Cybersecurity Glossary

The process of selecting and transforming relevant information or characteristics from raw data to make it suitable for analysis by an AI system.

File integrity checking is the process of verifying the integrity and authenticity of files by comparing their current state with a known, trusted reference. It involves calculating cryptographic hashes or checksums of files and comparing them against previously recorded values to detect any unauthorised changes, corruption, or tampering. File integrity checking helps ensure the integrity and security of files, especially critical system files or configurations.

File integrity monitoring (FIM) is a security practice that involves continuously monitoring and detecting changes or modifications to files, directories, or system configurations. FIM solutions use cryptographic hashes or checksums to establish a baseline of known-good file states and generate alerts or take action when unauthorised modifications occur. FIM helps detect unauthorised changes, malware infections, or suspicious activities that could indicate a security breach.

Fileless malware, also known as memory-based malware, refers to malicious code or techniques that reside in a computer's memory and execute without leaving traces on the file system. Fileless malware leverages legitimate processes, scripts, or system components to carry out malicious activities, making it difficult to detect and eradicate. It often uses techniques like PowerShell-based attacks, script injection, or living-off-the-land techniques to evade traditional security solutions.

A firewall is a network security device or software that acts as a barrier between an internal network and external networks, such as the internet. It examines incoming and outgoing network traffic based on predetermined security rules and policies to allow or block specific connections or data packets. Firewalls help protect against unauthorised access, network threats, and unwanted network communications by enforcing access control and traffic filtering.

Firewall configuration refers to the process of setting up, defining, and managing the rules, policies, and settings of a firewall to regulate network traffic and provide network security. It involves defining access control rules, specifying allowed or denied network connections, configuring port and protocol settings, creating network address translation (NAT) rules, and managing security zones. Proper firewall configuration is essential to ensure effective network protection and traffic control.

Firewall rules, also known as access control rules, are a set of predefined instructions or policies that dictate how a firewall should handle incoming or outgoing network traffic. These rules specify criteria such as source and destination IP addresses, ports, protocols, and other parameters to determine whether to allow, block, or apply additional actions to network connections. Firewall rules are the primary mechanism for controlling network traffic and enforcing security policies.

A firewall ruleset review is the process of examining, evaluating, and analysing the rules and configurations of a firewall to ensure their accuracy, effectiveness, and alignment with security policies. The review includes assessing the necessity and relevance of existing rules, identifying potential misconfigurations, eliminating unused or obsolete rules, and verifying proper rule ordering and prioritization. Regular ruleset reviews help maintain a robust and efficient firewall configuration.

Forensic analysis, or digital forensics, involves collecting, analysing , and interpreting digital evidence to investigate and reconstruct events related to cybersecurity incidents, criminal activities, or legal disputes. Forensic analysis techniques include data recovery, log analysis, memory forensics, network packet analysis, malware analysis, and other investigative procedures to establish a chain of custody and support legal proceedings or incident response efforts.

Forensic imaging refers to the process of creating a complete and verifiable copy or image of a digital storage device, such as a hard drive, solid-state drive, or mobile device, for forensic analysis or evidence preservation purposes. The imaging process captures not only the visible data but also the hidden or deleted data and metadata associated with the device. Forensic imaging ensures the integrity and authenticity of the original data while allowing investigators to perform analysis without altering the original evidence.

Forensics analysis, also known as digital forensics analysis, is the examination and interpretation of digital evidence collected during a forensic investigation. It involves analysing data, logs, network traffic, system artifacts, and other sources of digital evidence to reconstruct events, identify perpetrators, establish timelines, and gather intelligence for legal or incident response purposes. Forensics analysis combines various techniques, tools, and expertise from multiple disciplines to uncover the truth and support investigations.

Full disk encryption (FDE) is a security technique that encrypts the entire contents of a storage device, such as a hard drive or solid-state drive, to protect the data stored on it. FDE ensures that data remains encrypted at rest and is only accessible with the appropriate decryption key or passphrase. Even if the device is lost, stolen, or accessed without Authorisation, the encrypted data remains unreadable.

Fuzz testing, or fuzzing, is a software testing technique that involves providing invalid, unexpected, or random inputs to a program to identify vulnerabilities, software bugs, or unexpected behaviour. Fuzz testing aims to trigger crashes, errors, or security weaknesses that could be exploited by attackers. By subjecting software to various inputs, including malformed data, fuzz testing helps identify and address potential security and reliability issues.

Fuzz testing tools are software applications or frameworks specifically designed to automate the process of generating and injecting malformed or unexpected inputs into target programs or systems for fuzz testing purposes. These tools streamline the fuzzing process, manage test cases, track results, and provide reports on identified vulnerabilities or crashes. Examples of popular fuzz testing tools include American Fuzzy Lop (AFL), Peach Fuzzer, and libFuzzer.

Fuzzing, also known as fuzz testing, is a software testing technique that involves providing invalid, unexpected, or random inputs to a program to identify vulnerabilities, software bugs, or unexpected behaviour. Fuzzing aims to trigger crashes, errors, or security weaknesses that could be exploited by attackers. By subjecting software to various inputs, including malformed data, fuzzing helps identify and address potential security and reliability issues.