A serious take on silly-sounding cybersecurity terms

Don't laugh. Names like 'cyber hygiene' and 'cyber palette' describe some very serious concepts.

Critical data breaches and hacking incidents have entered the mainstream consciousness. In one way this is good, as people are becoming more aware of the types of things that can happen and taking a closer look at how they use technology. But when security breaches or hacking exploits are publicized, what comes along with the reports is new terminology. There is enough new terminology about cybersecurity to be confusing even for the technically proficient. And to be honest, some of the terms sound so silly that it is hard to take them seriously until you understand what they mean.

Take, for example, cyber hygiene. When I first heard it, at a cybersecurity conference, I almost laughed out loud. But the person using the term was a high-ranking military official, so I thought I'd better pay attention. Cyber hygiene simply means performing basic tasks to protect digital assets. For example, use strong passwords, do not write them down for others to see, and change them frequently. Validate the sender before clicking on links/URLs within email or text messages. Do not send a Social Security number or bank account number to another person via email.

Then there's cyber palette. That one puts me in mind of artists or, when I relate it to technology, Adobe Photoshop and its palette layers. But cyber palette is the idea of implementing security in a multilayered way. This is sometimes called "defense in depth." The basic idea is that any one security protection mechanism can have flaws, so it's better to use additional tools for extra layers of protection. For example, a company would deploy a firewall to control incoming and outgoing network traffic but add an intrusion detection or a prevention system to aid in monitoring the network and/or critical systems for malicious activity.

Cyber strong is not the latest rubber-wristband motto. It describes an organization that has taken steps to understand its cyber risk (possible harm) and to protect its networks and software systems using the cyber palette methodology. Being cyber strong also includes educating personnel about the acceptable use of digital equipment. So cyber strong means the security posture of an organization is strong and the organization is prepared to defend more sophisticated attacks. I often wonder if there is such a concept as cyber weak.

OK, cyber (attack) vector and cyber (threat) intelligence don't sound silly. In fact, they sound sophisticated. Here's the silly part, though: They aren't sophisticated at all. A cyber vector is simply some type of vehicle/pathway/tool used to perpetrate a cybercrime or cyberattack. A threat actor would use a cyber vector to attack his target. A good example of a cyber vector is a mobile device. Cyber intelligence is the analysis of data or information that have indicators that could imply suspicious behavior. These indicators can be found in many places, like logs files, databases, network traces, etc. The idea is to monitor for suspicious indicators or activities and to understand the cyber threat so as to prevent a cyberattack from happening. Oh, and speaking of cyberattacks, some of them can last for a long period of time. That's called a cyber assault.

The cyber threat landscape is evolving, which is one of the reasons you are hearing more about cybersecurity. Since awareness is the first step toward understanding something new, it's important that we understand the terminology that's being used, and see that these silly-sounding names are attached to some very serious concepts.

Rhonda Chicone of Kaplan University has over 27 year of experience in the software industry. The views expressed in this article are solely those of the author and do not represent the views of Kaplan University.

Join the CSO newsletter!

Error: Please check your email address.

Tags security

More about Kaplan

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by By Rhonda Chicone

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts