Lexicon

Advanced Persistent Threat

APT specifically refers to a sub-set of such threats, in a long-term pattern of targeted sophisticated hacking attacks aimed at governments, companies and political activists, and by extension, also to refer to the groups behind these attacks.

Availability

Availability, one of the primary Principles of Security, refers to the goal of keeping resources available for users. Although not commonly associated with the role of Security, this principle remains one of Security's highest tasks.

Common Vulnerabilities and Exposures

CVE Identifiers (also called "CVE-IDs," "CVE names," "CVE numbers," and "CVEs") are unique, common identifiers for publicly known information security vulnerabilities. Each CVE Identifier on the CVE List includes a CVE identifier number (i.e., "CVE-1999-0067"); indication of "entry" or "candidate" status; a brief description of the security vulnerability or exposure; and any pertinent references (i.e., vulnerability reports and advisories or OVAL-ID). CVE Identifiers are used by information security product/service vendors and researchers as a standard method for identifying vulnerabilities and for cross-linking with other repositories that also use CVE Identifiers. http://cve.mitre.org/

Confidentiality

Confidentiality, one of the primary Principles of Security, refers to the goal of keeping sensitive information private for only those that need to access it. This principle is most commonly associated with the role of Security, although, depending on the data, it may not be the most important.

Denial of Service

Denial of Service is a type of attack which causes a service disruption. This disruption could be for many purposes including defacement, intelligence gathering, loss of profit or progress, revenge, politics or mercenary purposes.

IAS

Institute for Advanced Study

Information Security

The field concerned with protecting information through risk analysis, threat mitigation and business continuity planning.

Integrity

Integrity, one of the primary Principles of Security, refers to the goal of keeping information trustworthy from unwanted change, either malicious or benign. This principle is often overlooked as a role of Security, although, it tightly fits with Availability and Confidentiality.

Malware

Malware stands for MALicious softWARE and refers to Virii, Trojans, Worms, Spyware, Adware or any software that is intended for malicious purposes. The term combines all of these into a single category.

Mitigated

This rating is reserved for vulnerabilities that have been mitigated and are no longer a threat. This is for clarity of documentation that gives the current state of a risk.

No Risk

This rating is reserved for items that were deemed a risk before, but have now been deemed not vulnerable due to new information.

Personally Identifiable Information

"Information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual." - Personally identifiable information. (2010, January 10). In Wikipedia, The Free Encyclopedia. Retrieved 14:20, January 12, 2010, from http://en.wikipedia.org /w/index.php?title=Personally_identifiable_information&oldid=337010061

Phishing

Phishing is a term that refers to a type of attack made against unsuspecting individuals that coerces them to divulge sensitive information. The name comes from the word "fishing," where one casts a line or net in the water hoping to fool a fish to take the bait.

Principles of Security

The three Principles of Security are: Availability, Integrity and Confidentiality. It is often referred to as the AIC triad (or sometimes the CIA triad). These principles are at the core of Information Security, and are represented in the IAS Security Seal.

Priority 1

This vulnerability is the most severe. It is actively being exploited, or exploitation is imminent. Other outside businesses or schools are actively being exploited.

Priority 2

This vulnerability has not yet been exploited at the Institute, however, exploitation may be imminent. Other outside businesses or schools are actively being exploited.

Priority 3

This vulnerability has not yet been exploited at the Institute. The probability of exploitation is medium and there may be discussion about the vulnerability in security circles.

Priority 4

This vulnerability has a lower probability of exploitation, but should still be mitigated. Attention to this risk and above should be notified to the security@ias.edu mailing list or the involved school's helpdesk.

Priority 5

This vulnerability is low risk. Direct communication should be made with the school or group in which it affects.

quarantine

A quarantine separates malicious items away from normal items. For example, emails marked as possibly spam can be sent into a quarantine. You may have the rights to release a message inside of the quarantine, should you so desire.

Ransomeware

Malicious software that holds your files hostage by encrypting them. You then pay for the key to decrypt your files again.

Severity 1

This vulnerability is the most severe. It poses high risk to the other groups/schools or the entire Institute as a whole. This also may be a vulnerability that puts the image of the Institute at risk.

Severity 2

This vulnerability poses high risk to an entire group/school, possible including resources available to another group/school.

Severity 3

This vulnerability poses high risk within a group/school. It does not pose a risk of contaminating other groups/schools.

Severity 4

This vulnerability poses a risk to a user, or smaller group. If left unfixed, it could grow larger or spread to other groups/users.

Severity 5

This vulnerability is low and poses a risk to an individual or group. If left unfixed, it will not grow and will remain vulnerable only to that user or group.