Glossary of Terms

A type of DNS record used to point a domain or subdomain to an IP address.

The selective security technique that regulates who has access to digital resources.

Also known as ATO, a type of identity theft where the theft uses bots to gain access to someone’s digital accounts.

A type of computer science that creates intelligent machines with the ability to react and respond and make decisions like humans.

A data mining technique that identifies suspicious activity.

Prevents the sale of imitation or replication of physical goods.

Stops intentional deception for profit. Often associated with phishing.

Stops the unauthorized production on copyrighted material for profit.

The practice of adding safety measures and new functionality to pre-existing software to prevent new threats.

An attack that occurs when an authorized user gains access to a system or network and remains undetected for an extended period of time.

The act of simultaneously buying and selling assets from different price points in the market to make a profit.

A character set used by the global Domain Name System (typically for non-IDNs.)

Generally, an item owned by a company that holds monetary value, in the context of IT security it usually refers to a technical or other resource like a server, database, computer, network, or the information within.

The act of gaining or simply seeking unauthorized access to digital resources.

The set of channels in which an adversary can enter a system and potentially cause damage.

Authoritative name servers are an important component of the DNS system. These servers contain important information about how to resolve domain names.

Observing activities of users, information systems, and processes and measuring the activities against organizational policies and rules, baselines of normal activity, thresholds, and trends

A group of Internet-connected devices, that is used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow attackers to access the device and its connection.

The act of targeting an established, trusted brand to (a) confuse that brand’s customers and (b) becomes a means to carry out various forms of nefarious activity such as cybersquatting, phishing, selling counterfeiting, and more.

The decline of brand value due to overuse or due to excessive and unreasonable brand extension.

A term used to encapsulate several different types of malicious activity, all of which share the common theme of exploiting an existing brand in some way, either to gain specific benefits or to damage the brand reputation.

The act of preventing brand infringement and brand abuse.

Type of top-level domain that is reserved and used for a country of the domain’s origin.

Closed New gTLDS are a class of TLDs that are not open to the general public, for example, most “.BRAND” TLDs are only open for registrations by the sponsoring company.

Community-based new gTLDS are a category of gTLD meant to be used as community registries. In the previous round of new gTLDs, these applications received preference over all other types of applications and might relate to any type of community. (Examples include: .LGBT, .Islam, .art, .tennis)

The exclusive legal right, given to an originator (or an assignee) to print, publish, perform, film, or record literary, artistic, or musical material.

Fakes or unauthorized replicas of the real product. Counterfeit products are often produced with the intent to take advantage of the established value of the imitated product.

Criminal activity done through the means of computers and the internet.

Gathered information on digital threats that helps reduce the occurrence of cyber-attacks.

A U.S. law which allows the sharing of Internet traffic information between the U.S. government and manufacturing

The practice of abusing trademarks within the domain name system. Brand names—spelled correctly or, in a practice known as typosquatting, spelled incorrectly. Also, with new internationalized domain names, registering brands, or trademarks in alternative or international scripts.

A part of the world wide web that can only be accessed with special software that allows users and website owners to stay anonymous and untraceable.

A strategy that ensures end users do not release sensitive information outside of a corporate network.

A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic or sending it information that triggers a crash.

Tracking a company’s (a) traditional assets, like desktops and servers, other IT/corporate assets like desktops, servers, domains, IPs, technologies in use, login pages, as well as executive and VIP names and data. (b) Customer-facing and e-commerce assets: This includes brand names, social media activities, customer login pages, and mobile apps. (c) Sensitive data: You’ll be taking stock of login credentials, secret projects, and data loss prevention indicators. (d) Industry-specific assets: These assets vary depending on the business you’re in. Financial services companies, for example, might include BINs and account numbers. Pharmaceutical firms keep an eye on patented drug names, while retailers might include the names of brands or loyalty programs.

A brand of forensic science that identifies, collects, analyzes and reports valuable information that could relate to computer crimes.

A form of access control technology to protect and manage the use of digital content or devices in accordance with the content or device provider’s intentions.

A term to describe the potential implications or threats that come with taking up new technologies.

Solutions to mitigate the risk (brand abuse, fraud, data loss, insider threat) associated with a company’s identity and operations across multiple digital channels (mobile, social, websites).

A value computed with a cryptographic process using a private key and then appended to a data object, thereby digitally signing the data.

A U.S. copyright law that criminalizes the production and spread of technology, devices, and services that are intended to gain control of copyrighted works, and provides a safe harbor for platforms that mitigate copyright infringement upon notice.

The distributed system for translating hostnames into IP addresses. Situated on millions of servers around the world but acts as a single unified database. DNS makes it easier for end-users to remember a web address.

A presence on the Internet. E.g. a website. A web domain is a name that replaces an IP address.

Dot Brands are a category of new gTLD that is meant to relate directly to trademarked brands and provide brand-specific domain extensions to the company. (Examples include: .AIG, .Samsung, .BestBuy)

The act of surveying employee activity through multiple surveillance methods.

Any device that is physically on a network such as desktops, laptops, mobile phones, tablets, servers, and virtual environments.

The protection of endpoint devices and securing how and when they connect to corporate networks.

The process of asking an individual, platform, intermediary or another to mitigate abuse based on a law, rule, term of service, or other regulation. Also the act of taking down brand abuse.

An observable occurrence in an information system or network.

Also known as “close protection,” is another form of security mainly for the use of protecting VIPs or other individuals who are considered high risk because of their employment status.

A technique to breach the security of a network or information system in violation of security policy.

The condition of being unprotected, thereby allowing access to information or access to capabilities that an attacker can use to enter a system or network.

The instance when copyright material is used in the context of criticism, press, teaching, research, or a small snippet is presented.

GDPR is a European data privacy and security law. Though it was created by the European Union (EU), it imposes obligations to any organization that targets or collects data related to people in the EU.

Generic new gTLDS are new top-level extensions in the domain naming system and were offered in a new application process that ended in 2012. The first new gTLDs were delegated in 2013. (Examples of included: .bike, .car, .film, as well as community new gTLDs and branded new gTLDs)

Geographic-based new gTLDS are a category of new gTLD specific to a geographical area – whether a country, city, or continent. (Examples include: .Berlin, .NYC, .Madrid, .Africa)

Database that utilizes graph structures to surface relationships and connections between data points.

Legitimate goods sold through unauthorized channels. For example, the sale of a good meant for the Chinese market sold in another market like the US or Germany without the manufacturer’s permission.

A domain name extension that is at the rightmost of the dot in a domain name (in Latin-based scripts) that are not ccTLDs (country code top-level domains). gTLDs are delegated by ICANN and operated by registry operators. Domain name registrations for gTLDs are registered by domain name registrars.

The Internet Assigned Numbers Authority (IANA) is responsible for maintaining a collection of registries that are critical in ensuring global coordination of the DNS root zone, IP addressing, and other Internet protocol resources.

Non-profit organization that oversees the internet to ensure it is secure, stable and interoperable. ICANN also guides the community-driven policy process that sets the rules for the domain naming system.

IDNs are domain names with an encoded format that lets non-Latin character sets be used as domain names providing a more understandable way of accessing the internet those that communicate using those non-latin scripts.

An occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences.

The management and coordination of activities associated with an actual or potential occurrence of an event that may result in adverse consequences to information or information systems.

A methodized approach to executing the aftermath of a computer or security breach to minimize damage, recovery time, and costs.

A set of predetermined and documented procedures to detect and respond to a cyber incident

An occurrence or sign that an incident may have occurred or may be in progress.

Considered an “artifact” in computer forensics, Indicator of Compromise is a sign of computer intrusion.

Deemed an “artifact” by computer forensics that gives a high indication of a computer intrusion.

An advocacy association made up of brand owners and trademark professionals who help boost consumer trust, economic growth, and innovation.

A NICE Workforce Framework category consisting of specialty areas responsible for the investigation of cyber events and/or crimes of IT systems, networks, and digital evidence.

A systematic and formal inquiry into a qualified threat or incident using digital forensics and perhaps other traditional criminal inquiry techniques to determine the events that transpired and to collect evidence.

A work, creations, or invention that is held by an individual or company and protected by legal frameworks like patents, copyrights or trademarks.

A numerical label assigned to each device connected to a computer network.

A common requirement when registering a domain name and TLD is “local presence”, which states that the administrator of the domain or other intellectual property must live in the country where the property is registered.

The study of computer algorithms that improve with time and experience.

Type of illicit software that is designed to damage, disrupt, and or gain unauthorized access to computer systems.

The process determines the existence, behavior, and potential damage caused by malware.

An MX-record (Mail exchange-record) is a type of DNS record. An MX record indicates what specific IP address emails need to be sent. The MX-record contains the hostname of the computer(s) that handle the emails for a domain and a prioritization code.

Name servers are an important component of the DNS that “point” a domain name to the company that controls its DNS settings.

Fraud that occurs within a 90 time period after a new account has been opened.

A generic top-level domain that was approved by ICANN (the Internet Corporation for Assigned Names and Numbers) to create alternatives to .com, . net, . org and other preexisting extensions.

Services or software that detects and prevents fraud from happening across the internet.

‘Open’ gTLDS are a class of TLD open to the public for domains to be registered.

A form of IP that excludes others from creating, distributing, and selling the patented invention for a given amount of years.

A simulated cyber attack against a computer system, application or network to check for exploitable vulnerabilities.

A digital form of social engineering to deceive individuals into providing sensitive information via email.

Strategies that detect and prevent phishing schemes.

Any point of data that has the ability to identify an individual.

Punycode is a way of representing domain names that rely upon UNICODE characters into ASCII characters for use in the domain naming system. IDNs (like the Japanese, Chinese, Curili, Hebrew, etc. are represented in UNICODE and need to be converted into ASCII (in order to be readable by DNS)

A type of malicious software that prevents access to computer systems until a sum of money is paid.

RDAP is the set of services based on a distributed set of directories and databases holding information about a domain name registrant and the technical details of the domain name.

Additional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process.

The person or company that registers a domain name.

An organization that charges fees to registrants so they can use second-level (and sometimes third-level) domain names on behalf of individuals and organizations.

Registry – An organization that manages TLDs.

The ability to adapt to changing conditions and prepare for, withstand, and rapidly recover from disruption.

Sometimes referred to as recursive names servers or revolving Name Servers; these are an important element of the DNS system.

• these servers are usually (but not always), an ISP
  
  • These name servers can also store caches of DNS record information, this means most queries for more popular domains (such as google.com or amazon.com)

The activities that address the short-term, direct effects of an incident and may also support short-term recovery.

A method when it comes to managing situations involving breaches of IT security.

‘Restricted’ New gTLDS are a class of TLDs that can only be registered by qualifying groups or individuals.

The potential for an unwanted or adverse outcome resulting from an incident, event, or occurrence, as determined by the likelihood that a particular threat will exploit a particular vulnerability, with the associated consequences.

The systematic examination of the components and characteristics of risk.

The product or process which collects information and assigns values to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making.

The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring or controlling it to an acceptable level considering associated costs and benefits of any actions taken.

A strategy that lessens the possible effects of threats on a network’s data center.

A structured approach to managing risks to data and information by which an organization selects and applies appropriate security controls in compliance with policy and commensurate with the sensitivity and value of the data.

Software solution that aggregates and analyzes activity from many different resources across your entire IT infrastructure.

Faking the sending address of a transmission to gain illegal [unauthorized] entry into a secure system.

Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.

Occurs when someone uses another person’s sensitive information for financial gain.

The act of removing a domain name, website, web page, file, or other content from the internet through a formal request.

A potential risk that occurs when financial institutions rely on outside parties to perform services on their behalf.

A person or persons that attempt or successfully attempt to conduct malicious activity on the internet.

An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities.

The detailed evaluation of the characteristics of individual threats.

The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations, and/or property.

Important information relating to bad actors that help deflect harmful security breaches from happening.

A cybersecurity solution that helps manage cyber threat intelligence data such as actors, campaigns, incidents, signatures, along with security bulletins.

Helps connect the digital dots to better identify abuse.

Sometimes referred to “as to the right of the dot”, is the right-most part of a domain name (in most Latin-based scripts). Examples include, .COM, .UK or others including branded new TLDs like .CANON

A tangible form of IP that makes up and signifies the personality of a product.

A symbol, word, or group of words that are legally owned and represented by a legal entity.

The act of redirecting internet traffic destined to one site or service to another, most often for-profit via the display of ads, sale of goods or content, and sometimes for the purpose of fraud or other nefarious purposes.

UDRP is a process established by the ICANN community to resolve disputes regarding the registration of internet domain names. UDRP currently applies to some generic top-level domains (.com, .net, .org, etc.), [1] some country-code top-level domains, and some other top-level domains in specific circumstances. Prevailing complainants in UDRP cases are eligible to have the subject domain names transferred to their control.

URS stands for Uniform Rapid Suspension. It is like a UDRP, but URS largely applies only to the “new” generic top-level domains so generally speaking it does not apply to .com, .net, .org and the other traditional top-level domains. The URS differs from UDRP in that it’s remedy for complainants prevailing in a URS is the suspension of a domain during the term of its registration rather than the transfer of the domain name in the case of a UDRP

Protecting the external identities of VIPs (Executives etc.) within a corporation.

A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer.

A characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by threat or susceptible to a given hazard.

Cybersecurity work where a person: Conducts assessments of threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations.

The act of creating a fake website to mislead an audience, draw traffic to the site and then monetize the visit, commit fraud, distribute malware, steal credentials or other nefarious activity.

WHOIS was a set of services based on a distributed set of directories and databases containing information about a domain name registrant and the technical details of the domain name. Internet users formerly could rely on this services to find out more about registrants, administer domain names and other essential processes. Registration Data Access Protocol (RDAP) is the replacement that is being implemented.

A WHOIS LOOKUP is a query of the WHOIS database and can answer questions like “who is responsible for a specific domain name or an IP address”

A United Nations administrated global forum for IP protection, resources, and services.

A zero-day (also known as 0-day) vulnerability is a computer-software vulnerability that is unknown and unaddressed by security vendors and professionals.

Zone files are files stored on DNS servers and contain things like

• IP addresses
• name data
• MX records (mail records) and other service records and glue data that connect them with other DNS servers