Glossary
Browse the IADC Lexicon alphabetically or by category. Get comprehensive definitions of drilling industry terms.
ICT Supply Chain Threat
Definition(s)
ICT Supply Chain Threat
A man-made threat achieved through exploitation of the information and communications technology (ICT) systems supply chain, including acquisition processes. From: DHS SCRM PMO. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsHashing
Definition(s)
Hashing
A process of applying a mathematical algorithm against a set of data to produce a numeric value (a 'hash value') that represents the data. Extended Definition: Mapping a bit string of arbitrary length to a fixed length bit string to produce the hash value. Adapted from: CNSSI 4009, FIPS 201-2. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsHash Value
Definition(s)
Hash Value
A numeric value resulting from applying a mathematical algorithm against a set of data such as a file. Adapted from: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsIntrusion Detection
Definition(s)
Intrusion Detection
The process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred. Adapted from: CNSSI 4009, ISO/IEC 27039 (draft). Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsIntrusion Detection
Security service that monitors and analyzes system events for the purpose of finding, and providing realtime or near real-time warning of, attempts to access system resources in an unauthorized manner
Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardIncident Response Plan
Definition(s)
Incident Response Plan
A set of predetermined and documented procedures to detect and respond to a cyber incident. Adapted from: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsFirewall
Definition(s)
Firewall
Inter-network connection device that restricts data communication traffic between two connected networks. Source: DNVGL-RP-G108, Cyber security in the oil and gas industry based on IEC 62443, DNV GL, September 2017. Global StandardsFirewall
A capability to limit network traffic between networks and/or information systems. Extended Definition: A hardware/software device or a software program that limits network traffic according to a set of rules of what access is and is not allowed or authorized. Adapted from: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsFirewall
Inter-network connection device that restricts data communication traffic between two connected networks [11].- NOTE: A firewall may be either an application installed on a general-purpose computer or a dedicated platform (appliance) that forwards or rejects/drops packets on a network. Typically firewalls are used to define zone borders. Firewalls generally have rules restricting which ports are open.
Exploitation Analysis
Definition(s)
Exploitation Analysis
In the NICE Workforce Framework, cybersecurity work where a person: Analyzes collected information to identify vulnerabilities and potential for exploitation. From: NICE Workforce Framework. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsExploit
Definition(s)
Exploit
A technique to breach the security of a network or information system in violation of security policy. Adapted from: ISO/IEC 27039 (draft) Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsExfiltration
Definition(s)
Exfiltration
The unauthorized transfer of information from an information system. From: NIST SP 800-53 Rev 4 Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsEnterprise Risk Management
Definition(s)
Enterprise Risk Management
Comprehensive approach to risk management that engages organizational systems and processes together to improve the quality of decision making for managing risks that may hinder an organization’s ability to achieve its objectives Sample Usage: An organization uses enterprise risk management processes to holistically consider the risks associated with personnel turnover. Annotation: Enterprise risks may arise from internal and external sources. Examples of internal sources include issues such as financial stewardship, personnel reliability, and systems reliability. Where internal risks threaten successful mission execution, enterprise risk management seeks to ensure that internal systems and processes are tailored to minimize the potential for mission failure. Examples of external factors include, but are not limited to, global, political, and societal trends. An organization will modify its enterprise risk management approach to take these risks into account. Source: DHS Risk Lexicon, U.S. Department of Homeland Security, 2010 Edition. September 2010 Regulatory GuidanceEnterprise Risk Management
A comprehensive approach to risk management that engages people, processes, and systems across an organization to improve the quality of decision making for managing risks that may hinder an organizations ability to achieve its objectives. Extended Definition: Involves identifying mission dependencies on enterprise capabilities, identifying and prioritizing risks due to defined threats, implementing countermeasures to provide both a static risk posture and an effective dynamic response to active threats; and assessing enterprise performance against threats and adjusts countermeasures as necessary. Adapted from: DHS Risk Lexicon, CNSSI 4009 Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsEncryption
Definition(s)
Encryption
The process of transforming plaintext into ciphertext. Extended Definition: Converting data into a form that cannot be easily understood by unauthorized people. Adapted from: CNSSI 4009, ICAM SAML 2.0 WB SSO Profile 1.0.2 Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsEncryption
Cryptographic transformation of plaintext into ciphertext that conceals the data’s original meaning to prevent it from being known or used (See “decryption”) [11].- NOTE: If the transformation is reversible, the corresponding reversal process is called "decryption," which is a transformation that restores encrypted data to its original state.
Encrypt
Definition(s)
Encrypt
The process of transforming plaintext into ciphertext. Extended Definition: Converting data into a form that cannot be easily understood by unauthorized people. Adapted from: CNSSI 4009, ICAM SAML 2.0 WB SSO Profile 1.0.2 Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsEncrypt
To convert plaintext to ciphertext by means of a cryptographic system. From: CNSSI 4009 Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsEncrypt
To convert plaintext to ciphertext by means of a code. Synonym(s): From: CNSSI 4009 Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsEncrypt
The generic term encompassing encipher and encode. From: CNSSI 4009 Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsEncode
Definition(s)
Encode
The process of transforming plaintext into ciphertext. Extended Definition: Converting data into a form that cannot be easily understood by unauthorized people. Adapted from: CNSSI 4009, ICAM SAML 2.0 WB SSO Profile 1.0.2. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsEncode
To convert plaintext to ciphertext by means of a cryptographic system. From: CNSSI 4009 Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsEncode
To convert plaintext to ciphertext by means of a code. Synonym(s): From: CNSSI 4009 Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsEncode
The generic term encompassing encipher and encode. From: CNSSI 4009 Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsEncipher
Definition(s)
Encipher
To convert plaintext to ciphertext by means of a cryptographic system. From: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsEncipher
To convert plaintext to ciphertext by means of a code. Synonym(s): From: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsEncipher
The generic term encompassing encipher and encode. From: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsEncipher
The process of transforming plaintext into ciphertext. Extended Definition: Converting data into a form that cannot be easily understood by unauthorized people. Adapted from: CNSSI 4009, ICAM SAML 2.0 WB SSO Profile 1.0.2 Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsElectronic Signature
Definition(s)
Electronic Signature
Any mark in electronic form associated with an electronic document, applied with the intent to sign the document. Adapted from: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsEducation and Training
Definition(s)
Education and Training
In the NICE Workforce Framework, cybersecurity work where a person: Conducts training of personnel within pertinent subject domain; develop, plan, coordinate, deliver, and/or evaluate training courses, methods, and techniques as appropriate. From: NICE Workforce Framework. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsDynamic Attack Surface
Definition(s)
Dynamic Attack Surface
The automated, on-the-fly changes of an information system's characteristics to thwart actions of an adversary. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsDistributed Denial of Service
Definition(s)
Distributed Denial of Service
A denial of service technique that uses numerous systems to perform the attack simultaneously. Adapted from: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsDisruption
Definition(s)
Disruption
An event which causes unplanned interruption in operations or functions for an unacceptable length of time. Adapted from: CNSSI 4009. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsDigital Signature
Definition(s)
Digital Signature
A value computed with a cryptographic process using a private key and then appended to a data object, thereby digitally signing the data. Adapted from: CNSSI 4009, IETF RFC 2828, ICAM SAML 2.0 WB SSO Profile 1.0.2, InCommon Glossary, NIST SP 800-63 Rev 1. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsDigital Signature
Result of a cryptographic transformation of data which, when properly implemented, provides the services of origin authentication, data integrity, and signer non-repudiation [12]. Source: ANSI/ISA–99.00.01–2007, Security for Industrial Automation and Control Systems, Part 1: Terminology, Concepts, and Models, 29 October 2007. National StandardDigital Rights Management
Definition(s)
Digital Rights Management
A form of access control technology to protect and manage use of digital content or devices in accordance with the content or device provider's intentions. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsDigital Forensics
Definition(s)
Digital Forensics
The processes and specialized techniques for gathering, retaining, and analyzing system-related data (digital evidence) for investigative purposes. Extended Definition: In the NICE Workforce Framework, cybersecurity work where a person: Collects, processes, preserves, analyzes, and presents computer-related evidence in support of network vulnerability, mitigation, and/or criminal, fraud, counterintelligence or law enforcement investigations. Adapted from: CNSSI 4009; From: NICE Workforce Framework. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsDesigned-in Security
Definition(s)
Designed-in Security
A set of principles, practices, and tools to design, develop, and evolve information systems and software that enhance resistance to vulnerabilities, flaws, and attacks. Adapted from: Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program (2011), US-CERT's Build Security In website. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsDenial of Service
Definition(s)
Denial of Service
An attack that prevents or impairs the authorized use of information system resources or services. Adapted from: NCSD Glossary. Source: NICCS™ Portal Cybersecurity Lexicon, National Initiative for Cybersecurity Careers and Studies (https://niccs.us-cert.gov/glossary) as of 11 November 2015, Global StandardsDenial of Service
Prevention or interruption of authorized access to a system resource or the delaying of system operations and functions [11].- NOTE: In the context of industrial automation and control systems, denial of service can refer to loss of process function, not just loss of data communications.