Glossary
Browse the IADC Lexicon alphabetically or by category. Get comprehensive definitions of drilling industry terms.
Precursor
Definition(s)
Precursor
An observable occurrence or sign that an attacker may be preparing to cause an incident. Adapted from: CNSSI 4009, NIST SP 800-61 Rev 2 (DRAFT). Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsPlaintext
Definition(s)
Plaintext
Unencrypted information. From: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsPlaintext
Unencoded data that is input to and transformed by an encryption process, or that is output by a decryption process [11]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardPhishing
Definition(s)
Phishing
Fraudulent process of attempting to acquire private or confidential information by masquerading as a trustworthy entity in an electronic communication.- NOTE Phishing can be accomplished by using social engineering or technical deception.
Phishing
A digital form of social engineering to deceive individuals into providing sensitive information. Adapted from: NCSD Glossary, CNSSI 4009, NIST SP 800-63 Rev 1. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsPhishing
Type of security attack that lures victims to reveal information, by presenting a forged email to lure the recipient to a web site that looks like it is associated with a legitimate source.
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardPersonal Identifying Information / Personally Identifiable Information
Definition(s)
Personal Identifying Information / Personally Identifiable Information
The information that permits the identity of an individual to be directly or indirectly inferred. Adapted from: NCSD Glossary, CNSSI 4009, GAO Report 08-356, as cited in NIST SP 800-63 Rev 1. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsPenetration Testing
Definition(s)
Penetration Testing
A colloquial term for penetration test or penetration testing. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsPenetration Testing
An evaluation methodology whereby assessors search for vulnerabilities and attempt to circumvent the security features of a network and/or information system. Adapted from: NCSD Glossary, CNSSI 4009, NIST SP 800-53 Rev 4. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsPenetration
Definition(s)
Penetration
Successful unauthorized access to a protected system resource. Source: DNVGL-RP-G108, Cyber security in the oil and gas industry based on IEC 62443, DNV GL, September 2017. Global StandardsPenetration
An unauthorized act of bypassing the security mechanisms of a network or information system. Adapted from: CNSSI 4009 Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsPen Test
Definition(s)
Pen Test
A colloquial term for penetration test or penetration testing. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsPen Test
An evaluation methodology whereby assessors search for vulnerabilities and attempt to circumvent the security features of a network and/or information system. Adapted from: NCSD Glossary, CNSSI 4009, NIST SP 800-53 Rev 4 Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsPassword
Definition(s)
Password
A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization. From: FIPS 140-2. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsPassive Attack
Definition(s)
Passive Attack
An actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations. Adapted from: IETF RFC 4949, NIST SP 800-63 Rev 1. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsOversight & Development
Definition(s)
Oversight & Development
A NICE Workforce Framework category consisting of specialty areas providing leadership, management, direction, and/or development and advocacy so that all individuals and the organization may effectively conduct cybersecurity work. From: NICE Workforce Framework. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsOutside (r) Threat
Definition(s)
Outside (r) Threat
A person or group of persons external to an organization who are not authorized to access its assets and pose a potential risk to the organization and its assets. Adapted from: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsOperations Technology
Definition(s)
Operations Technology
The hardware and software systems used to operate industrial control devices. Adapted from: DHS personnel. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsOperational Exercise
Definition(s)
Operational Exercise
An action-based exercise where personnel rehearse reactions to an incident scenario, drawing on their understanding of plans and procedures, roles, and responsibilities. Extended Definition: Also referred to as operations-based exercise. Adapted from: DHS Homeland Security Exercise and Evaluation Program. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsOperate & Maintain
Definition(s)
Operate & Maintain
A NICE Workforce Framework category consisting of specialty areas responsible for providing the support, administration, and maintenance necessary to ensure effective and efficient IT system performance and security. From: NICE Workforce Framework. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsObject
Definition(s)
Object
Item characterized through the measurement of its attributes. Source: ISO/IEC 27000:2014, Information technology — Security techniques — Information security management systems — Overview and vocabulary, Third Edition, January 2014. Global StandardsObject
A passive information system-related entity containing or receiving information. Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsNon-Repudiation
Definition(s)
Non-Repudiation
Ability to prove the occurrence of a claimed event or action and its originating entities. Source: ISO/IEC 27000:2014, Information technology — Security techniques — Information security management systems — Overview and vocabulary, Third Edition, January 2014. Global StandardsNon-Repudiation
A property achieved through cryptographic methods to protect against an individual or entity falsely denying having performed a particular action related to data. Extended Definition: Provides the capability to determine whether a given individual took a particular action such as creating information, sending a message, approving information, and receiving a message. Adapted from: CNSSI 4009; From: NIST SP 800-53 Rev 4. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsNetwork Services
Definition(s)
Network Services
In the NICE Workforce Framework, cybersecurity work where a person: Installs, configures, tests, operates, maintains, and manages networks and their firewalls, including hardware (e.g., hubs, bridges, switches, multiplexers, routers, cables, proxy servers, and protective distributor systems) and software that permit the sharing and transmission of all spectrum transmissions of information to support the security of information and information systems. From: NICE Workforce Framework. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsNetwork Resilience
Definition(s)
Network Resilience
The ability of a network to: (1) provide continuous operation (i.e., highly resistant to disruption and able to operate in a degraded mode if damaged); (2) recover effectively if failure does occur; and (3) scale to meet rapid or unpredictable demands. Adapted from: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsMoving Target Defense
Definition(s)
Moving Target Defense
The presentation of a dynamic attack surface, increasing an adversary's work factor necessary to probe, attack, or maintain presence in a cyber target. From: DHS personnel. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsMalware
Definition(s)
Malware
Software designed with malicious intent containing features or capabilities that can potentially cause harm directly or indirectly to the user and/or the user’s computer system EXAMPLES Viruses, worms, trojans. Source: ISO/IEC 27032:2015, Information technology — Security techniques — Guidelines for cybersecurity, First Edition, July 2012. Global StandardsMalware
Software that compromises the operation of a system by performing an unauthorized function or process. Adapted from: CNSSI 4009, NIST SP 800-83. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsMalicious Logic
Definition(s)
Malicious Logic
Software that compromises the operation of a system by performing an unauthorized function or process. Adapted from: CNSSI 4009, NIST SP 800-83. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsMalicious Logic
Hardware, firmware, or software that is intentionally included or inserted in a system to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system. Adapted from: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsMalicious Code
Definition(s)
Malicious Code
Program code intended to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system. Extended Definition: Includes software, firmware, and scripts. Adapted from: CNSSI 4009. NIST SP 800-53 Rev 4. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsMalicious Code
Software that compromises the operation of a system by performing an unauthorized function or process. Adapted from: CNSSI 4009, NIST SP 800-83. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsMalicious Code
Programs or code written for the purpose of gathering information about systems or users, destroying system data, providing a foothold for further intrusion into a system, falsifying system data and reports, or providing time-consuming irritation to system operations and maintenance personnel.- NOTE: Malicious code attacks can take the form of viruses, worms, Trojan Horses, or other automated exploits.
- NOTE: Malicious code is also often referred to as “malware.”