- +1 903 368 5654
- [email protected]
- HQ in Tyler, Texas
Source: IBM
The ability to read, update, or otherwise use a resource. Access to protected resources is usually controlled by system software.
Source: IBM
Source: NIST
The process of granting or denying specific requests: 1) for obtaining and using information and related information processing services; and 2) to enter specific physical facilities (e.g., federal buildings, military establishments, and border crossing entrances).
Source: NIST
Source: CNSS
A list of permissions associated with an object (e.g., computer hardware or software or a gate that provides ingress and egress to a physical facility). The list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object.
Source: CNSS
Source:
Manages the current account and any associated accounts. Displays account informtion such as Name, Description of the Account, Type, Acct. ID, Identity Providers and whether or not Data Source Analytics are enabled. The page also allows you to edit account settings, manage users and see details on creation and modification of the information.
Source:
Source: IBM
A person responsible for administrative tasks such as access authorization and content management. Administrators can also grant levels of authority to users.
Source: IBM
Source: NIST
An adversary that possesses sophisticated levels of expertise and significant resources used to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat: (1) pursues its objectives repeatedly over an extended period of time; (2) adapts to defenders? efforts to resist it; and (3) is determined to maintain the level of interaction needed to execute its objectives.
Source: NIST
Source: FEMA
Summary of key post-exercise evaluation information, including the exercise overview and analysis of objectives and core capabilities. It is developed in conjunction with an improvement plan, which identifies specific corrective actions, assigns them to responsible parties, and establishes target dates for their completion. The lead evaluator and exercise planning team draft the AAR.
Source: FEMA
Source: IBM
In cybersecurity and IT, an agent is a small piece of software installed on a device (like a laptop, server, or endpoint) that communicates with a central system.
Agents are used to:
Monitor activity
Enforce security policies
Collect logs and performance data
Detect threats (in tools like EDR or SIEM)
Deploy updates or patches
Think of an agent as a helper app that keeps your systems connected, visible, and secure — working behind the scenes to support your IT and security tools.
Source: IBM
Source: IBM
In cybersecurity, an alert is a notification generated by a security system when it detects suspicious or potentially harmful activity.
Alerts can come from tools like:
Firewalls
Endpoint Detection & Response (EDR)
SIEM systems
Antivirus or antimalware software
Intrusion Detection Systems (IDS)
Alerts help security teams know when and where to investigate a possible threat — like unauthorized access, malware, or unusual behavior on the network.
Think of an alert as your security system waving a red flag: “Something’s not right — check this out.”
Source: IBM
Source: Presidential Policy Directive / PPD-21
A threat or an incident, natural or manmade, that warrants action to protect life, property, the environment, and public health or safety, and to minimize disruptions of government, social, or economic activities. It includes natural disasters, cyber incidents, industrial accidents, pandemics, acts of terrorism, sabotage, and destructive criminal activity targeting critical infrastructure.
Source: Presidential Policy Directive / PPD-21
Source:
Antimalware is software designed to detect, block, and remove malicious software (malware) from computers, servers, and networks.
It protects against threats like:
Viruses
Ransomware
Trojans
Spyware
Worms
Rootkits
Antimalware tools use real-time scanning, behavior analysis, and threat intelligence to prevent infections and alert users to suspicious activity.
In short: Antimalware keeps your devices clean, your data safe, and your business running.
It’s a foundational layer of any modern cybersecurity strategy — often built into EDR or antivirus platforms.
Source:
Source:
An antivirus product is a program designed to detect and remove viruses and other kinds of malicious software from your computer or laptop. Malicious software – known as malware – is code that can harm your computers and laptops, and the data on them. The key feature to antivirus are the known virus definitions which the software uses to identify known viruses and malware.
Source:
Source:
You can use API keys to authenticate programmatic requests to IBM Cloud Pak for Security services. To keep your key secure, delete it and create a new API key every 90 days. Learn how to authenticate requests using your API keys. The API key is a two part string, consisting of a unique identifier and a secret token, which is used for authentication to the API endpoint. The Unique Identifier is comparable to a user ID and has a set of access rights specific to an identity associated with it. The secret token, comparable to a password, is a code that is used together with the Unique Identifier to verify the identity of the calling process to the API.
Source:
Source: IBM
A hardware device with integrated software that is dedicated to a specific task or set of business requirements.
Source: IBM
Source: IBM
Any attempt by an unauthorized person to compromise the operation of a software program or networked system.
Source: IBM
Source: NRECA / Cooperative Research Network
The validation of all aspects of a computer or system that relate to its safe, secure, and correct operation.
Source: NRECA / Cooperative Research Network
Source: NIST
Verifying the identity of a user, process, or device, often as a prerequisite to allowing access to resources.
Source: NIST
Source: NRECA / Cooperative Research Network
Verifying a user?s permissions (after a user has been authenticated) for accessing certain resources or functionality.
Source: NRECA / Cooperative Research Network
Source: NIST
Ensuring timely and reliable access to and use of information. Resiliency objectives extend the concept to refer to point-in-time availability (i.e., the system, component, or device is usable when needed) and the continuity of availability (i.e., the system, component, or device remains usable for the duration of the time it is needed).
Source: NIST
Source:
With confidentiality and integrity, availability is considered part of the CIA Triad, which represents the three most crucial components of information security.
Source:
Source: ATIS
The amount of information that can be passed through a communication channel in a given amount of time, usually expressed in bits per second.
Source: ATIS
Source: Bitcoin.org
An electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party.
Source: Bitcoin.org
Source: EIS Council
A catastrophic event that severely disrupts the normal functioning of critical infrastructures in multiple regions for long durations.
Source: EIS Council
Source: Idaho National Laboratory
The restoration of a power station without reliance on the external power transmission system. Black start capabilities are often provided by small co-located diesel generators used to start larger generators, which in turn start the main power station generators.
Source: Idaho National Laboratory
Source: US-CERT
A list of entities that are blocked or denied privileges or access.
Source: US-CERT
Source: NIST
Tamper-resistant digital ledgers implemented in a distributed fashion (i.e., without a central repository) and usually without a central authority (i.e., a bank, company, or government). At their basic level, they enable a community of users to record transactions in a shared ledger within that community, such that under normal operation, no transaction can be changed once published.
Source: NIST
Source: US-CERT
A collection of computers compromised by malicious code and controlled across a network. (See Command and Control.)
Source: US-CERT
Source:
The word botnet is a combination of the words robot and network.
Source:
Source: NRECA / Cooperative Research Network
Monitoring and control of digital communications at the external perimeter of an information system to prevent and detect malicious and other unauthorized communications, using devices such as proxies, gateways, routers, firewalls, guards, and encrypted tunnels. Also referred to as perimeter protection.
Source: NRECA / Cooperative Research Network
Source: NERC
A Cyber Asset that, if rendered unavailable, degraded, or misused, would, within 15 minutes of its required operation, misoperation, or non-operation, adversely impact one or more facilities, systems, or equipment, which, if destroyed, degraded, or otherwise rendered unavailable when needed, would affect the reliable operation of the Bulk Electric System. Redundancy of affected facilities, systems, and equipment shall not be considered when determining adverse impact. Each BES Cyber Asset is included in one or more BES Cyber Systems.
Source: NERC
Source:
This is the page that contains all of the cases that are open for forensic investigations into alerts occuring within the given environment.
Source:
Source: QRadar
Case Management is the collection of cases in a single app for collaboration and management.
Source: QRadar
Source: QRadar
Qradar employs an app within the platform named cases. This app operates under the Case Management tab.
Source: QRadar
Source: IBM
In computer security, a digital document that binds a public key to the identity of the certificate owner, thereby enabling the certificate owner to be authenticated. A certificate is issued by a certificate authority and is digitally signed by that authority.
Source: IBM
Source:
Cloud security is a collection of procedures and technology designed to address external and internal threats to business security. Organizations need cloud security as they move toward their digital transformation strategy and incorporate cloud-based tools and services as part of their infrastructure.
Source:
Source:
Cloud security posture management (CSPM) automates the identification and remediation of risks across cloud infrastructures, including Infrastructure as a Service (IaaS), Software as a Service (Saas), and Platform as a Service (PaaS).
Source:
Source:
Cloud-Native Application Protection Platform (CNAPP) is a cloud-native security model that encompasses Cloud Security Posture Management (CSPM), Cloud Service Network Security (CSNS), and Cloud Workload Protection Platform (CWPP) in a single holistic platform.
Source:
Source: TechTarget
In cybersecurity, Command and Control (C2) refers to the method attackers use to communicate with compromised systems inside your network.
Once a device is infected (usually through malware), it will reach out to a C2 server controlled by the attacker. From there, the attacker can:
Steal data
Move laterally across the network
Install more malware
Take control of the system remotely
Think of C2 as the attacker’s “remote control” — used to issue commands and extract data without being noticed.
Detecting and blocking C2 activity is critical for stopping ransomware, advanced persistent threats (APTs), and data breaches.
Source: TechTarget
Source: IBM
In SNMP, the relationship between an agent and one or more managers. The community describes which SNMP manager requests the SNMP agent should honor.
Source: IBM
Source: DOE
A cybersecurity control employed in lieu of a recommended control that provides equivalent or comparable control.
Source: DOE
Source:
See Cybersecurity Controls.
Source:
Source: NIST
Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.
Source: NIST
Source:
With integrity and availability, confidentiality is considered part of the CIA Triad, which represents the three most crucial components of information security.
Source:
Source:
Are all the ports and protocols that enable QRadar ingest logs, interface with data collectors, data sources, edge gateways, threat intelligence sources and Qradar Proxy. Connections be uni-directional or bi-directional depending on the purpose and capabilities of the hardware/software terminating the connection.
Source:
Source: ATIS
The minimum number of nodes or links whose removal results in losing all paths that can be used to transfer information from a source to a sink.
Source: ATIS
Source: PANW
Container segmentation involves isolating containers from each other and the host system to improve security and reduce the attack surface. Containerization is a widely used technology that allows multiple applications or services to run in separate containers on a single host system. Without proper segmentation, though, containers can potentially access each other’s data and configuration files, which can result in security vulnerabilities.
Source: PANW
Source: PANW
Container isolation: Each container should be isolated from other containers running on the same host system to prevent unauthorized access. This can be achieved using container technologies like Docker and Kubernetes, which provide built-in isolation mechanisms.
Source: PANW
Source: PANW
Network segmentation: Containers can be segmented from each other using network segmentation techniques. This involves creating separate networks for each container and configuring firewall rules to allow or deny traffic between containers.
Source: PANW
Source: PANW
Role-based access control: Role-based access control (RBAC) can be used to define access policies for different containers based on user roles and permissions. This can help to ensure that containers are accessed only by authorized users and processes.
Source: PANW
Source: PANW
Image signing: Container images can be digitally signed to ensure that only trusted images are deployed in production. This can help to prevent container images from being tampered with or altered, reducing the risk of security vulnerabilities.
Source: PANW
Source: PANW
Runtime protection: Runtime protection tools can be used to monitor container activity and detect anomalies that may indicate a security breach. These tools can help to detect and prevent attacks in real-time, improving the security posture of containerized environments.
Source: PANW
Source: PANW
Container segmentation helps to ensure the security of containerized applications and services. By isolating containers and applying access control policies, organizations can reduce the attack surface and prevent unauthorized access to sensitive data and resources. Container segmentation should be implemented as part of an overall security strategy that includes network security, access control, and runtime protection.
Source: PANW
Source:
Containerization is a software deployment process that bundles an application’s code with all the files and libraries it needs to run on any infrastructure. Traditionally, to run any application on your computer, you had to install the version that matched your machine’s operating system. For example, you needed to install the Windows version of a software package on a Windows machine. However, with containerization, you can create a single software package, or container, that runs on all types of devices and operating systems.
Source:
Source: NRECA / Cooperative Research Network
The unexpected failure or outage of a system component, such as a generator, transmission line, circuit breaker, switch, or other electrical element.
Source: NRECA / Cooperative Research Network
Source:
A correlation rule helps a SIEM solution in identifying which sequences of events would be an indication of anomalies to detect a security incident.
Source:
Source: ATIS
Information passed from one entity to another to establish the sender?s access rights or to establish the claimed identity of a security subjective relative to a given security domain.
Source: ATIS
Source: NRECA / Cooperative Research Network
Facilities, systems, and equipment which, if destroyed, degraded, or otherwise rendered unavailable, would affect the reliability or operability of the bulk electric system.
Source: NRECA / Cooperative Research Network
Source: FERC
Information related to or proposed to critical electric infrastructure.
Source: FERC
Source:
Generated by or provided to the Federal Energy Regulatory Commission or other Federal agency other than classified national security information,
Source:
Source:
That is designated as critical electric infrastructure information by the Federal Energy Regulatory Commission or the Secretary of the Department of Energy pursuant to section 215A(d) of the Federal Power Act.
Source:
Source: DHS
The assets, systems, and networks, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, public health or safety, or any combination thereof.
Source: DHS
Source: US-CERT
A digital currency used as a medium of exchange, similar to other currencies. However, unlike other currencies, cryptocurrency operates independently of a central bank and uses encryption techniques and blockchain technology to secure and verify transactions.
Source: US-CERT
Source:
Examples include Bitcoin, Litecoin, Monero, Ethereum, and Ripple.
Source:
Source: NRECA / Cooperative Research Network
Programmable electronic devices, including the hardware, software, and data in those devices.
Source: NRECA / Cooperative Research Network
Source: Idaho National Laboratory
An attempt to infiltrate information technology systems, computer networks, or individual computers with a malicious intent to steal information, cause damage, or destroy specific targets within the system.
Source: Idaho National Laboratory
Source: DHS
A program of the U.S Department of Homeland Security that enables actionable, relevant, and timely unclassified information exchange through trusted public-private partnerships across all critical infrastructure sectors.
Source: DHS
Source: SANS Institute
A theory developed by Lockheed Martin that identifies the various stages of a cyber attack: Reconnaissance, Weaponization, Delivery, Exploitation, Installation, C&C, and Actions on Objectives. Applying the theory helps cybersecurity professionals recognize and counteract attacks to protect their organization?s assets.
Source: SANS Institute
Source: Electricity Sector Coordinating Council
A framework to provide emergency cyber assistance within the electric power and natural gas industries. The program is composed of industry cyber experts who can provide voluntary assistance to other participating entities in advance of, or in the event of, a disruption of electric or natural gas service, systems, and/or IT infrastructure due to a cyber emergency.
Source: Electricity Sector Coordinating Council
Source: DHS
A group of experts that assesses, documents, and responds to a cyber incident so that a network can not only recover quickly, but also avoid future incidents.
Source: DHS
Source: DOE
The ability to protect or defend the use of cyberspace from cyber attacks.
Source: DOE
Source:
Cybersecurity is the protection of internet-connected systems such as hardware, software and data from cyberthreats. The practice is used by individuals and enterprises to protect against unauthorized access to data centers and other computerized systems.
Source:
Source:
Cybersecurity is the practice of protecting computers, networks, software, and data from unauthorized access, attacks, or damage.
It involves tools, processes, and people working together to:
Prevent cyber attacks like malware, phishing, and ransomware
Detect threats in real time
Respond quickly to security incidents
Keep sensitive data safe and systems running
In short: Cybersecurity keeps your business, your customers, and your reputation safe in a digital world.
Whether you’re a startup, MSP, public agency, or enterprise — cybersecurity is essential to your survival and growth.
Source:
Source: DOE
A model that helps organizations?regardless of size, type, or industry?evaluate, prioritize, and improve their own cybersecurity capabilities.
Source: DOE
Source: DOE
The management, operational, and technical methods, policies, and procedures?manual or automated?(i.e., safeguards or countermeasures) prescribed to protect the confidentiality, integrity, and availability of a system and its information.
Source: DOE
Source: Presidential Policy Directive / PPD-41
An event occurring on or conducted through a computer network that actually or imminently jeopardizes the integrity, confidentiality, or availability of computers, information or communications systems or networks, physical or virtual infrastructure controlled by computers or information systems, or information resident thereon. A cyber incident may include a vulnerability in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source.
Source: Presidential Policy Directive / PPD-41
Source: DOE
A public-private data sharing and analysis platform that facilitates the timely bi-directional sharing of unclassified and classified threat information among energy sector stakeholders.
Source: DOE
Source:
Threat intelligence is data that is collected, processed, and analyzed to understand a threat actor?s motives, targets, and attack behaviors. Threat intelligence enables us to make faster, more informed, data-backed security decisions and change their behavior from reactive to proactive in the fight against threat actors. Threat intelligence is evidence-based knowledge (e.g., context, mechanisms, indicators, implications and action-oriented advice) about existing or emerging menaces or hazards to assets. ? Gartner
Source:
Source: DOE
A global domain within the information environment consisting of the interdependent network of IT and ICS infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.
Source: DOE
Source: Cyber Risk Insurance Forum
Private, distributed file sharing networks where connections are made only between trusted peers. Darknets are distinct from other distributed networks as sharing is anonymous (i.e., IP addresses are hidden).
Source: Cyber Risk Insurance Forum
Source: IBM
An interface that integrates data from a variety of sources and provides a unified display of relevant and in-context information.
Source: IBM
Source:
Dashboards in QRadar are a part of the platform that provides near real-time visibility into the collected and correlated data. It allows security teams to monitor and analyze key data metrics and KPIs, providing the information necessary for data-driven decision-making regarding mitigation and remediation of incidents.
Source:
Source: QRadar
Tracking anonymous analytics helps improve the product and user experience. IBM is committed to protecting your personal information in compliance with applicable data protection laws.
Source: QRadar
Source: IBM
To decipher data.
Source: IBM
Source: DOE
Cybersecurity strategy that integrates people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of the organization.
Source: DOE
Source: DHS
A cyber attack that occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor. A denial-of-service floods the targeted host or network with traffic until the target cannot respond or simply crashes, preventing access for legitimate users. DoS attacks can cost an organization both time and money while their resources and services are inaccessible.
Source: DHS
Source: IBM
Any point or location, such as a program, node, station, printer, or a particular terminal, to which information is to be sent.
Source: IBM
Source: NIST
Control achieved by intelligence that is distributed about the process to be controlled, rather than by a centrally located single unit.
Source: NIST
Source: IBM
An Internet service that translates domain names into IP addresses.
Source: IBM
Source:
Edge gateways are devices that reside on a networks perimeter and translate information from the internet into a private network and viceversa. The devices can be any number of device types such as firewalls, routers, switches, SDWan devices and more.
Source:
Source: NERC
The logical border surrounding a network to which systems are connected.
Source: NERC
Source: Idaho National Laboratory
Cryptographic transformation of data (called ?plaintext?) into a form (called ?ciphertext?) that conceals the data?s original meaning to prevent it from being known or used. If the transformation is reversible, the corresponding reversal process is called ?decryption,? which is a transformation that restores encrypted data to its original state.
Source: Idaho National Laboratory
Source:
EDR is a cybersecurity solution that monitors and protects endpoint devices — like laptops, desktops, and servers — against threats in real time.
It works by:
Continuously collecting data from endpoints
Detecting suspicious behavior or attacks
Alerting security teams to take action
Enabling automated or manual threat response (like isolating a device)
Think of EDR as a security guard living inside every device — watching for threats and acting fast when something goes wrong.
EDR is a critical part of modern security strategies and is often combined with threat intelligence, SIEM, or SOC services.
Source:
Source: CSO Online
A security approach that focuses on locking down endpoints?individual computers, phones, tablets, and other network-enabled devices?in order to keep networks safe.
Source: CSO Online
Source: NASEO
An array of activities that support a robust, secure, reliable, and resilient energy infrastructure. These include energy emergency planning, preparedness, mitigation, and response
Source: NASEO
Source: IBM
In IT and cybersecurity, an event is any recorded activity or change on a system or network. Not all events are bad — they simply log what’s happening.
Examples of events include:
A user logging in or out
A file being accessed
A network connection being made
A security policy being changed
Events are collected by systems like SIEMs (Security Information and Event Management) tools to help analysts detect unusual or suspicious behavior.
Think of events as your system’s diary — tracking everything that happens so you can spot problems before they escalate.
Source: IBM
Source: Idaho National Laboratory
A piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic.
Source: Idaho National Laboratory
Source:
Is a consolidation of tools and data that provides extended visibility, analysis, and response across endpoints, workloads, users, and networks. XDR unifies endpoint and workload security capabilities with critical visibility into the network and cloud?reducing blind spots, detecting threats faster, and automating remediation via authoritative context across these domains.
Source:
Source:
with Qradar’s Federated Search feature contained within the Log
Source:
Source: IBM
A device or program that separates data, signals, or material in accordance with specified criteria.
Source: IBM
Source: Cisco
A firewall is a security system that monitors and controls incoming and outgoing network traffic based on predefined rules. It acts like a digital gatekeeper — blocking unwanted traffic while allowing safe connections.
There are two main types:
Network Firewalls – protect entire networks
Host-based Firewalls – protect individual devices or servers
Firewalls help prevent:
Unauthorized access
Malware infections
Data breaches
Lateral movement inside networks
Think of it as a smart filter between your trusted systems and the outside world — only letting in what you’ve approved.
Source: Cisco
Source: IBM
A network configuration, typically both hardware and software, that prevents unauthorized traffic into and out of a secure network.
Source: IBM
Source: IBM
A chain of statements matching specific criteria that define the types of traffic to block on a network.
Source: IBM
Source: TechTerms
A software program or set of instructions programmed on a hardware device. It provides the necessary instructions for how the device communicates with the other computer hardware.
Source: TechTerms
Source: IBM
Proprietary code that is usually delivered as microcode as part of an operating system.
Source: IBM
Source: IBM
A cumulative collection of fixes that is released between scheduled refresh packs, manufacturing refreshes, or releases. A fix pack updates the system to a specific maintenance level.
Source: IBM
Source: DHS
Fusion Centers are government-run intelligence and information-sharing hubs that bring together federal, state, local, tribal, and territorial agencies — along with private sector partners — to detect, prevent, and respond to threats.
They focus on:
Sharing real-time threat intelligence (cyber, terrorism, criminal activity)
Improving situational awareness across jurisdictions
Coordinating multi-agency responses to emergencies or attacks
Protecting critical infrastructure
Think of them as regional command centers that help agencies stay ahead of evolving threats by connecting the dots between different sources of intelligence.
There are 80+ Fusion Centers across the U.S., each tailored to the needs of its geographic area and mission focus.
Source: DHS
Source:
Fusion centers are owned and operated by State and Local entities with support from federal partners.
Source:
Source: CNSS
An intermediate system (interface, relay) that attaches to two (or more) computer networks that have similar functions but dissimilar implementations and that enables either one-way or two-way communication between the networks.
Source: CNSS
Source: IBM
A device or program used to connect networks or systems with different network architectures.
Source: IBM
Source:
Granular security means network administrators can strengthen and pinpoint security by creating specific policies for critical applications. The goal is to prevent lateral movement of threats with policies that precisely control traffic in and out of specific workloads, such as weekly payroll runs or updates to human resource databases.
Source:
Source: DHS
A trusted network for homeland security mission operations to share sensitive but unclassified information. Federal, state, local, territorial, tribal, international and private sector homeland security partners use HSIN to manage operations, analyze data, send alerts and notices, and share the information they need to do their jobs and help keep their communities safe.
Source: DHS
Source: Cyber Risk Insurance Forum
A trap set to detect, deflect, or in some manner counteract attempts at unauthorized use of information systems. Generally it consists of a computer, data, or a network site that appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers.
Source: Cyber Risk Insurance Forum
Source: NIST
The hardware or software through which an operator interacts with a controller. An HMI can range from a physical control panel with buttons and indicator lights to an industrial PC with a color graphics display running dedicated HMI software.
Source: NIST
Source:
IBM Cloud Pak for Security is an open, modular cybersecurity platform that helps organizations detect, investigate, and respond to threats — across cloud, on-prem, and hybrid environments.
Built on Red Hat OpenShift, it connects security tools and data sources without needing to move the data. It’s designed to:
Integrate multiple security tools (SIEM, SOAR, threat intelligence, etc.)
Streamline incident response workflows
Use AI and automation to reduce alert fatigue and speed up investigations
Provide a single interface for managing complex security operations
In short: It helps security teams work smarter, not harder — across all environments.
Source:
Source: IBM
ICMP (Internet Control Message Protocol) is a communication protocol used by network devices to send error messages and status updates.
It’s most commonly used for:
Ping — checking if a device is reachable
Traceroute — mapping the path packets take across the internet
Error reporting — like “destination unreachable” or “time exceeded”
Think of ICMP as your network’s way of saying: “Hey, I tried to send this, but something went wrong.”
While ICMP is vital for diagnostics, it’s also closely monitored in cybersecurity because attackers can abuse it for scanning, probing, or denial-of-service attacks.
Source: IBM
Source: NRECA / Cooperative Research Network
Access control based on the identity of the user (typically relayed as a characteristic of the process acting on behalf of that user), where access authorizations to specific objects are assigned based on user identity.
Source: NRECA / Cooperative Research Network
Source: NRECA / Cooperative Research Network
Damage to an organization?s mission and goals due to the loss of confidentiality, integrity, or availability of system information or operations.
Source: NRECA / Cooperative Research Network
Source: SANS Institute
Forensic artifacts of an intrusion.
Source: SANS Institute
Source: DHS
Operates within the Department of Homeland Security’s (DHS) National Cybersecurity and Communications Integration Center (NCCIC) to reduce risks to industrial control systems used within and across all critical infrastructure sectors. ISC-CERT collaborates law enforcement agencies and the intelligence community and coordinates efforts among Federal, State, local, and tribal governments and control systems owners, operators, and vendors. Additionally, ICS-CERT collaborates with international and private sector Computer Emergency Response Teams (CERTs) to share control systems-related security incidents and mitigation measures.
Source: DHS
Source: Idaho National Laboratory
A general term that includes several types of control systems, including supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), Programmable Logic Controllers (PLC) and others often found in industrial and critical infrastructure sectors. An ICS consists of combinations of control components that act together to achieve an industrial objective.
Source: Idaho National Laboratory
Source: NRECA / Cooperative Research Network
The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction to provide confidentiality, integrity, and availability.
Source: NRECA / Cooperative Research Network
Source: DHS
Sector-specific, member-driven organizations formed by critical infrastructure owners and operators to share information between government and industry.
Source: DHS
Source: NRECA / Cooperative Research Network
A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information. (Note: information systems also include specialized systems such as industrial/process controls systems, telephone switching and private branch exchange (PBX) systems, and environmental control systems.)
Source: NRECA / Cooperative Research Network
Source: Merriam Webster Dictionary
The technology involving the development, maintenance, and use of computer systems, software, and networks for the processing and distribution of data.
Source: Merriam Webster Dictionary
Source: Infragard
A partnership between the FBI and members of the private sector. The InfraGard program provides a vehicle for seamless public-private collaboration that expedites the timely exchange of information and promotes mutual learning opportunities relevant to the protection of Critical Infrastructure.
Source: Infragard
Source: NRECA / Cooperative Research Network
Guarding against improper information modification or destruction; includes ensuring the non-repudiation and authenticity of information.
Source: NRECA / Cooperative Research Network
Source:
With confidentiality and availability, integrity is considered part of the CIA Triad, which represents the three most crucial components of information security.
Source:
Source: NIST
Any device incorporating one or more processors with the capability to receive or send data/control from or to an external source (e.g., electronic multifunction meters, digital relays, controllers).
Source: NIST
Source: IBM
A shared boundary between independent systems. An interface can be a hardware component used to link two devices, a convention that supports communication between software systems, or a method for a user to communicate with the operating system, such as a keyboard.
Source: IBM
Source: ISO
Standards that represent global consensus on a solution to a particular issue. They provide requirements, specifications, guidelines or characteristics to ensure that materials, products, processes and services are safe to use and fit for their purpose. Whenever possible, requirements are expressed in terms of performance rather than design or descriptive characteristics.
Source: ISO
Source: IBM
An Internet protocol that is used by a gateway to communicate with a source host, for example, to report an error in a datagram.
Source: IBM
Source: NIST
Standard method for transmission of data from source to destinations in packet-switched communications networks and interconnected systems of such networks.
Source: NIST
Source: Rand Corporation
The ability of systems, units, or forces to provide services to and accept services from other systems, units, or forces, and to use the services so exchanged to enable them to operate effectively together.
Source: Rand Corporation
Source: IBM
A set of policies and rules for detecting suspicious behavior in network traffic and for alerting system or network administrators.
Source: IBM
Source: IBM
A system that attempts to deny potentially malicious activity. The denial mechanisms could involve filtering, tracking, or setting rate limits.
Source: IBM
Source:
IPAM (IP Address Management) is the administration of DNS and DHCP, which are the network services that assign and resolve IP addresses to machines in a TCP/IP network. Simply put, IPAM is a means of planning, tracking, and managing the Internet Protocol address space used in a network.
Source:
Source: IBM
See intrusion prevention system.
Source: IBM
Source: FEMA
A central location to facilitate operation of the Joint Information System (JIS) during and after an incident. The JIC enhances information coordination, reduces misinformation, and maximizes resources by co-locating Public Information Officers (PIOs) as much as possible.
Source: FEMA
Source: FEMA
An incident response structure that can be leveraged for developing and delivering coordinated interagency messages, executing public information plans and strategies, advising an Incident Commander concerning public affairs issues, and controlling rumors and inaccurate information.
Source: FEMA
Source: NIST
A program designed to record the sequence of keys pressed on a computer keyboard. Such programs can be used to obtain passwords or encryption keys and thus bypass other security measures.
Source: NIST
Source:
Kubernetes is a portable, extensible, open source platform for managing containerized workloads and services, that facilitates both declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available.
Source:
Source: NIST
The principle that users and programs should only have the necessary privileges to complete their tasks.
Source: NIST
Source: IBM
A graphical user interface that is used to manage a single, local appliance.
Source: IBM
Source: NIST
Software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of an information system. Examples include viruses, worms, and Trojan horses, spyware and some forms of adware.
Source: NIST
Source: US-CERT
A type of cyber attack where an interloper inserts him- or herself between two communicating devices, without either side knowing.
Source: US-CERT
Source:
MDR is a comprehensive solution that offers 24/7 monitoring and response services from experienced security analysts.
Source:
Source: DOE
The security controls for IT and ICS that focus on the management of risk and security.
Source: DOE
Source:
Microsegmentation refers to an approach to security that involves dividing a network into segments and applying security controls to each segment based on the segment?s requirements. Microsegmentation software with network virtualization technology is used to create zones in cloud deployments. These granular secure zones isolate workloads, securing them individually with custom, workload-specific policies. Similarly, each virtual machine (VM) in a network can be protected, down to the application level, with exact security controls. The granular security controls microsegmentation brings to workloads or applications is invaluable for the modern cloud environment with several applications running on the same server or virtual machine. Organizations can apply security controls to individual workloads and applications, rather than having a one security policy for the server.
Source:
Source:
Microsegmentation offers protection for dynamic environments. For instance, cloud-native architectures like containers and Kubernetes can spin up and down in a matter of seconds. The IP addresses assigned to cloud workloads are ephemeral, rendering IP-based rule management impossible. With microsegmentation, security policies are expressed in terms of identities or attributes (env=prod, app=hrm, etc.) rather than network constructs (e.g., 10.100.0.10 tcp/80). Changes to the application or infrastructure trigger automatic revisions to security policies in real time, requiring no human intervention.
Source:
Source:
Organizations that adopt microsegmentation realize tangible benefits. More specifically:
Source:
Source:
Reduced attack surface: Microsegmentation provides visibility into the complete network environment without slowing development or innovation. Application developers can integrate security policy definition early in the development cycle and ensure that neither application deployments nor updates create new attack vectors. This is particularly important in the fast-moving world of DevOps.
Source:
Source:
Improved breach containment: Microsegmentation gives security teams the ability to monitor network traffic against predefined policies as well as shorten the time to respond to and remediate data breaches.
Source:
Source:
Stronger regulatory compliance: Using microsegmentation, regulatory officers can create policies that isolate systems subject to regulations from the rest of the infrastructure. Granular control of communications with regulated systems reduces the risk of noncompliant usage.
Source:
Source:
Simplified policy management: Moving to a microsegmented network or Zero Trust security model provides an opportunity to simplify policy management. Some microsegmentation solutions offer automated application discovery and policy suggestions based on learned application behavior.
Source:
Source:
In software engineering, a microservice architecture is a variant of the service-oriented architecture structural style. It is an architectural pattern that arranges an application as a collection of loosely coupled, fine-grained services, communicating through lightweight protocols.
Source:
Source: MITRE ATT&CK
MITRE ATT&CK? is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
Source: MITRE ATT&CK
Source:
With the creation of ATT&CK, MITRE is fulfilling its mission to solve problems for a safer world ? by bringing communities together to develop more effective cybersecurity. ATT&CK is open and available to any person or organization for use at no charge.
Source:
Source: IBM
Transmission of the same data to a selected group of destinations.
Source: IBM
Source: DHS
The cyber defense, incident response, and operational integration center of the U.S. Department of Homeland Security. The NCCIC?s mission is to reduce the risk of systemic cybersecurity and communications challenges by serving as a national hub for cyber and communications information, technical expertise, and operational integration, and by operating a 24/7 situational awareness, analysis, and incident response center.
Source: DHS
Source: NIST
A federal agency within the U.S. Department of Commerce. NIST’s mission is to develop and promote measurement, standards, and technology to enhance productivity, facilitate trade, and improve the quality of life. NIST is also responsible for establishing computer- and information technology-related standards and guidelines for federal agencies to use.
Source: NIST
Source: NIST
Decision made by an authorized holder of official information that a prospective recipient requires access to specific official information to carry out official duties.
Source: NIST
Source: TechTarget
A set of requirements designed to secure cyber assets required for operating North America’s bulk electric system.
Source: TechTarget
Source: ATIS
A network of data processing nodes interconnected for the purpose of data communication.
Source: ATIS
Source:
Network Detection and response (NDR) is a security tool that monitors an enterprise’s network traffic to gain visibility into potential cyberthreats. NDR relies on advanced capabilities, such as behavioral analytics, machine learning, and artificial intelligence to uncover threats and suspect activities.
Source:
Source: IBM
A number that is the same as an Internet Protocol (IP) address. A network mask identifies which part of an address is to be used for an operation, such as making a TCP/IP connection.
Source: IBM
Source:
For most organizations, east-west communications make up the majority of data center and cloud traffic patterns, and perimeter-focused defenses do not have visibility into east-west traffic. Given these factors, malicious actors use this as an opportunity to move laterally across workloads. The network creates reliable pathways between workloads and determines whether or not two endpoints can access each other. Microsegmentation creates isolation and determines if two endpoints should access each other. Enforcing segmentation with least-privileged access reduces the scope of lateral movement and contains data breaches.
Source:
Source: IBM
A group of predefined settings that can be shared among multiple network access policy rules to control traffic flow, communication, and access between hosts, segments, or subnets on a network.
Source: IBM
Source: NIST
A voluntary framework consisting of standards, guidelines, and best practices to manage cybersecurity risk.
Source: NIST
Source: NERC
A not-for-profit international regulatory authority whose mission is to assure the effective and efficient reduction of risks to the reliability and security of the bulk electric grid in North America.
Source: NERC
Source: DOE
The security controls for IT and ICS, implemented and executed primarily by people (as opposed to systems).
Source: DOE
Source: DOE
Programmable systems or devices that interact with the physical environment (or manage devices that interact with the physical environment). Examples include industrial control systems, building management systems, fire control systems, and physical access control mechanisms.
Source: DOE
Source:
IBM Cloud Pak for Security helps you uncover hidden threats, make more informed risk-based decisions and prioritize your team’s time. By selecting your profile preferences such as industry and location, Cloud Pak for Security tailors your experience according to your selection. Organization Profile defines the Industries the that the instance is serving and the geographic location of the deployment.
Source:
Source: ATIS
The sequence of binary digits transmitted and switched as a composite whole.
Source: ATIS
Source: IBM
A unit of data transmitted over a network. Large chunks of information are broken up into packets before they are sent across the Internet.
Source: IBM
Source: IBM
PAM (Privileged Access Management) is a security strategy and set of tools used to control, monitor, and secure access to critical systems by privileged users — like admins, IT staff, and service accounts.
PAM helps organizations:
Limit who can access sensitive systems
Log and monitor all privileged activity
Prevent credential misuse or insider threats
Comply with regulations like HIPAA, PCI, and NIST
Think of PAM as a vault and surveillance system for your most powerful IT access — only the right people get in, and everything is recorded.
It’s a key part of a Zero Trust strategy and is critical for reducing the risk of high-impact breaches.
Source: IBM
Source: IBM
A value or reference passed to a function, command, or program that serves as input or controls actions. The value is supplied by a user or by another program or process.
Source: IBM
Source: IBM
See parameter.
Source: IBM
Source: IBM
A configuration option that automatically logs users into a system when they log on to a network using a directory service, such as Active Directory.
Source: IBM
Source: IBM
A sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security.
Source: IBM
Source: IBM
In computer and network security, a specific string of characters used by a program, computer operator, or user to access the system and the information stored within it.
Source: IBM
Source:
Perimeter security makes up a significant part of most organizations? network security controls. Network security devices, such as network firewalls, inspect ?north-south? (client to server) traffic that crosses the security perimeter and stop bad traffic. Assets within the perimeter are implicitly trusted, which means that ?east-west? (workload to workload) traffic may go without inspection.
Source:
Source: HHS
PHI stands for Protected Health Information. The HIPAA Privacy Rule provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. At the same time, the Privacy Rule is balanced so that it permits the disclosure of personal health information needed for patient care and other important purposes.
Source: HHS
Source: DOL
Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. Further, PII is defined as information: (i) that directly identifies an individual (e.g., name, address, social security number or other identifying number or code, telephone number, email address, etc.) or (ii) by which an agency intends to identify specific individuals in conjunction with other data elements, i.e., indirect identification. (These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors). Additionally, information permitting the physical or online contacting of a specific individual is the same as personally identifiable information. This information can be maintained in either paper, electronic or other media.
Source: DOL
Source: Symantec
An attempt to trick people into divulging sensitive information such as usernames, passwords, or credit card numbers. Phishing is carried out by email, over the phone, or using a website. The motives are generally to steal money or a user?s identity.
Source: Symantec
Source: NERC
The physical border surrounding locations in which BES cyber assets, BES cyber systems, or electronic access control or monitoring systems reside, and for which access is controlled.
Source: NERC
Source: IBM
The command that sends an Internet Control Message Protocol (ICMP) echo-request packet to a gateway, router, or host with the expectation of receiving a reply.
Source: IBM
Source: IBM
A set of considerations that influence the behavior of a managed resource or a user.
Source: IBM
Source: IBM
A single, secure point of access to diverse information, applications, and people that can be customized and personalized.
Source: IBM
Source: NRECA / Cooperative Research Network
The loss of confidentiality, integrity or availability that might have: 1) a limited adverse effect; 2) a serious adverse effect; or 3) a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.
Source: NRECA / Cooperative Research Network
Source: NRECA / Cooperative Research Network
A user that is authorized (and therefore trusted) to perform security-relevant functions that ordinary users are not authorized to perform.
Source: NRECA / Cooperative Research Network
Source: Idaho National Laboratory
A solid-state control system that has a user-programmable memory for storing instructions for the purpose of implementing specific functions such as input/output control, logic, timing, counting, communication, and data and file processing.
Source: Idaho National Laboratory
Source: DHS
A DHS-specific information protection program that enhances voluntary information sharing between infrastructure owners and operators and the government. PCII protections mean that homeland security partners can be confident that sharing their information with the government will not expose sensitive or proprietary data.
Source: DHS
Source: IBM
An access point on a network appliance that is used to monitor, inspect, and block network traffic as it passes through the appliance.
Source: IBM
Source: IBM
A set of rules controlling the communication and transfer of data between two or more devices or systems in a communication network.
Source: IBM
Source: IBM
A deep-pack inspection engine that stores handling specifications for a comprehensive list of vulnerability checks. PAM interprets the vulnerability checks, processes the results as security events, and then sends the security events to the appliance in X-Press Updates.
Source: IBM
Source: IBM
A server that receives requests intended for another server and that acts on behalf of the client (as the client’s proxy) to obtain the requested service. A proxy server is often used when the client and the server are incompatible for direct connection. For example, the client is unable to meet the security authentication requirements of the server but should be permitted some services.
Source: IBM
Source:
In an environment where security requirements are dynamic, IBM? QRadar? on Cloud provides both the security monitoring that you need, and the flexibility to modify your monitoring activities as your requirements change.
Source:
Source:
With QRadar on Cloud, you can protect your network and meet compliance monitoring and reporting requirements, with reduced total cost of ownership. Other than a data gateway appliance, which is used to connect to QRadar, you do not need to install any extra hardware on your premises.
Source:
Source:
You get the benefit of all of the QRadar capabilities without investing in the hardware and software of an on-premises QRadar deployment. IBM security professionals manage the infrastructure, while your security analysts perform the threat detection and management tasks.
Source:
Source: Microsoft
A malicious form of software that locks a computer or files and requires money be paid to get the decryption code to unlock the device or the file.
Source: Microsoft
Source: NIST
A group of people authorized and organized to emulate a potential adversary?s attack or exploitation capabilities against an enterprise?s security posture (i.e., the Red Team). The objective is to improve enterprise Information Assurance by demonstrating the impacts of successful attacks and by demonstrating what works for the defenders (i.e., the Blue Team) in an operational environment
Source: NIST
Source: NIST
Access to an organizational system by a user (or a process acting on behalf of a user) communicating through an external network (e.g., the Internet)
Source: NIST
Source: Microsoft
A malicious program that runs invisibly on host computers and permits an intruder to gain access and control from afar. Many RATs mimic legitimate functionality but are designed specifically for stealth installation and operation.
Source: Microsoft
Source: Presidential Policy Directive / PPD-21
The ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions. Resilience includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents.
Source: Presidential Policy Directive / PPD-21
Source: IBM
The reaction of an appliance to an event. Responses include sending an email message to a responsible party, triggering an SNMP trap, creating a log of the activity, quarantining the activity, or using a custom (user-specified) action, such as running an application or running a command.
Source: IBM
Source: US-CERT
The potential for an unwanted outcome resulting from an incident, event, or occurrence, as determined by its likelihood and the associated consequences.
Source: US-CERT
Source: NIST
The process of controlling risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system, and includes: (i) the conduct of a risk assessment; (ii) the implementation of a risk mitigation strategy; and (iii) employment of techniques and procedures for the continuous monitoring of the security and privacy state of the information system.
Source: NIST
Source: NRECA / Cooperative Research Network
A combination of the likelihood of a damaging event actually occurring and the assessed potential impact on the organization?s mission and goals if it does occur.
Source: NRECA / Cooperative Research Network
Source: NRECA / Cooperative Research Network
Access permission based on users? roles and typically reflect the need to perform defined functions within an organization. A given role may apply to a single individual or to several individuals.
Source: NRECA / Cooperative Research Network
Source: IBM
The user name for the system user with the most authority.
Source: IBM
Source: IBM
A set of conditional statements that enable computer systems to identify relationships and run automated responses accordingly.
Source: IBM
Source: NIST
A system that allows an untrusted software application to run in a highly controlled environment where the application?s permissions are restricted. In particular, an application in a sandbox is usually restricted from accessing the file system or the network.
Source: NIST
Source: IBM
A security protocol that provides communication privacy. With SSL, client/server applications can communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery.
Source: IBM
Source:
A secure web gateway protects an organization from online security threats and infections by enforcing company policy and filtering Internet-bound traffic. A secure web gateway is an on-premise or cloud-delivered network security service. Sitting between users and the Internet, secure web gateways provide advanced network protection by inspecting web requests against company policy to ensure malicious applications and websites are blocked and inaccessible. A secure web gateway includes essential security technologies such as URL filtering, application control, data loss prevention, antivirus, and https inspection to provide organizations with strong web security.
Source:
Source: IBM
The protection of data, system operations, and devices from accidental or intentional ruin, damage, or exposure.
Source: IBM
Source:
Security automation is the use of technology that performs tasks with reduced human assistance in order to integrate security processes, applications, and infrastructure.
Source:
Source: IBM
Any network occurrence or activity that may have an impact on the security of the network.
Source: IBM
Source:
Security orchestration, automation and response, or SOAR, is a stack of compatible software programs that enables an organization to collect data about security threats and respond to security events with little or no human assistance.
Source:
Source: NRECA / Cooperative Research Network
Information of which the loss, misuse, unauthorized access or modification could adversely affect the organization, its employees or its customers.
Source: NRECA / Cooperative Research Network
Source: TechTarget
Security teams today can choose among security information and event management (SIEM), security orchestration and response (SOAR), and extended detection and response (XDR) products.
Source: TechTarget
Source:
Gartner’s definitions of SIEM, SOAR and XDR are fairly similar. SIEM “supports threat detection, compliance and security incident management through the collection and analysis of security events, as well as a wide variety of other event and contextual data sources.” SOAR enables “organizations to collect inputs monitored by the security operations team.” XDR is “a unified security incident detection and response platform that automatically collects and correlates data from multiple proprietary security components.”
Source:
Source: IBM
A code in a policy that determines what an agent can detect.
Source: IBM
Source: Presidential Policy Directive / PPD-41
A cyber incident that is (or group of related cyber incidents that together are) likely to result in demonstrable harm to the national security interests, foreign relations, or economy of the United States or to the public confidence, civil liberties, or public health and safety of the American people.
Source: Presidential Policy Directive / PPD-41
Source: IBM
SNMP (Simple Network Management Protocol) is a standard used to monitor and manage network devices like routers, switches, servers, and printers.
It allows IT teams to:
Check device status and performance
Collect data like uptime, CPU usage, and traffic levels
Receive alerts (called SNMP traps) when something goes wrong
Think of SNMP as a common language that devices use to report their health and activity to a central system — like an SNMP Manager.
SNMP is widely used in both enterprise networks and data centers to ensure systems stay online and issues are caught early.
Source: IBM
Source: IBM
An image that is an exact copy of the original files or directories from which it was created.
Source: IBM
Source: IBM
An image that is an exact copy of the original files or directories from which it was created.
Source: IBM
Source: IBM
An SNMP Manager is the central system that receives and processes data from network devices using SNMP (Simple Network Management Protocol).
Think of it as the brain of your network monitoring setup.
It talks to devices like:
Routers
Switches
Firewalls
Servers
Printers
IoT devices
The SNMP Manager collects status updates, performance metrics, and SNMP traps (alerts) — helping you monitor uptime, detect failures, and troubleshoot faster.
It’s like a command center for your network — watching everything in real time.
Source: IBM
Source: IBM
An SNMP trap is an automatic alert sent from a device (like a router, switch, or server) to a network monitoring system when something important happens.
SNMP stands for Simple Network Management Protocol — it’s used to monitor and manage network devices.
A trap is a type of real-time message that says:
“Hey, something just changed — you should take a look.”
Common examples of SNMP trap alerts include:
Device rebooted
Link went down
CPU or memory usage spiked
A fan or power supply failed
These traps help IT teams detect problems faster without constantly polling devices.
Source: IBM
Source: Symantec
Psychological manipulation of people into divulging sensitive information or performing certain actions.
Source: Symantec
Source:
Software-Defined Networking (SDN) is an approach to networking that uses software-based controllers or application programming interfaces (APIs) to communicate with underlying hardware infrastructure and direct traffic on a network. This model differs from that of traditional networks, which use dedicated hardware devices (i.e., routers and switches) to control network traffic. SDN can create and control a virtual network ? or control a traditional hardware ? via software. While network virtualization allows organizations to segment different virtual networks within a single physical network, or to connect devices on different physical networks to create a single virtual network, software-defined networking enables a new way of controlling the routing of data packets through a centralized server.
Source:
Source: IBM
See Secure Sockets Layer.
Source: IBM
Source: IBM
See network mask.
Source: IBM
Source: NCSL
Open government laws that foster an informed citizenry by providing the public access to government documents and meetings.
Source: NCSL
Source: NIST
A generic name for a computerized system that is capable of gathering and processing data and applying operational controls over long distances. Typical uses include power transmission and distribution and pipeline systems. SCADA was designed for the unique communication challenges (e.g., delays, data integrity) posed by the various media that must be used, such as phone lines, microwave, and satellite. Usually shared rather than dedicated.
Source: NIST
Source: NIST
Linked set of resources and processes between multiple tiers of developers that begins with the sourcing of products and services and extends through the design, development, manufacturing, processing, handling, and delivery of products and services to the acquirer.
Source: NIST
Source: IBM
A standard for transmitting and storing log messages from many sources to a centralized location to enhance system management.
Source: IBM
Source: DOE
Security controls for IT and ICS implemented and executed primarily through mechanisms contained in hardware, software, or firmware.
Source: DOE
Source: DOE
Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), resources, and other organizations through an IT and ICS via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.
Source: DOE
Source: IBM
A security issue, or a harmful act, such as the deployment of a virus or illegal network penetration.
Source: IBM
Source: US-CERT
An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.
Source: US-CERT
Source:
Threat Intelligence Insights are real-time, actionable findings about cyber threats. They help you understand what’s coming, who’s behind it, and how to stop it.
These insights can include:
Suspicious IP addresses or malware activity
Attack patterns and hacker techniques
Early warnings about new threats targeting your industry
At Sovergence, we use threat intelligence to help you stay ahead of attacks — not just react to them.
Source:
Source:
Threat Intelligence Sources are the feeds, tools, and platforms used to gather information about cyber threats.
These can include:
Open-source intelligence (OSINT) – like blogs, forums, and public databases
Commercial feeds – from vendors like Recorded Future, Mandiant, or Palo Alto Networks
Internal logs – from your own firewalls, EDR, SIEM, etc.
Government & industry sharing groups – like US-CERT, MS-ISAC, or ISACs (Information Sharing and Analysis Centers)
By combining multiple sources, Sovergence helps clients get a clearer picture of the risks targeting their environment — in real time.
Source:
Source:
Threat Investigator automatically analyzes and investigates cases to help you make more informed decisions.
Source:
Source: IBM
A utility that traces a packet from a computer to a remote destination, showing how many hops the packet required to reach the destination and how long each hop took.
Source: IBM
Source: IBM
In data communication, the quantity of data transmitted past a particular point in a path.
Source: IBM
Source: US-CERT
A set of designations used to ensure that sensitive information is shared appropriately. It employs four colors to indicate expected sharing boundaries by the recipient(s).
Source: US-CERT
Source:
RED: information cannot be effectively acted upon by additional parties, and could lead to impacts on a party’s privacy, reputation, or operations if misused.
Source:
Source:
AMBER: information requires support to be effectively acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved.
Source:
Source:
GREEN: information is useful for the awareness of all participating organizations as well as with peers within the broader community or sector.
Source:
Source:
WHITE: information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release.
Source:
Source: IBM
A communication protocol used in the Internet and in any network that follows the Internet Engineering Task Force (IETF) standards for internetwork protocol. TCP provides a reliable host-to-host protocol in packet-switched communication networks and in interconnected systems of such networks.
Source: IBM
Source: IBM
A specification of the rules that govern the exchange of information between components of a transport network; for example, the User Datagram Protocol (UDP).
Source: IBM
Source: IBM
In the Simple Network Management Protocol (SNMP), a message sent by a managed node (agent function) to a management station to report an exception condition.
Source: IBM
Source: IBM
UDP (User Datagram Protocol) is a fast, connectionless communication protocol used to send data across the internet or a network.
Unlike TCP (Transmission Control Protocol), UDP doesn’t check for errors or guarantee delivery — it just sends data quickly and keeps moving. That makes it ideal for:
Streaming video or audio
Online gaming
Voice over IP (VoIP)
DNS lookups
Think of UDP like a digital postcard — it’s fast, lightweight, and doesn’t wait for a reply.
Because it’s not as secure or reliable as TCP, UDP-based traffic is often monitored closely or restricted in cybersecurity environments.
Source: IBM
Source: NIST
A partnership between the U.S. Department of Homeland Security and the public and private sectors, established to protect the nation’s internet infrastructure. US-CERT coordinates defenses against and responses to cyber attacks across the nation.
Source: NIST
Source: IBM
An Internet protocol that provides unreliable, connectionless datagram service. It enables an application program on one machine or process to send a datagram to an application program on another machine or process.
Source: IBM
Source: PANW
User segmentation in cloud security involves dividing user access based on different roles and responsibilities within an organization to ensure that users have access to only the resources they need to perform their job functions. User segmentation reduces the attack surface by limiting the exposure of sensitive data and resources to only authorized users. Because cloud environments are dynamic and change rapidly, user segmentation is a critical component of a comprehensive cloud security strategy. Here are some key considerations for user segmentation in cloud security:
Source: PANW
Source:
Role-based access control (RBAC): RBAC involves creating and defining permissions for roles, and then assigning users to the appropriate roles according to job functions. This approach ensures that users have access only to the resources they need to perform their job functions, reducing the risk of accidental or intentional data breaches.
Source:
Source:
Multi-factor authentication (MFA): MFA requires users to provide more than one form of authentication to access a resource. This can include a password, a security token, or biometric data. MFA is an effective way to prevent unauthorized access to cloud resources, particularly when combined with RBAC.
Source:
Source:
Continuous monitoring: Continuous monitoring of user activity is critical for detecting and responding to security incidents in real-time. This involves analyzing log data and user behavior to identify threats and vulnerabilities.
Source:
Source:
Separation of duties: Separation of duties involves dividing responsibilities among multiple users to prevent any one user from having too much control over a system or process. This reduces the risk of fraud or errors and ensures that sensitive operations are performed by multiple users.
Source:
Source:
Regular access reviews: Regular access reviews involve routinely reviewing user access rights and permissions to ensure they?re still essential. Access reviews can help to identify and remove unnecessary access rights, reducing the risk of unauthorized access.
Source:
Source:
By implementing RBAC, MFA, continuous monitoring, separation of duties, and regular access reviews, organizations can enhance their cloud security posture and protect against evolving threats. reduce the attack surface and prevent unauthorized access to sensitive data and resources.
Source:
Source:
A VPN provides a secure, encrypted connection between two points. Before setting up the VPN connection, the two endpoints of the connection create a shared encryption key. This can be accomplished by providing a user with a password or using a key sharing algorithm.
Source:
Source: CNSS
A computer program that can copy itself and infect a computer without permission or knowledge of the user. A virus might corrupt or delete data on a computer, use e-mail programs to spread itself to other computers, or even erase everything on a hard disk.
Source: CNSS
Source: NIST
A specific weakness in an information system, system security procedures, internal controls, or implementation that a threat source could exploit.
Source: NIST
Source: NIST
A security exploit where the attacker infects websites frequently visited by members of a targeted group being attacked, with a goal of infecting a computer used by one or more of the targeted group members when they visit the infected website.
Source: NIST
Source:
A WAF (Web Application Firewall) protects your website and web apps by filtering and monitoring incoming traffic. It helps block malicious requests like:
SQL injection
Cross-site scripting (XSS)
Bot attacks
Exploits targeting app vulnerabilities
Unlike a traditional firewall that protects your network, a WAF focuses specifically on web-based threats, sitting between the internet and your app.
Think of it as a smart security guard for your website — letting good traffic through and keeping attackers out.
WAFs are essential for any business with customer-facing web services, eCommerce, or SaaS platforms.
Source:
Source:
Broken Authentication
Source:
Source:
Sensitive data exposure
Source:
Source:
XML External Entities (XXE)
Source:
Source:
Broken Access control
Source:
Source:
Security misconfigurations
Source:
Source:
Cross Site Scripting (XSS)
Source:
Source:
Insecure Deserialization
Source:
Source: IBM
A filter that is used to control the types of web pages that users can access on a network.
Source: IBM
Source:
A web application (web app) is an application program that is stored on a remote server and delivered over the internet through a browser interface. Web services are web apps by definition and many, although not all, websites contain web apps.
Source:
Source: US-CERT
A list of entities considered trustworthy and granted access or privileges.
Source: US-CERT
Source:
A workload can be broadly defined as the resources and processes needed to run an application. Hosts, virtual machines and containers are a few examples of workloads. Companies can run workloads across data centers, hybrid cloud and multicloud environments. Most organizations’ applications are becoming increasingly distributed across different cloud-native compute architectures, based on business needs.
Source:
Source: CNSS
A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.
Source: CNSS
Source: IBM
A software update that is issued between major releases to protect a network against the latest security vulnerabilities and threats.
Source: IBM
Source: IBM
XPU stands for “Any Processing Unit” or “Cross Processing Unit.” It refers to a flexible, scalable architecture that can use multiple types of compute engines — including:
CPU – Central Processing Unit
GPU – Graphics Processing Unit
TPU – Tensor Processing Unit (for AI workloads)
FPGA – Field Programmable Gate Array
ASIC – Application-Specific Integrated Circuit
In cybersecurity and AI, XPU-based systems are used to process huge volumes of data quickly, allowing for things like real-time threat detection, deep packet inspection, or AI inference — without being limited to one type of chip.
Source: IBM
Source:
Source:
Source: IBM
A set of techniques or technologies used by an application to automatically discover devices on a network and configure network settings.
Source: IBM
Source: CSO Online
Zero Trust is a cybersecurity framework that assumes no user or device should be trusted by default — even if they’re inside your network.
Instead of trusting everything behind a firewall, Zero Trust requires verification at every step:
Always verify identity (users, devices, applications)
Limit access to only what’s needed (least privilege)
Continuously monitor behavior and risk
In short:
“Never trust, always verify.”
Zero Trust helps protect against modern threats like credential theft, ransomware, and lateral movement — making it ideal for remote work, cloud apps, and hybrid environments.
Source: CSO Online
Source: NIST
An attack that exploits a previously unknown hardware, firmware, or software vulnerability.
Source: NIST
Security Oriented Convergence refers to the integration and unification of physical security, cybersecurity, and operational security systems and processes into a cohesive framework. The goal of this approach is to create a more resilient, comprehensive security posture that addresses both digital and physical threats effectively.
© 2025 Sovergence Consulting, LLC. | All Rights Reserved | Powered by Sovergence.
