

Ransomware. This is malware, but a very specific type of malware that
requires some sort of ransom payment to either remove the malware or to
retrieve files that had been encrypted by the malware. Ransomware has been
around for a long time, but it made news this year when Cryptolocker
encrypted files and then demanded payment in Bitcoin.

Risk management. This is jargon that gets thrown around a lot, as in “we
must develop a risk management program.” But what exactly is risk
management? The Information Systems Audit and Control Association describes
it this way: “Information risk management defines the areas of an
organization’s information infrastructure and identifies what information
to protect and the degree of protection needed to align with the
organization’s tolerance for risk. It identifies the business value,
business impact, compliance requirements and overall alignment to the
organization’s business strategy. Once this information has been
identified, it can be presented to the business leadership to make
decisions about the level of investment (both financial and resource) that
should be utilized to create appropriate information protection and risk
management capabilities.”

Phishing. Phishing is one of the oldest forms of malicious social
engineering, but it remains one of the most effective because spammers do a
good job at luring users to click on malicious links or open malware-laden
attachments. It is a specific form of social engineering used to gather
personally identifiable information. Phishing emails appear to come from a
trusted source, such as a friend or a well-known business. Over time,
phishing has evolved to include spear phishing (targeted attempts highly
personalized for a specific target) and whaling (phishing scams that target
high-profile users and decision makers).

The buzzwords and jargon discussed here are just the tip of the security
iceberg, but theyrepresent the terms that are used and often misunderstood
within IT security.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!