Ostendio Blog

Cybersecurity Dictionary for 2019

Written by Connor Massei | Aug 20, 2019 4:57:43 PM

In case you are new to the world of cybersecurity and are struggling to learn or understand some of the new terms you are hearing, don’t worry, we’re here to help! Some concepts have been around for years, but many are gaining traction right now due to high-profile data breaches, advances in cyber technology, and more sophisticated hackers. At Ostendio we are fluent in the language of cybersecurity experts.  Here are the top 16 terms we’re hearing from our customers right now.

CMM

Capability Maturity Model - a methodology used to develop and refine an organization's software development process. 

Credential Stuffing

A type of cybersecurity breach which allows hackers to take information from a  previous breach to gain access to other accounts

Cyber Hygiene

Performing basic tasks to protect digital assets. For example, use strong passwords, do not write them down for others to see, and change them frequently. Validate the sender before clicking on links/URLs within email or text messages. Do not send a Social Security number or bank account number to another person via email.

Cybersecurity

The state of being protected against the criminal or unauthorized use of electronic data, or the measures taken to achieve this

Data Breach

A security incident in which information is accessed without authorization

Data Mining

The practice of examining large databases in order to generate new information

Data Governance

The overall management of the availability, usability, integrity and security of data used in an enterprise. 

Honeypot

A decoy computer system for trapping hackers or tracking unconventional or new hacking methods

Insider Threat

A malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems.

Integrated Risk Management

A set of practices and processes supported by a risk-aware culture and enabling technologies, that improves decision making and performance through an integrated view of how well an organization manages its unique set of risks.

Malware

Software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system

MyVCM

My Virtual Compliance Manager - our platform that’s helping customers build, operate and showcase compliance to over 100 standards globally.

Phishing

The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers

SCF

Secure Controls Framework - a series of documented processes used to define policies and procedures around the implementation and ongoing management of information security controls in an enterprise environment.

Spoofing

When a hacker impersonates another device or user on a network in order to steal data, spread malware, or bypass access controls.

Spyware

Software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive.

There are also a lot of standards and regulations that we cover with MyVCM. Some of the more popular ones are: 

  1. HIPAA - Health Insurance Portability and Accountability Act
  2. HITRUST - Health Information Trust Alliance
  3. CCPA - California Consumer Privacy Act
  4. GDPR - General Data Protection Regulation 
  5. NIST - National Institute of Standards and Technology
  6. SOC 2 - Service Organization Controls
  7. CSA - Cloud Security Alliance

Have you heard any terms that I’ve missed?  Drop me a note and share your favorite cybersecurity phrases.  And if you have any questions about how we help companies with their cybersecurity programs, or where to start on your cybersecurity journey, I’m happy to help! You can contact me at cmassei@ostendio.com or schedule an Ostendio MyVCM demo here.