Glossary of Terms

2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 1 of 12

Glossary of Terms

5-Tuple Network term used to refer to a set of five different values that make up a Transmission
Control Protocol/Internet Protocol (TCP/IP) connection. The 5-tuple is made up of source IP address,
destination IP address, source port number, destination port number, and the protocol in use. (RP: 4-2)

802.1x An IEEE standard for port-based network access control (PNAC). It provides an
authentication mechanism to devices wanting to be connected to a network. (RP: 7-1)

802.11 Generic name of a family of standards for wireless networking. (RP: 7-1)

AAA Computer security acronym for Authentication, Authorization, and Accounting. It refers to a
security architecture for user verification, service permission, and resource tracking. (RP: 4-2, 7-2, 8-1)

ACE Application Control Engine. (RP: 7-2)

Adware Any software package that automatically renders advertisements to generate revenue for its
author. The advertisements may be in the user interface of the software or on a screen presented to the
user during the installation process. The functions may be designed to analyze which Internet sites the
user visits and to present advertising pertinent to the types of goods or services featured there. (RP: 2-1)

Anonymous (group) A loosely associated international network of activist and hacktivist entities. A
website nominally associated with the group describes it as an Internet gathering with a very loose
and decentralized command structure that operates on ideas rather than directives. The group became
known for a series of publicity stunts and distributed denial of service (DDoS) attacks on government,
religious, and corporate websites. (RP: 1-2)

Antivirus Software Computer software used to prevent, detect, and remove malicious computer
viruses. (RP: 4-1)

APT Advanced Persistent Threats usually refers to a group, such as a government, with both the
capability and the intent to persistently and effectively target a specific entity. (RP: 1-1, 4-2)

ARPANET Advanced Research Projects Agency Network. One of the worlds first operational packet
switching networks; it was the first network to implement TCP/IP. The network was initially funded by the
Advanced Research Projects Agency (ARPA, later DARPA) within the U.S. Department of Defense for
use at universities and research laboratories in the U.S. The packet switching of the ARPANET, together
with TCP/IP, would form the backbone of Internet operations. (RP: 3-2)

ARRA American Recovery and Reinvestment Act. (RP: 7-1)

ASA Ciscos Adaptive Security Appliance. This is Ciscos line of network security devices, introduced
in 2005. These devices have become one of the most widely used firewall/VPN solutions for small-to-
medium businesses. (RP: 4-2)

Aurora A cyber attack conducted by Advanced Persistent Threats (APTs), such as the Elderwood
Group based in Beijing, China, with ties to the Peoples Liberation Army. The attack began in mid-2009
and continued through December 2009. (RP: 4-2)

AV See Antivirus Software. (RP: 4-1)

BASEL I The round of deliberations by central bankers from around the world, and in 1988, the Basel
Committee on Banking Supervision (BCBS) in Basel, Switzerland, published a set of minimum capital
requirements for banks. This is also known as the 1988 Basel Accord, and was enforced by law in the
Group of Ten (G-10) countries in 1992. (RP: 3-1)

Glossary of Terms
2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 2 of 12

BASEL II Initially published in June 2004, it is the second of the Basel Accords, which are
recommendations on banking laws and regulations issued by the Basel Committee on Banking
Supervision. (RP: 3-1)

BASEL III A global, voluntary regulatory standard on bank capital adequacy, stress testing, and
market liquidity risk. It was agreed upon by the members of the Basel Committee on Banking
Supervision in 201011, and was scheduled to be introduced from 2013 until 2015; however, changes
from April 1, 2013 extended implementation until March 31, 2018. The third installment of the Basel
Accords (see Basel I, Basel II) was developed in response to the deficiencies in financial regulation
revealed by the late-2000s financial crisis. Basel III was supposed to strengthen bank capital
requirements by increasing bank liquidity and decreasing bank leverage. (RP: 3-1)

Biosensors Medical devices aimed at detecting the presence or absence of certain levels of
proteins, antibodies, ions, oxygen, and glucose. (RP: 7-1)

Blended Threat A computer threat using multiple attack techniques to exploit vulnerabilities and
propagate. (RP: 5-2)

Blue Box An electronic device that generates the same tones employed by a telephone operators
dialing console to switch long-distance calls. A Blue Box is a tool that emerged in the 1960s and 1970s;
it allowed users to route their own calls by emulating the in-band signaling mechanism that then
controlled switching in long-distance dialing systems. The most typical use of a blue box was to place
free telephone calls. (RP: 3-2)

Botnets A collection of Internet-connected programs communicating with other similar programs to
perform tasks. This can be as mundane as keeping control of an Internet Relay Chat (IRC) channel, or it
could be used to send spam email or participate in distributed denial of service attacks. The word
botnet is a combination of the words robot and network. (RP: 1-1, 3-3, 4-2, 5-2, 7-1)

Brute Force A cryptanalytic attack that can, in theory, be used against any encrypted data. It
consists of systematically checking all possible keys or passwords until the correct one is found. Such
an attack might be utilized when it is not possible to take advantage of other weaknesses in an
encryption system, if any exist, that would make the task easier. (RP: 1-1)

BYOD Bring Your Own Device refers to the policy of permitting employees to bring personally owned
mobile devices, such as laptops, tablets, and smart phones, to their workplace, and to use those devices
to access privileged company information and applications. The term is also used to describe the same
practice applied to students using personally owned devices in education settings. (RP: 1-2, 7-1, 8-2)

Capital Allocation A process of how businesses divide their financial resources and other sources of
capital to different processes, people, and projects. (RP: 3-1)

CCENT Cisco Certified Entry Networking Technician. (RP: 8-2)

CCIE Cisco Certified Internetwork Expert. (RP: 8-2)

CCNA Cisco Certified Network Associate. (RP: 8-1, 8-2)

CCNP Cisco Certified Network Professional. (RP: 8-1, 8-2)

CIA Triad The combination of Confidentiality, Integrity, & Availability. It is one of the core principles of
information security. (RP: 1-1, 7-2)

Cloud Computing Internet-based computing in which large groups of remote servers are networked
so as to allow sharing of data-processing tasks, centralized data storage, and online access to computer
services or resources. (RP: 1-2, 7-2)

Glossary of Terms
2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 3 of 12

CompTIA Computer Technology Industry Association. (RP: 8-1)

Conficker A computer worm first detected in 2008 that targeted Microsoft PCs. It infected millions of
computers, including government, business, and home computers in over 200 countries. (RP: 4-2)

Credit Risk Refers to the risk that a borrower will default on any type of debt by failing to make
required payments. (RP: 3-1)

Cross-Site Scripting (XSS) A type of computer security vulnerability typically found in web
applications. Cross-site scripting carried out on websites accounted for roughly 84 percent of all security
vulnerabilities documented by Symantec as of 2007. (RP: 1-1, 3-2)

CSA Cloud Security Alliance is a nonprofit organization with a mission to promote the use of best
practices for providing security assurance within Cloud Computing, and to provide education on the uses
of Cloud Computing to help secure all other forms of computing. (RP: 7-2)

CSIRT Computer Security Incident Response Team (www.csirt.org). CSIRT provides 24x7 Computer
Security Incident Response Services to any user, company, government agency, or organization. CSIRT
provides a reliable and trusted, single point of contact for reporting computer security incidents
worldwide. (RP: 4-1)

Cyber Anything that includes some sort of electronic information. (RP: 1-1)

Cyber Attack A type of offensive maneuver employed by both individuals and whole organizations
that targets computer information systems, infrastructures, computer networks, or personal computer
devices. These attacks usually originate from an anonymous source that either steals, alters, or destroys
a specified target by hacking into a susceptible system. (RP: 5-1, 7-1, 8-1)

Cyber Crime Encompasses any criminal act dealing with computers and networks. Additionally,
cyber crime also includes traditional crimes conducted through the Internet. For example, hate crimes,
telemarketing and Internet fraud, identity theft, and credit card account thefts are considered to be cyber
crimes when the illegal activities are committed through the use of a computer and the Internet. (RP: 3-
3, 8-1)

Cyber Space The electronic medium of computer networks in which online communication takes
place. (RP: 1-1)

Cyber Warfare Refers to politically motivated hacking to conduct sabotage and espionage. (RP: 5-1)

Darknet Distinct from other distributed peer-to-peer networks as sharing is anonymous (IP addresses
are not publicly shared) and, therefore, users can communicate with little fear of governmental or
corporate interference. (RP: 5-2)

DDoS Distributed Denial of Service occurs when multiple systems flood the bandwidth or resources
of a targeted system. (RP: 1-1, 1-2, 3-1, 3-2, 3-3, 4-1, 4-2, 5-1, 8-1)

Deep Packet Inspection A form of computer network packet filtering that examines the data part
(and possibly the header) of a packet as it passes an inspection point, searching for protocol
noncompliance, viruses, spam, intrusions, or other defined criteria. A decision is made to let the packet
pass, or route it to a different destination for the purpose of collecting statistical information. (RP: 4-1)

Defense in Depth An approach to defend a system against any particular attack using several
independent methods. It is a layering tactic, conceived by the National Security Agency (NSA) as a
comprehensive approach to information and electronic security. (RP: 1-2)

DERS Drub Error Rate Systems. Safeguards for protection against medication overdoses. (RP: 7-1)

Glossary of Terms
2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 4 of 12

DLP Data Loss Prevention. A system designed to detect potential data breaches or data ex-filtration
transmissions and prevent them. (RP: 4-1, 7-2)

DMZ Demilitarized Zone is a computer term that refers to a physical or logical subnetwork that
contains and exposes an organizations external-facing services to the Internet. (RP:8-1)

DNS Domain Name System (Service or Server). An Internet service that translates domain names
into IP addresses. (RP: 4-1)

DNS RPZ Domain Name Service Response Policy Zones. This is a method that allows a name
server administrator to overlay custom information on top of the global DNS to provide alternate
responses to queries. (RP: 4-1)

DoS Denial of Service is an attempt to make a machine or network resource unavailable to its
intended users. (RP: 1-1, 1-2, 3-1, 3-2, 3-3, 4-1, 4-2, 5-1, 8-1)

DPI See Deep Packet Inspection. (RP: 4-1, 7-1)

Duqu A collection of computer malware discovered on September 1, 2011, thought to be related to
the Stuxnet worm. (RP: 5-1)

Enigma Machine Any of a family of related electro-mechanical rotor cipher machines used in the
20th century for enciphering and deciphering secret messages. Enigma was invented by the German
engineer Arthur Scherbius near the end of World War I. (RP: 6-1)

ePHI Electronic Protected (Patient) Health Information. (RP: 7-1)

ESA Enterprise Security Architecture. (RP: 6-2)

Extortion A criminal offense that involves obtaining money, property, or services from a person,
entity, or institution, through coercion. (RP: 3-1, 3-3)

FireEye A global network security company that provides automated threat forensics and dynamic
malware protection against advanced cyber threats. (RP: 4-1)

Firewall A software or hardware-based network security system that controls the incoming and
outgoing network traffic by analyzing the data packets and determining whether they should be allowed
through or not, based on applied rule sets. (RP: 4-1, 4-2)

FTP File Transfer Protocol is a standard network protocol used to transfer files from one host to
another host over a TCP based network. (RP:1-2)

Gasson, Mark, Ph.D. Proved that not only is it possible for a virus to wirelessly infect an implanted
medical device, but that same compromised medical device can then go on to infect other systems by
making wireless contact with them. (RP: 7-1)

Google Hacking Using Googles search engine for reconnaissance. (RP: 1-1)

GPU Graphics Processing Unit is a specialized electronic circuit designed to rapidly manipulate and
alter memory to accelerate the creation of images in a frame buffer intended for output to a display.
GPUs are used in embedded systems, mobile phones, personal computers, workstations, and game
consoles. Modern GPUs are very efficient at manipulating computer graphics. Their highly parallel
structure makes them more effective than general-purpose CPUs for algorithms where processing of
large blocks of data is done in parallel. (RP: 1-1)

Gray Hat In the hacking community, this metaphorical title refers to a skilled hacker whose activities
fall somewhere between white and black hat hackers in a variety of practices. The ambiguity connoted
Glossary of Terms
2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 5 of 12

by the title suggests that such people sometimes act illegally, though with good will, to identify
vulnerabilities in computing processes. They usually do not hack for personal gain or have malicious
intentions, but may be prepared to break some laws during the course of their technological exploits in
order to achieve better security. (RP: 1-2)

Hacker Someone who seeks and exploits weaknesses in a computer system or computer network.
Hackers may be motivated by a multitude of reasons, such as profit, protest, or challenge. (RP: 3-3, 6-1,
7-1)

Hacktivism The use of computers and computer networks to promote political ends, chiefly free
speech, human rights, and information ethics. (RP: 3-1, 3-2, 8-2)

Hash A derivation of data used to authenticate message integrity. (RP: 1-1)

Herd mentality Describes how people are influenced by their peers to adopt certain behaviors, follow
trends, and/or purchase items. Examples of the herd mentality include stock market trends, superstition,
home dcor, etc. (RP: 2-2)

HIMSS Healthcare Information and Management Systems Society. (RP: 7-1)

HIPAA Health Insurance Portability and Accountability Act. Enacted in 1996 to safeguard ePHI by
mandating procedures and controls to assure the public that critical and private information is controlled
from loss of confidentiality, integrity, or availability. (RP: 7-1, 7-2)

HIPS Host-based Intrusion Prevention System. (RP: 4-1)

HIS Hospital Information Systems. (RP: 7-1)

HITECH Health IT for Economic and Clinical Health. (RP: 7-1)

IaaS Infrastructure as a Service. (RP: 7-2)

ICS Industrial Control Systems. These are computer-controlled systems that monitor and control
industrial processes that exist in the physical world. (RP: 1-1, 5-1)

IDS Intrusion Detection System. A device or software application that monitors network or system
activities for malicious activities or policy violations. It produces reports to a management station. (RP: 4-
1, 7-1)

Identity Theft A person (or persons) pretends to be someone else by assuming that persons
identity, usually as a method to gain access to resources or obtain credit and other benefits in that
persons name. (RP: 3-3)

IEEE Institute of Electrical and Electronics Engineers. A professional association that is dedicated to
advancing technology innovation and excellence. (RP: 7-1)

ILOVEYOU A virus that attacked tens of millions of Windows personal computers on and after May 5,
2000. (RP: 4-2)

Information Warfare The use and management of information technology in pursuit of a competitive
advantage over an opponent. Information warfare may involve collection of tactical information,
assurances that ones own information is valid, spreading of propaganda or disinformation to demoralize
or manipulate the enemy and the public, undermining the quality of opposing force information and
denial of information-collection opportunities to opposing forces.

Infusion Pump Infuses fluids, medication, or nutrients into a patients circulatory system. (RP: 7-1)

Glossary of Terms
2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 6 of 12

IOS Operating system used on most of Ciscos routers and switches. (RP: 8-2)

IPS Intrusion Prevention System. (RP:4-1, 7-1, 8-2)

Ironport An email and web security appliance that was acquired by Cisco in January 2007. (RP: 1-1,
4-1, 7-2)

ISE Ciscos Identity Services Engine. It is a security policy management and control platform that
automates and simplifies access control and security compliance for wired, wireless, and VPN
connectivity. (RP: 4-2, 7-1)

ISR Integrated Services Router. (RP: 4-2)

ITSEAG IT Security Expert Advisory Group. This group provides expert advice to critical
infrastructure industries (Utilities, Banking & Finance, Transportation, and Telecommunications). (RP: 1-
2)

itsoknoproblembro Pronounced it's OK, no problem, bro, this is a DDoS attack tool that uses a
sophisticated two-tier combination of compromised commercial servers and, as a result, can generate a
higher bandwidth attack from a smaller number of hosts. (RP: 3-2)

IW See Information Warfare. (RP: 5-1)

JCAHO Joint Commission on Accreditation of Healthcare Organizations. (RP: 7-1)

Keylogging The action of recording (or logging) the keys strokes on a keyboard, typically in a covert
manner so that the person using the keyboard is unaware that their actions are being monitored. (RP: 5-
1)

Kill Chain Originally a military term for a phase-based model to describe the stages of an attack,
which also helps inform ways to prevent such attacks. The stages of a cyber kill chain are:
Reconnaissance, Weaponization, Delivery, Exploit, Installation, Command and Control, and Actions.
(RP: 4-2)

Lancope Specializes in flow analysis for security and network performance monitoring. Lancope is an
American company founded in Alpharetta, Georgia in 2000. (RP: 4-1, 4-2)

LOIC See Low Orbit Ion Cannon. (RP: 3-2)

Low Orbit Ion Cannon An open source network stress testing and DoS attack application, written in
C#. LOIC was initially developed by Praetox Technologies, but was later released into the public
domain. LOIC performs a DoS attack (or when used by multiple individuals, a DDoS attack) on a target
site by flooding the server with TCP or UDP packets with the intention of disrupting the service of a
particular host. (RP: 3-2)

Malware Short for malicious software. Malware is a general term used to refer to a variety of forms of
hostile or intrusive software. This software is used to disrupt computer operation, gather sensitive
information, or gain access to private computer systems. It can appear in the form of code, scripts,
active content, and other software. (RP: 1-1, 3-2, 4-1, 5-2, 7-1, 8-2)

MANET See Mobile Ad Hoc Network. (RP: 1-2)

Market Risk Refers to the risk of losses in balance sheet positions due to movements in market
prices. (RP: 3-1)

MDDS Medical Device Data System. (RP: 7-1)

Glossary of Terms
2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 7 of 12

MDIA Medical Device Isolation Architecture. (RP: 7-1)

MDPP Medical Device Partnering Program. (RP: 7-1)

MD5 The Message Digest 5 algorithm is a widely used cryptographic hash function producing a 128-
bit (16-byte) hash value, typically expressed as a 32 digit hexadecimal number. MD5 has been utilized in
a wide variety of security applications. (RP: 1-1)

Medical Device A device used in patient healthcare for diagnosis, treatment, monitoring of
physiological measurements, or for health analytical purposes. Regulatory approval is required prior to
use. (RP:7-1)

Melisa A mass-mailing macro virus that shut down Internet email systems in March 1999. (RP: 4-2)

MitB Man in the Browser. Refers to malware, such as Zeus and SpyEye. (RP: 3-1)

MitMo Man in the Mobile. Refers to malware, such as Zeus and SpyEye. (RP: 3-1)

Mobile Ad Hoc Network (MANET) A self-configuring infrastructureless network of mobile devices
connected by wireless. (RP: 1-2)

MODAF Ministry of Defence Architecture Framework. The UK Ministry of Defence framework for
developing architectures that provide a means to model, understand, analyze, and specify business
processes. (RP:6-2)

Money Mule A person who transfers money acquired illegally in person, through a courier service, or
electronically, on behalf of others. The mule is paid for their services, typically a small part of the money
transferred. Money mules are often dupes recruited online for what they think is legitimate employment,
not aware that the money they are transferring is the product of crime. The money is transferred from
the mules account to the scam operator, typically in another country. (RP: 3-2)

Moores Law A 1965 prediction made by Gordon Moore, co-founder of Intel, that computer processor
speeds would double every two years. (RP: 7-2)

Morris Worm Considered to be the first worm. It was the first to gain significant mainstream media
attention. It was written by a student, Robert Tappan Morris, at Cornell University and was launched on
November 2, 1988 from MIT. (RP: 2-1, 3-2)

MyDoom Also known as W32.MyDoom@mm, is a computer worm affecting Microsoft Windows. It
was first sighted on January 26, 2004. It became the fastest-spreading email worm ever (as of January
2004), exceeding previous records set by the Sobig worm and ILOVEYOU. (RP: 5-1)

NAC Network Admission Control. (RP: 7-1)

NBAR Network Based Application Recognition. The mechanism used by some Cisco routers and
switches to recognize a dataflow by inspecting some packets sent. (RP: 4-2)

Near Miss An unplanned or unwanted event that did not result in a security breach, but had the
potential to do so. Near miss events, such as password reset requests, should be continuously
monitored as part of a security response management plan. (RP: 2-2)

NetFlow A feature incorporated into Cisco routers that gives the ability to collect IP network traffic as
it enters an interface. By analyzing the data provided by NetFlow, a network administrator can determine
the source and destination of the traffic, class of service, and the cause of congestion. NetFlow consists
of three components: flow caching, Flow Collector, and Data Analyzer. (RP: 1-2, 4-1, 4-2)

Glossary of Terms
2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 8 of 12

Network Enumeration A computing activity in which usernames and information on groups, shares,
and services of networked computers are retrieved. (RP: 1-1)

Nimda A worm that quickly spread, surpassing the economic damage caused by previous outbreaks.
It utilized several types of propagation techniques and this caused it to become the Internets most
widespread virus/worm within 22 minutes. The worm was released on September 18, 2001. The worms
name origin comes from the reversed spelling of it, which is admin. (RP: 2-1)

NIST National Institute of Standards and Technology. (RP: 6-2)

NSEL NetFlow Secure Event Logging. NetFlow is used for logging which reduces device overhead.
(RP: 4-2)

Operational Risk Refers to the risk incurred by an organizations internal activities, focusing on risks
arising from the people, systems, and processes through which a company operates. (RP: 3-1)

OTP One Time Password. (RP: 3-1)

PaaS Platform as a Service. (RP: 7-2)

PACS Picture Archiving and Communication Systems. (RP: 7-1)

Password Entropy The amount of randomness in a password or how difficult it is to guess. (RP: 1-1)

PCI Payment Card Industry. (RP: 7-1, 7-2)

Phishing The act of attempting to acquire information, such as usernames, passwords, and credit
card details, by masquerading as a trustworthy entity in an electronic communication. Phishing emails
may contain links to websites that are infected with malware. Phishing is typically carried out by email
spoofing or instant messaging. It often directs users to enter details at a fake website that has a look and
feel that are almost identical to the legitimate one. (RP: 1-1, 3-1, 8-2)

Phone Phreaking Slang term coined to describe the activity of a culture of people who study,
experiment with, or explore telecommunication systems, such as equipment and systems connected to
public telephone networks. As telephone networks have become computerized, phreaking has become
closely linked with computer hacking. (RP: 3-2)

PIPEDA Personal Information Protection and Electronic Document Act. (RP: 7-1)

PKI Public-Key Infrastructure. It is a set of hardware, software, people, policies, and procedures
needed to create, manage, distribute, use, store, and revoke digital certificates. (RP: 7-1)

PLC Programmable Logic Controller. (RP: 5-1)

Polymorphic When referring to malware, means that it changes itself over time so that it is more
difficult to reverse engineer the malware and determine what it is doing. (RP: 2-1)

RADIUS Remote Authentication Dial-In User Service is a networking protocol that provides
centralized AAA management. (RP: 8-1)

Rainbow Table A pre-computed table for reversing cryptographic hash functions, usually for cracking
password hashes. Tables are usually used in recovering a plaintext password up to a certain length
consisting of a limited set of characters. (RP: 1-1)

RBAC Role Based Access Control. An approach to restrict system access to authorized user. (RP: 4-
1)

Glossary of Terms
2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 9 of 12

Reconnaissance Gathering information about a target. (RP: 1-1)

Resilience The ability to respond and recover from a cyber attack. (RP: 1-1)

Risk Management The study of how to control risks and balance the possibility of gains. (RP: 3-1)

Rootkit A type of malware designed to hide the existence of certain processes or programs from
normal methods of detection and enable continued privileged access to a computer. (RP: 2-1)

RPO Recovery Point Objective is the maximum tolerable period in which data might be lost from an
IT service due to a major incident. (RP: 7-2)

RPZ Response Policy Zones. See DNS RPZ. (RP: 4-1)

RSA One of the first practicable public key cryptosystems. It is widely used for secure data
transmission. In such a cryptosystem, the encryption key is public and differs from the decryption key
that is kept secret. In RSA, this asymmetry is based on the practical difficulty of factoring the product of
two large prime numbers. RSA stands for Ron Rivest, Adi Shamir, and Leonard Adleman, who first
publicly described the algorithm in 1977. Clifford Cocks, an English mathematician, had developed an
equivalent system in 1973, but it was not declassified until 1997. (RP: 3-1, 5-1)

RTO Recovery Time Objective is the duration of time which a business process must be restored
after a disruption to avoid unacceptable consequences. (RP: 7-2)

SaaS Software as a Service. (RP: 7-2)

Sandbox A security mechanism for separating running programs. It is often used to execute untested
code, or untrusted programs from unverified third parties, suppliers, untrusted users, and untrusted
websites. (RP: 4-1)

SANS The trade name SANS was derived from SysAdmin, Audit, Networking, and Security. The
SANS Institute is a cooperative research and education organization. It is the largest source available
for information security training and security certification.

Salted MD5 The process of adding a randomly generated string to a password before MD5 hashing
is applied and stored. For additional information, see: https://crackstation.net/hashing-security.htm. (RP:
1-1)

SCADA Supervisory Control and Data Acquisition is a type of ICS. ICSs are computer-controlled
systems. They monitor and control industrial processes that exist in the physical world. SCADA systems
historically distinguish themselves from other ICSs by being large-scale processes that can include
multiple sites and large distances. These include industrial, infrastructure, and facility-based processes.
(RP: 1-1, 5-1)

ScanSafe SaaS to block malware and secure the use of the web and messaging. ScanSafe was
acquired by Cisco in December 2009. (RP: 1-1, 7-2, 8-2)

Schneier, Bruce An American cryptographer, computer security and privacy specialist, and writer.
He is the author of several books on general security topics, computer security, and cryptography. After
receiving a Bachelor's degree in Physics from the University of Rochester in 1984, he went to the
American University in Washington, D.C. and received his Master's degree in Computer Science in
1988. He was awarded an honorary Ph.D from the University of Westminster in London, England in
November 2011. The award was made by the Department of Electronics and Computer Science in
recognition of Schneiers hard work and contribution to industry and public life. (RP: 1-2)

Secaas Security as a Service. (RP: 7-2)

Glossary of Terms
2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 10 of 12

Sensorbase A service offered by Cisco that evaluates and rates the security profile of websites. (RP:
7-2)

SEO Poisoning Search Engine Optimization Poisoning. An attack method in which cyber criminals
create malicious websites and use search engine optimization tactics to make them show up
prominently in search results. (RP: 5-2)

SHA Secure Hash Algorithm is a family of cryptographic hash functions published by the National
Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing Standard
(FIPS). (RP: 1-1)

Shamoon Also known as Disttrack, is a computer virus that attacks systems running the Microsoft
Windows NT line of operating systems. It is used for cyber espionage in the energy sector. The virus
has been noted as unique for having differing behavior from other malware cyber espionage attacks.
Shamoon is capable of spreading to other computers on the network, through exploitation of shared
hard drives. When a system is infected, the virus continues to compile a list of files from specific
locations on the system, erase, and then send information about these files back to the attacker. Finally,
the virus overwrites the master boot record of the system to prevent it from booting. (RP: 2-1)

SIO Security Intelligence Operations. Cisco SIO is a hub where protection of network is achieved by
early warning intelligence, threat and vulnerability analysis, and proven Cisco mitigation solutions. (RP:
5-2, 6-1)

SLA Service Level Agreement. It is the part of a service contract where a service is formally defined.
(RP: 7-2)

SMS Short Message Service. A text messaging service component of phone, web, or mobile
communication systems. It uses standardized communications protocols to allow fixed line or mobile
phone devices to exchange short text messages with a maximum length of 160 characters. (RP: 3-1)

Social Engineering The psychological manipulation of people designed to get them to perform
actions or divulge confidential information. (RP: 1-1, 2-2, 4-2)

Spam The use of electronic messaging systems to send unsolicited bulk messages, especially
advertising, indiscriminately. It is named after Spam, a luncheon meat, by way of a Monty Python sketch
in which Spam is included in almost every dish. (RP: 1-1, 3-3, 4-1)

Splunk An American multinational corporation, headquartered in San Francisco, California, that
produces software for searching, monitoring, and analyzing machine-generated big data, via a web-style
interface. Splunk aims to make machine data accessible across an organization and identifies data
patterns, provides metrics, diagnoses problems, and provides intelligence for business operations. (RP:
4-1)

SpO2 Sensor Oxygen Saturation Sensor. It measures the amount of oxygen that is dissolved or
carried in a given medium. (RP: 7-1)

SpyEye In late December 2009 a new crimeware toolkit emanating from Russia, known as SpyEye
V1.0, started to appear for sale on Russian underground forums. See Zeus and MitMo for more
information. (RP: 1-1, 2-1)

Spyware Software that aids in gathering information about a person or organization without their
knowledge. It that may send such information to another entity without the consumers consent, or it may
assert control over a computer without the consumers knowledge. (RP: 1-1, 2-1)

SQL Structured Query Language is a special purpose programming language designed for managing
data held in a relational database management system (RDBMS). (RP: 1-1, 3-2, 4-2)

Glossary of Terms
2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 11 of 12

SQL Injection A code injection technique, used to attack data driven applications, in which malicious
SQL statements are inserted into an entry field for execution; for example, to dump the database
contents to the attacker. (RP: 1-1, 3-2)

SQL Slammer A computer worm that caused a DoS on some Internet hosts and dramatically slowed
down general Internet traffic, starting at 5:30 UTC on January 25, 2003. It spread rapidly, infecting most
of its 75,000 victims within 10 minutes. (RP: 4-2)

StealthWatch A product series, produced by Lancope, Inc., that collects and analyzes NetFlow and
other types of data to provide network visibility and detect problems that might impact security or
performance. (RP: 4-2)

Stewart, John N. Senior Vice President at Cisco. John oversees the Threat Response, Intelligence,
and Development (TRIAD) organization. TRIAD has three missions: protect Cisco from threat, protect
Ciscos products from threat, and help protect Ciscos customers. (RP: 1-2)

STUXNET A computer worm discovered in June 2010 that is believed to have been created by U.S.
and Israel agencies to attack Irans nuclear facilities. (RP: 2-1, 5-1)

SYN Flood A form of DoS attack in which an attacker sends a succession of SYN requests to a
targets system in an attempt to consume enough server resources to make the system unresponsive to
legitimate traffic. (RP: 4-1)

TCP/IP Transmission Control Protocol / Internet Protocol. (RP:4-2)

Tedroo Also known as Grum, was a botnet mostly involved in sending pharmaceutical spam emails.
It was at one time the worlds largest botnet. Tedroo can be traced back as early as 2008 and was shut
down in July of 2012. (RP: 4-2)

TISN Trusted Information Sharing Network. (RP: 1-2)

TJX Data Breach TJX, an apparel and home goods company based in Framingham, Massachusetts,
had 45.6 million credit and debit card numbers stolen from one of its systems over a period of more than
18 months beginning in 2005 by an unknown number of intruders. (RP: 3-1)

TOGAF The Open Group Architecture Framework provides a comprehensive approach for designing,
planning, implementing, and governing an enterprise information architecture. (RP: 6-2)

Transactional Security The degree to which online transactions, such as credit card orders, are safe
from tampering or other unauthorized intervention. (RP: 1-2)

Trojan Horse A type of malware that employs a form of social engineering, presenting itself as
routine, useful, or interesting to persuade victims to install them on their computers. When executed, the
Trojan horses typically cause loss or theft of data, and possibly system harm. (RP: 2-1, 5-1, 8-1)

TrustSec Ciscos term for providing an intelligent and scalable access control solution that mitigates
security access risks across the entire network. (RP: 7-1)

Tunneling Consists of sending unencrypted traffic over a network through an encrypted channel. For
example, an SSH tunnel can be used to securely transfer files between a FTP server and a client, even
though FTP is not encrypted. (RP: 1-2)

UDP User Datagram Protocol. (RP: 3-2)

Vector of Attack A path (or other means) by which unauthorized access is gained to a computer or
network in order to deliver a malicious payload. (RP: 5-2)

Glossary of Terms
2014 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public. Page 12 of 12

Virtualization Refers to the act of creating a virtual (rather than an actual) version of something,
including but not limited to, a virtual computer hardware platform, operating system, storage device, or
other computer network resource. Hardware virtualization or platform virtualization refers to the creation
of a virtual machine that acts like a real computer with an operating system. Software executed on these
virtual machines is separated from the underlying hardware resources. For example, a computer running
Microsoft Windows may host a virtual machine that looks like a computer with the Ubuntu Linux
operating system; Ubuntu-based software can be run on the virtual machine. (RP: 1-2)

Virus A type of malware that attaches to computer files and then, when executed, replicates itself into
other computer programs, data files, or the boot sector of the hard drive. When it succeeds, the affected
areas are then said to be infected. (RP: 2-1, 4-2)

VMDC Virtualized Multiservice Data Center. (RP 7-2)

VPN Virtual Private Network enables a computer to send and receive data across shared or public
networks as if it were directly connected to a private network. (RP: 8-1)

Web Proxy A computer system or application that acts as an intermediary for client requests and
facilitates access to content on the Internet. (RP:4-1)

WSA Web Security Appliance. A device that combines several forms of protection into a single
solution. This solution may include advanced threat defense, application visibility and control, insightful
reporting, and secure mobility. (RP: 4-1)

Worm A standalone malware computer program that replicates itself to spread to other computers.
Often, it uses a computer network to spread itself, relying on security failures on the target computer to
access it. Unlike a computer virus, it does not need to attach itself to an existing program. (RP: 2-1, 4-1,
4-2)

XSS See Cross-Site Scripting. (RP: 1-1, 3-2)

Zero Day Attacks An attack that exploits a previously unknown vulnerability in a computer
application, meaning that the attack occurs on day zero of vulnerability awareness. This means that
the developers have had zero days to address and patch the vulnerability. (RP: 1-1, 4-2)

Zeus A Trojan horse computer malware that affects computers running under versions of the
Microsoft Windows operating system. While it is capable of being used to carry out many malicious and
criminal tasks, it is often used to steal banking information by MitB keystroke logging and form grabbing.
It is also used to install the Crypto Locker ransom ware. Zeus is spread mainly through drive-by
downloads and phishing schemes. First identified in July 2007 when it was used to steal information
from the U.S. Department of Transportation, it became more widespread in March 2009. (RP: 3-1, 3-2,
4-1)