Glossary

Confirmation that stakeholder requirements for the intended use of a system or application have been met.

An access method for cyber operations.

Confirmation that design or compliance requirements for a system or application have been met.

Network devices and networked IT equipment grouped logically based on resources, security or business requirements instead of their physical location.

A security measure designed to prevent known exploitation attempts against known vulnerabilities in web applications, typically via the use of a network-based intrusion prevent system or a web application firewall.

A network that maintains privacy through a tunnelling protocol and security procedures. Virtual Private Networks may use encryption to protect network traffic.

Simulation of a hardware platform, operating system, application, storage device or network resource.

A type of malware. Viruses spread on their own by attaching code to other programs, or copying themselves across systems and networks.

A type of media, such as random-access memory, which gradually loses its data when power is removed.

A weakness in a system’s security requirements, design, implementation or operation that could be accidentally triggered or intentionally exploited and result in a violation of the system’s security policy.

A vulnerability assessment can consist of a documentation-based review of a system’s design, an in-depth hands-on assessment or automated scanning with software tools. In each case, the goal is to identify as many vulnerabilities as possible.

The process of identifying, prioritising and responding to vulnerabilities.