Glossary of Computer Security terms

Like any field involving technical skills, the world of information systems security (also known as ISIS, computer security or cybersecurity) uses a wide variety of technical and specialized terms that can make a conversation between two professionals seem like code language. It is in an effort to help you decipher all these terms that we have put together this list.

The origins of IT security

While everyone agrees that computer security could not have been created before the first computers, it must be recognized that some areas, facilitated by the computer today, have been around much longer than that. For example, we can go all the way back to antiquity to find the first message encryption processes with the Lacedemonians and their scytale or with the very famous cipher of Caesar. These gave rise to Cryptography which is a specific branch of computer security.

Subsequently, the field of computer science having become strongly Anglo-Saxon, the field of computer security has naturally inherited its share of anglicisms. This is how words like Pentest, Blackbox came to be, Ransomware as well as many English acronyms such as CERT, CSRF, PDCA, SQLi... some have a French equivalent: pentest -> test d'intrusion, ransomware -> rançongiciel, but others don't really have an equivalent (we could say "injection de langage de requête structurée" for SQLi in French but nobody would understand).

Finally, with the growing importance of cybersecurity in the professional world, new purely French terms have appeared. They can concern positions within a company (CISO: Chief Information Security Officer) or new concepts such as OIV (Vital Importance Operator) which appeared in 2006.

Regardless, this Information Systems Security Glossary / IT Security is here to help you better understand our field of activity and our business, and is regularly expanded and updated.

AD

Acronym for Active Directory. Microsoft's implementation of an LDAP directory. A directory is a central database containing all the data and authentication information of the users of a computer network.

AMOA

Acronym of Contracting Authority Support (in French). In a project, the entity designated as such has the mission of ensuring the adequacy of the information system with the expectations of users, whether in terms of definition, implementation, and operation of the project.

ANSSI

Acronym of National Information Systems Security Agency (in French). As its name indicates, it is the governmental organization that aims to coordinate the efforts of the French professional computer security community. Its role is to issue recommendations and disseminate knowledge to secure information systems, and also to provide support to businesses and local authorities.

ATT&CK

MITRE ATT&CK (Adversarial Tactics, Techniques and Common Knowledge) is a framework, set of data matrices and assessment tool developed by MITRE Corporation to help organizations understand their security readiness and discover vulnerabilities in their defenses. MITRE's comprehensive ATT&CK framework is divided into three main variants, each containing a subset of TTPs (tactics, techniques, procedures) that apply to specific target computing environments. Each variant is known as a « Matrix ». The three main matrices of the ATT&CK framework are the Enterprise Matrix, the Mobile Matrix and the ICS (Industrial Control System) Matrix. The Enterprise and Mobile matrices are subdivided into sub-matrices filtered to contain only the relevant tactics, techniques and procedures (TTPs) for each environment.

Blackbox

This term is used in English and in French as well. It is a type of audit during which the auditors only have access to the audited system, without user account or privileges. It allows to simulate the actions of an attacker that discovers the system, but is not supposed to have access to it.

CERT

Acronym of Computer Emergency Response Team. A centre with two objectives: to alert companies and administrations and to react to computer attacks, but also to take proactive steps to inform and raise awareness in order to prevent such attacks. In addition, the various CERTs are encouraged to communicate with each other and coordinate their efforts to ensure a better transmission of information.

CNIL

Acronym of National Commission of Computer Sciences and Liberties (in French). French and independant administrative authority, created with the "Loi Informatique et Libertés" (LIL) law of 1978, tasked with accompanying companies that collect personal data and fining those that do not respect the rules.

CPS

A cyber-physical system or CPS is a set of computer entities that collaborate to control physical entities such as actuators. Cyber-physical systems are very common in factories, for example, a conveyor is a cyber-physical system.

CSIRT

Acronym of Computer Security Incident Response Team. This term is used instead of CERT in countries other than the United States, as CERT is a registered trademark of the Carnegie-Mellon University.

CSRF

Acronym of Cross-Service Request Forgery. A type of vulnerability in an application that does not sufficiently check the permissions a user benefits before performing an action. The attacker is attempting to execute, by various means, a URL by an administrator logged into the application. It then performs the sensitive action, such as adding a user or privileges to a user, without ensuring that the original administrator has voluntarily triggered it.

CVE

Acronym of Common Vulnerabilities and Exposure. The CVE system allows for the identification and classification of software vulnerabilities found around the world. Each vulnerability is assigned a unique identifier including the year of discovery, as well as a CVSS score.

CVSS

Acronym of Common Vulnerability Scoring System. This is the software vulnerability rating system that allows you to assign a criticality rating to each vulnerability. This score is composed of different criteria, including the vulnerability exploitation conditions (need to be connected to the service, or simply to access it remotely), the ease of exploitation (accessible to an inexperienced attacker), and the impact on the security of the vulnerable system. The ANSSI classification scale we use in our audit reports is ultimately a simplification of this system.

DC

Acronym of Domain Controller. A domain controller is a Windows server that controls and administers all the machines in a Windows corporate network. So it's one or more very privileged machines that are usually the target of attackers.

DA

Acronym of Domain Admin. A domain administrator is a user account on corporate Windows networks that has the necessary privileges to connect to domain controllers to perform administrative operations on the computer network. So it's one or more very privileged accounts that are usually the target of attackers.

DCP

Acronym of Personal Data (in French). Personal data corresponds to information that can identify, directly or indirectly by cross-referencing information, a natural person. Some examples of personal data: first name, last name and photograph of course, but also place and date of birth, pseudonym, reservation number, blood group, IP address, voice sample...

DDOS

Acronym of Distributed Denial Of Service. An attack that aims to saturate a computer server's resources by bombarding it with requests from a large number of different IP addresses. Opponents who carry out these kinds of attacks usually control a network of bots or zombie computers, i.e. computers that have been infected and are silently controlled by the attacker.

DPI

Acronym of Deep Packet Inspection. Deep packet inspection is a method of recovering the application layer of a packet to analyse its contents if it is not encrypted.

DPD

Acronym of Delegate to the Protection of Data. It is the French name for a DPO.

DPO

Acronym of Data Protection Officer. This is the person in charge of data security in a company, in particular the personal data that the company may hold. This is the liaison point between the company and the CNIL for all matters relating to personal data.

ECSC

Acronym of the European Cyber Security Challenge. An IT security competition for young enthusiasts between 14 and 25 years of age, where teams from different European countries compete against each other in various security challenges.

EDR

Acronym of Endpoint Detection and Response. A technology used on endpoints, i.e. computers and servers, to detect and potentially stop suspicious activity. EDR are supposed to detect malicious behavior more than malicious and easily circumvented file signatures, which is usually a function attributed to antivirus solutions.

EVPN

Acronym of Ethernet Virtual Private Network. A network protocol designed to encrypt data traveling over a link. Being on the lower layers of the OSI model, encryption is supposed to be performed there in a more efficient and optimized manner than traditional VPN solutions.

ETSI-ISI

Acronym of European Telecommunications Standards Institute - Information Security Indicators. ETSI is an independent, not-for-profit European standardization body that develops technical standards and tests applicable to computer and industrial systems worldwide. ISIs are standardized indicators for detecting security events.

FIC

Acronym of International Cybersecurity Forum (in French). AlgoSecure has been present at this annual IT security meeting for several years now, taking place at the Grand Palais in Lille at the end of January. Come see us and meet some of our team members!

Forensic

In computer sciences, equivalent to digital investigation. It refers to the services that investigate following a computer attack. In search of the traces left by the perpetrators of the attack, the investigators try to understand the course of the attack. They will also gather information to identify the perpetrators and then initiate legal action to obtain compensation for the damage.

FOVI

Acronym of False Wire Transfer Orders (in French). A social engineering attack in which the attacker aims to have a company make a fraudulent bank transfer to another bank account under his or her control. It's also called "wire fraud", or "president scam", because the identity of the company president is often impersonated.

GPO

Acronym of Group Policy Object. GPOs are settings, deployed by the administrators of a Windows computer network, on all or part of the company's workstations and servers. These settings can apply restrictions, privileges, scripts, or change system settings without the administrator having to perform these operations manually on every machine in the environment.

Greybox

This term is used in English and in French as well. It is a type of audit during which the auditors have the credentials to several user accounts matching different levels of privileges. It allows to check the correct implementation of access control mechanisms.

ICS

Acronym of Industrial Control System. A global term that designates all the equipments used to control and monitor industrial systems. SCADA (Supervisory Control and Data Acquisition) is one type of industrial control system among others.

IDS

Acronym of Intrusion Detection System. A system that monitors a computer network for attacks in real time, using mechanisms based primarily on behaviour or reputation Some may also base their detection on a signature mechanism, although this approach is becoming less and less effective, at least against targeted attacks.

IPS

Acronym of Intrusion Prevention System. It's an advanced IDS system that also has capabilities to block detected attacks.

ISO:19011

International standard that provides guidance on auditing management systems, produced by the International Organization for Standardization (ISO). The French PASSI standard of the ANSSI is based on this norm, which gives the main principles for the implementation of an audit program.

ISO:27001

International standard for information systems security, produced by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The ISO 27001 standard allows to manage, control and improve the means and methods implemented in the security of information systems. It highlights the company's expertise in cyber risk management.

Keychain

This term is used in English and in French as well. It is an Apple-made system developped for macOS and iOS allowing the secure storage and access control to a user's secrets (passwords, cryptographic keys, certificates...)

LAN

Acronym of Local Area Network Strong. Refers to the internal computer network of a company, i.e. the network that connects servers and workstations to each other, which is supposed to be unreachable from the Internet. As opposed to the WAN, which refers to the external part of the computer network exposed on the Internet.

LAPS

Acronym of Local Admin Admin Password Solution. An enterprise IT security solution provided by Microsoft to easily manage the local administration of all servers and workstations. Rather than setting a single password for all local Administrator accounts on servers and workstations, LAPS allows for a different local Administrator account password per machine.

LDAP

Acronym of Lightweight Directory Access Protocol. A protocol that defines how to communicate with a directory in order to read or write data. Over time, it has developed and now defines how to classify, store and name data in a directory.

LLMNR

Acronym of Link-local Multicast Name Resolution. A name resolution protocol, successor of NBT-NS, allowing to match an IP address with a machine name, exclusively on a local network. It is usually used in Windows corporate networks, but suffers from an intrinsic vulnerability that usually allows an attacker to steal user authentication data. It is therefore strongly advised to disable it, after installing a functional DNS server on the company network.

MARION

Acronym of Level-Optimized Computer Risk Analysis Method (in French). It is a French risk analysis method, like the EBIOS method for example. The aim is to propose a method for identifying the risks to which a company is exposed so that it can act on them. This is the ancestor of the MEHARI method (Harmonized Method of Risk Analysis, in French).

MCO

Acronym of Operational Conditions Maintainment (in French). The final phase of an IT project to ensure its sustainability over time. In concrete terms, this means the supervision, maintenance and updating of computer resources. Unfortunately, this is often an underestimated phase in a project, but it is the one that can reduce the likelihood of a security incident.

MITRE

MITRE is a federally funded research organization based in Bedford and McLean. Founded in 1958 out of MIT, MITRE is a U.S. nonprofit organization that conducts cybersecurity research to support defensive computer security across all sectors, including government agencies and defense contractors. MITRE was created to advance national security in new ways and serve the public interest as an independent advisor.

Modbus

Modbus is a network protocol widely used in industry, it is a client-server (master-slave for modbus) architecture where a master can write a value to a register of the slave. The register simply represents the address of a value.

MSP

Acronym of strong>Managed Service Provider. An IT services company that administers and supervises the services of its clients remotely. The advantage of an MSP is to benefit from a recurring source of income, thanks to a subscription-based approach, while relieving its customers of the management of their information system.

NBT-NS

Acronym of NetBIOS over TCP/IP Name Service. A naming system developed by IBM and used by Windows to make the different machines on a network communicate with each other. It is usually used in Windows corporate networks, but suffers from an intrinsic vulnerability that usually allows an attacker to steal user authentication data. It is therefore strongly advised to disable it, after installing a functional DNS server on the company network.

NTDS

Acronym of strong>New Technologies Directory Services. This is the former name of Active Directory. Usually refers to the database that stores the entire directory, i.e. the information and privileges of users on a Windows computer network. It contains, among other things, the NTLM hashes of the passwords of users on the corporate Windows network, and is therefore highly prized by attackers.

NTLM

Acronym of Strong>New Technologies Lan Manager. An authentication mechanism in Windows computing environments. Usually refers to the fingerprint or hash generated by such a mechanism to store the password of a Windows system user. For purposes of differentiation, the network authentication protocol is generally referred to as Net-NTLM and exists in two versions: Net-NTLMv1 and Net-NTLMv2.

OIV

Acronym of Vital Importance Operator (in French). It is a French term used to identify organizations that play a critical or dangerous role for the population. Special security requirements apply to these organizations. There may be companies involved in energy, transportation, communications, hazardous materials production, military or research activities. The list is not being released publicly.

OWASP

Acronym of Open Web Application Security Project. An open community governed by a non-profit organization working to secure the web in the broadest sense. It provides security recommendations for publishers, as well as guides and tools for assessing the security of applications. It regularly publishes a list of the most exploited security vulnerabilities on the web, the well-known OWASP Top 10.

PASSI

Acronym of Information Systems Security Providers and Auditors (in French). This French qualification distinguishes security audit companies and their auditors who comply with the requirements of the French ANSSI standard. It is subject to periodic re-evaluation to ensure that the security level is maintained over time.

PCA

Acronym of Business Continuity Plan. A set of measures enabling a company to continue to operate in the event of a disaster, breakdown or major incident, while minimising the duration of any interruption. One of the first steps is to conduct a risk analysis.

PDCA

Acronym of Plan, Do, Check, Act, strong. Also known as "Deming's Wheel", it's a common sense method that can be applied to all areas. The idea is to follow a methodological process aimed at improving a product or service, or solving a problem, in an efficient and sustainable manner. We plan an evolution, implement it, check the result of the implementation, then act to correct it and adjust if necessary. Then we start again.

PDIS

Acronym of Security Incidents Detection Companies (in French). A French qualification delivered by ANSSI which attests the level of expertise and maturity of a company which offers external SOC services. The companies that aim to obtain this label are subject to guidelines enacted by ANSSI and must go through a qualification process.

Pentest

Short for Penetration Testing. A penetration test consists in putting oneself in the state of mind of an attacker, using the same tools and techniques to test the defenses of a computer system. Vulnerabilities identified during this test can then be mitigated or patched, so that the system is protected when later accessed by a real attacker.

PRA

Acronym of Business Recovery Plan (in French). A set of procedures to be carried out after a major accident has occurred within a company, which has forced it to temporarily cease its activity. As with the BCP, one of the first steps is to conduct a risk analysis.

PLC

Acronym of Programmable Logic Controller. These are computers specifically designed to control industrial systems. They are optimized to function with industrial machines in harsh environments where temperature, vibrations and dust can complicate operations.

PSSI

Acronym of Information System Security Policy (in French). A reference document listing a set of rules and policies aimed at ensuring the security of an information system and reflecting the strategy of the company or organisation.

PTES

Acronym of Penetration Testing Execution Standard. A reference document that lists the steps and methods to be followed in conducting a penetration test. It's a standard that any service company offering penetration testing has to meet, and of course we do.

Ransomware

Short for ransom software. A type of computer threat that makes data on a system inaccessible by encrypting it with a key. The owner of the system is then asked to pay a ransom in exchange for the key to decrypt his files, or for the non-disclosure of the data.

RedTeam

The Red Team or offensive team specializes in penetration testing and ethical hacking. Its aim is to detect security flaws, assess the resilience of defenses and test incident management processes.

Reverse Engineering

Method consisting in studying the functioning of a compiled software without having access to its source code. This makes it possible to understand how a threat works in order to block it, or to analyze legitimate software for exploitable weaknesses.

Reverse Shell

A Reverse Shell is a utility that allows access to a remote victim's machine to perform actions via system commands.

RGPD

Acronym of General Data Protection Regulation (in French). European regulation that came into force in May 2018 and defines how companies that process personal data of European citizens should access, handle and secure these data. It also reinforces and grants a number of rights to European citizens, who can exercise them with companies that hold their personal data. Finally, it provides for dissuasive sanctions for companies that fail to comply with the Regulation.

RSSI

The primary mission of the Chief information security officer (CISO) is to define the IS security policy ( system and network security, application security, data backup strategy or even the implementation of a business continuity plan ...), and must also scrupulously ensure its implementation. The CISO can exercise his function as an employee, or on an ad hoc mission. This is referred to as Interim CISO or outsourced CISO.

SAM

Acronym of Security Account Manager. The local database for storing the NTLM hash of local user accounts in a Windows system. The SAM database is physically stored in a file, and is also integrated into the Windows registry. Access to this database and the information it contains obviously requires high privileges on the system.

SCADA

Acronym of Supervisory Control And Data Acquisition. Large-scale remote management system allowing the remote control of technical installations that are often substantial (factories, dams, power plants, etc.).

SIEM

Acronym of Security Information and Event Management. It is a system that centralizes the event logs of a company's computer systems, and allows for the analysis and correlation of all these traces in order to identify and understand a computer attack. SIEMs also allow these traces to be kept for archiving purposes, and the most advanced among them can also replay security events to allow defensive teams to perfect their defences.

SIIV

Acronym of Vital Information System (in French). This acronym designates the information system of an VIO, the IS (Information System) of an VIO is therefore a VIS. Specific rules laid down by the Prime Minister's Office are applicable to VIS according to the sector of activity of the VIO that administers them.

SMSI

Acronym of Information Security Management System (in French). It is a set of rules and policies governing the management of information security. An ISMS focuses more on processes and people than on technology to ensure information security.

SOC

Acronym of Security Operation Center. SOC means the team in a company that oversees the security of its information system. The purpose of a SOC is to manage security incidents and monitor a company's assets in order to respond quickly and effectively against attacks.

SQLi

Acronym of SQL injection. SQL (Structured Query Language) is a language that allows a website or software application to communicate with a database. An SQL injection is an attack that exploits a vulnerability in the application communicating with the database, allowing it to hijack its original operation in order to illegitimately read or modify data.

SSL

Acronym of Secure Socket Layer. The SSL protocol governs the way in which a computer and a server securely exchange data, specifically the layer of encryption that protects data from potential interception during transmission between the two parties. This term is less and less used nowadays, in favor of the evolution of this protocol called TLS.

SWIFT

Acronym of Society for Worldwide Interbank Financial Telecommunication. International organization that manages the organization of communication between banks around the world. It provides communication systems for banking flows, and produces IT security requirements to which its members may be subject. The term also refers to Apple's programming language for developing applications for its systems.

SYSVOL

Acronym of SYStem VOLume. A network share, accessible to all users on a Windows corporate network, that is used to store scripts or GPOs for automatic use by Windows systems that have access to it.

TLS

Acronym of Transport Layer Security. This is the evolution of the SSL protocol. This new name was adopted in part because of the structural differences between the two protocols, and the security gains brought by TLS. Different versions of this protocol exist, the most recent being version 1.3.

WAF

Acronym of Web Application Firewall. It is a tool designed to be placed upstream of a web server, and is intended to block certain basic attack attempts such as SQL injections or XSS vulnerabilities. WAFs are notoriously difficult to implement due to the false positives they can generate, and are relatively efficient. In this, it is generally advisable to integrate them as a last resort, when the potentially vulnerable application they protect cannot be secured within an acceptable time frame.

WAN

Acronym of Wide Area Network. It is a wide computer network, for example, linking all the resources of a society between different cities, regions or countries. The Internet is often referred to as the largest of the WANs.

Whitebox

This term is used in English and in French as well. It is a type of audit during which the auditors have access to every technical element linked to the audited system, i.e. infrastructure schemas and technical points of contact.

XSS

Acronym of Cross-Site Scripting. A type of vulnerability in a web application in which the attacker is able to execute Javascript code in the browser of another user of the application, without his or her knowledge. A lack of filtering of the data entered and/or a lack of encoding of the data display is exploited for this purpose.