Hactivism

Hactivism

Definition(s)


Hactivism

Hacking for a politically or socially motivated purpose. Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards
Hacking

Hacking

Definition(s)


Hacking

Intentionally accessing a computer system without the authorization of the user or the owner. Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards
Drone

Drone

Definition(s)


Drone

Computer containing hidden software that enables the machine to be controlled remotely, usually to perform an attack on another computer. NOTE Generally, a compromised machine is only one of many in a botnet, and will be used to perform malicious activities under remote direction. Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards
Deceptive Software

Deceptive Software

Definition(s)


Deceptive Software

Software which performs activities on a user’s computer without first notifying the user as to exactly what the software will do on the computer, or asking the user for consent to these actions.
  • EXAMPLE 1 A program that hijacks user configurations.
  • EXAMPLE 2 A program that causes endless popup advertisements which cannot be easily stopped by the user.
  • EXAMPLE 3 Adware and spyware.
Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards
Cyber-squatter

Cyber-squatter

Definition(s)


Cyber-squatter

Individuals or organizations that register and hold on to URLs that resemble references or names of other organizations in the real world or in the Cyberspace. Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards
Cyberspace Application Services

Cyberspace Application Services

Definition(s)


Cyberspace Application Services

Application services (4.4) provided over the Cyberspace. Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards
the Cyberspace

the Cyberspace

Definition(s)


the Cyberspace

Complex environment resulting from the interaction of people, software and services on the Internet by means of technology devices and networks connected to it, which does not exist in any physical form. Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards
Cyberspace Security

Cyberspace Security

Definition(s)


Cyberspace Security

Actions required to preclude unauthorized use of, denial service to, modifications to, disclosure of, loss of revenue from or destruction of critical systems or informational assets. Source:  DNVGL-RP-G108, Cyber security in the oil and gas industry based on IEC 62443, DNV GL, September 2017. Global Standards

Cyberspace Security

Preservation of confidentiality, integrity and availability of information in the Cyberspace.
  • NOTE 1 In addition, other properties, such as authenticity, accountability, non-repudiation, and reliability can also be involved.
  • NOTE 2 Adapted from the definition for information security in ISO/IEC 27000:2009.
Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards
Cybersafety

Cybersafety

Definition(s)


Cybersafety

Condition of being protected against physical, social, spiritual, financial, political, emotional, occupational, psychological, educational or other types or consequences of failure, damage, error, accidents, harm or any other event in the Cyberspace which could be considered non-desirable.
  • NOTE 1 This can take the form of being protected from the event or from exposure to something that causes health or economic losses. It can include protection of people or of assets.
  • NOTE 2 Safety in general is also defined as the state of being certain that adverse effects will not be caused by some agent under defined conditions.
Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards
Cybercrime

Cybercrime

Definition(s)


Cybercrime

Criminal activity where services or applications in the Cyberspace are used for or are the target of a crime, or where the Cyberspace is the source, tool, target, or place of a crime. Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards
Cookie

Cookie

Definition(s)


Cookie

<access control> capability or ticket in an access control system. Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards  

Cookie

<IPSec> data exchanged by ISAKMP to prevent certain Denial-of-Service attacks during the establishment of a security association. Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards  

Cookie

<HTTP> data exchanged between an HTTP server and a browser to store state information on the client side and retrieve it later for server use.
  • NOTE A web browser can be a client or a server.
Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards
Blended Attack

Blended Attack

Definition(s)


Blended Attack

Attack that seeks to maximize the severity of damage and speed of contagion by combining multiple attacking methods. Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards  
Attack Vector

Attack Vector

Definition(s)


Attack Vector

Path or means by which an attacker can gain access to a computer or network server in order to deliver a malicious outcome. Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards
Attack Potential

Attack Potential

Definition(s)


Attack Potential

Perceived potential for success of an attack, should an attack be launched, expressed in terms of an attacker’s expertise, resources and motivation. [ISO/IEC 15408-1:2005]. Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards  
Avatar

Avatar

Definition(s)


Avatar

Representation of a person participating in the Cyberspace.
  • NOTE 1 An avatar can also be referred to as the person’s alter ego.
  • NOTE 2 An avatar can also be seen as an “object” representing the embodiment of the user.
Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards
Application Software

Application Software

Definition(s)


Application Software

Software designed to help users perform particular tasks or handle particular types of problems, as distinct from software that controls the computer itself. [ISO/IEC 18019] Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards
Application Services

Application Services

Definition(s)


Application Services

Software with functionality delivered on-demand to subscribers through an online model which includes web based or client-server applications. Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards
Application Service Provider

Application Service Provider

Definition(s)


Application Service Provider

Operator who provides a hosted software solution that provides application services which includes web based or client-server delivery models EXAMPLE Online game operators, office application providers and online storage providers. Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards  
Adware

Adware

Definition(s)


Adware

Application which pushes advertising to users and/or gathers user online behaviour.
  • NOTE The application may or may not be installed with the user’s knowledge or consent or forced onto the user via licensing terms for other software.
Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global Standards
Unit of Measurement

Unit of Measurement

Definition(s)


Unit of Measurement

Particular quantity, defined and adopted by convention, with which other quantities of the same kind are compared in order to express their magnitude relative to that quantity. [SOURCE: ISO/IEC 15939:2007] Source: ISO/IEC 27000:2014, Information technology — Security techniques — Information security management systems — Overview and vocabulary, Third Edition, January 2014. Global Standards
Trusted Information Communication Entity

Trusted Information Communication Entity

Definition(s)


Trusted Information Communication Entity

Autonomous organization supporting information exchange within an information sharing community. Source: ISO/IEC 27000:2014, Information technology — Security techniques — Information security management systems — Overview and vocabulary, Third Edition, January 2014. Global Standards
Top Management

Top Management

Definition(s)


Top Management

Person or group of people who directs and controls an organization at the highest level.
  • Note 1 to entry: Top management has the power to delegate authority and provide resources within the organization.
  • Note 2 to entry: If the scope of the management system covers only part of an organization then top management refers to those who direct and control that part of the organization.
Source: ISO/IEC 27000:2014, Information technology — Security techniques — Information security management systems — Overview and vocabulary, Third Edition, January 2014. Global Standards
Security Implementation Standard

Security Implementation Standard

Definition(s)


Security Implementation Standard

Document specifying authorized ways for realizing security. Source: ISO/IEC 27000:2014, Information technology — Security techniques — Information security management systems — Overview and vocabulary, Third Edition, January 2014. Global Standards
Scale

Scale

Definition(s)


Scale

Ordered set of values, continuous or discrete, or a set of categories to which the attribute is mapped. [SOURCE: ISO/IEC 15939:2007]
  • Note 1 to entry: The type of scale depends on the nature of the relationship between values on the scale. Four types of scale are commonly defined:
    • nominal: the measurement values are categorical;
    • ordinal: the measurement values are rankings;
    • interval: the measurement values have equal distances corresponding to equal quantities of the attribute;
    • ratio: the measurement values have equal distances corresponding to equal quantities of the attribute, where
    • the value of zero corresponds to none of the attribute.
These are just examples of the types of scale. Source: ISO/IEC 27000:2014, Information technology — Security techniques — Information security management systems — Overview and vocabulary, Third Edition, January 2014. Global Standards
Risk Communication and Consultation

Risk Communication and Consultation

Definition(s)


Risk Communication and Consultation

Continual and iterative processes that an organization conducts to provide, share or obtain information, and to engage in dialogue with stakeholders regarding the management of risk.
  • Note 1 to entry: The information can relate to the existence, nature, form, likelihood, significance, evaluation, acceptability and treatment of risk.
  • Note 2 to entry: Consultation is a two-way process of informed communication between an organization and its stakeholders on an issue prior to making a decision or determining a direction on that issue. Consultation is:
    • a process which impacts on a decision through influence rather than power; and
    • an input to decision making, not joint decision making.
Source: ISO/IEC 27000:2014, Information technology — Security techniques — Information security management systems — Overview and vocabulary, Third Edition, January 2014. Global Standards
Review Objective

Review Objective

Definition(s)


Review Objective

Statement describing what is to be achieved as a result of a review. Source: ISO/IEC 27000:2014, Information technology — Security techniques — Information security management systems — Overview and vocabulary, Third Edition, January 2014. Global Standards
Review Object

Review Object

Definition(s)


Review Object

Specific item being reviewed. Source: ISO/IEC 27000:2014, Information technology — Security techniques — Information security management systems — Overview and vocabulary, Third Edition, January 2014. Global Standards
Requirement

Requirement

Definition(s)


Requirement

Need or expectation that is stated, generally implied or obligatory.
  • Note 1 to entry: “Generally implied” means that it is custom or common practice for the organization and interested parties that the need or expectation under consideration is implied.
  • Note 2 to entry: A specified requirement is one that is stated, for example in documented information.
Source: ISO/IEC 27000:2014, Information technology — Security techniques — Information security management systems — Overview and vocabulary, Third Edition, January 2014. Global Standards
Measurement Results

Measurement Results

Definition(s)


Measurement Results

One or more indicators and their associated interpretations that address an information need. Source: ISO/IEC 27000:2014, Information technology — Security techniques — Information security management systems — Overview and vocabulary, Third Edition, January 2014. Global Standards
Measurement Method

Measurement Method

Definition(s)


Measurement Method

Logical sequence of operations, described generically, used in quantifying an attribute with respect to a specified scale. [SOURCE: ISO/IEC 15939:2007]
  • Note 1 to entry: The type of measurement method depends on the nature of the operations used to quantify an attribute. Two types can be distinguished:
    • subjective: quantification involving human judgment;
    • objective: quantification based on numerical rules.
Source: ISO/IEC 27000:2014, Information technology — Security techniques — Information security management systems — Overview and vocabulary, Third Edition, January 2014. Global Standards