Cybersecurity Glossary

A rainbow table is a precomputed table of encrypted passwords or hash values used in password cracking attacks. Rainbow tables are created by generating and storing a vast number of possible plaintext-to-hash pairs. These tables can then be used to quickly look up the original password corresponding to a given hash value, significantly speeding up the password cracking process. To mitigate the effectiveness of rainbow table attacks, secure password storage techniques, such as salted hashing or adaptive hashing algorithms, should be used.

Ransomware is a type of malicious software (malware) that encrypts a victim's files or locks their entire system, holding it hostage until a ransom is paid. Ransomware attacks often involve the encryption of critical files or systems, rendering them inaccessible until a decryption key is provided by the attacker upon payment. Ransomware can be delivered through various vectors, including email attachments, malicious downloads, or exploit kits. Preventative measures against ransomware include regular data backups, robust security software, user education, and the use of software patches and updates to address vulnerabilities.

Ransomware negotiation refers to the process of communication and negotiation with attackers or ransomware operators after a ransomware attack has occurred. Negotiation may involve attempts to lower the ransom amount, verify the decryption capability, establish payment terms, or request proof of data decryption before making payment. Ransomware negotiation is a delicate and complex process, often involving specialised expertise and the involvement of law enforcement agencies or professional incident response teams. Organisations may choose to engage in negotiation to minimize the impact of an attack or explore alternative recovery options.

Real-time monitoring, also known as continuous monitoring, is an ongoing process of observing, analysing , and responding to events or activities in real time. In the context of cybersecurity, real-time monitoring involves the proactive and continuous collection, analysis, and correlation of security-related events, logs, or data from various sources, such as network devices, systems, applications, or user activities. Real-time monitoring enables the timely detection of security incidents, anomalies, or threats, allowing for immediate response and mitigation actions to minimize potential damage or unauthorised access.

AI systems that suggest personalized recommendations to users based on their preferences, behavior, and historical data.

Recovery time objective (RTO) is a metric that defines the maximum acceptable downtime for a system, service, or application following a disruptive event or disaster. RTO represents the target timeframe within which an organisation aims to recover its critical operations and resume normal business functions after an incident. The RTO is defined based on the recovery capabilities, business requirements, and criticality of the organisation's assets. Effective disaster recovery and business continuity planning involve setting appropriate RTOs, establishing recovery strategies, and implementing measures to meet the defined recovery objectives.

A type of neural network designed to process sequential data by maintaining internal memory, making it suitable for tasks such as natural language processing and speech recognition.

Neural networks that can process sequential data by utilizing feedback connections. RNNs maintain internal memory, allowing them to capture dependencies and context over time, making them suitable for tasks like speech recognition and language modeling.

Red teaming is a cybersecurity practice that involves an independent group or team of professionals simulating the actions and mindset of potential attackers to evaluate the effectiveness of security measures, identify vulnerabilities, and test an organisation's defences. Red teaming goes beyond traditional penetration testing by emulating the tactics, techniques, and procedures of real-world adversaries. Red teams conduct comprehensive assessments, including reconnaissance, social engineering, network exploitation, and physical security tests, providing organisations with valuable insights into their security strengths and weaknesses.

A type of supervised learning that models the relationship between input variables and continuous output variables. Regression algorithms are used to predict numerical values or estimate trends based on training data.

Techniques used to prevent overfitting in machine learning models by adding additional constraints or penalties to the loss function. Regularization methods, such as L1 and L2 regularization, encourage the model to be simpler and reduce the influence of irrelevant features, improving generalization and reducing the risk of overfitting.

A type of machine learning where an agent learns to make decisions by interacting with an environment. It learns through trial and error, receiving feedback in the form of rewards or penalties, with the goal of maximizing cumulative rewards.

Remote access refers to the ability to connect to and use computer systems or networks from a location external to the physical infrastructure. Remote access allows users to access resources, applications, or data remotely, typically over the internet, providing flexibility and convenience. Secure remote access solutions, such as virtual private networks (VPNs), secure shell (SSH), or remote desktop protocols (RDP), establish encrypted tunnels or secure connections to protect the confidentiality and integrity of data transmitted between the remote user and the accessed system or network.

Remote code execution (RCE) is a security vulnerability that allows an attacker to execute arbitrary code or commands on a targeted system or application from a remote location. RCE vulnerabilities can be exploited to gain unauthorised access, control compromised systems, launch further attacks, or perform malicious actions. RCE vulnerabilities are typically the result of software flaws, such as buffer overflows, command injection, or deserialization vulnerabilities. To mitigate the risk of remote code execution, software developers should follow secure coding practices, promptly apply patches and updates, and implement strong input validation and sanitization techniques.

A response plan, also known as an incident response plan (IRP) or a cyber incident response plan (CIRP), is a predefined set of actions and procedures that outline how an organisation should respond to and handle security incidents or cyber-attacks. Response plans provide a structured approach to detecting, containing, eradicating, and recovering from security incidents, minimizing the impact on business operations, and restoring normalcy. Response plans typically include roles and responsibilities, communication channels, incident triage processes, containment strategies, forensics procedures, and steps for stakeholder notification and coordination.

Reverse engineering is the process of analysing a technology, software, or system to understand its design, functionality, or behaviour by examining its components, code, or structure. In the context of cybersecurity, reverse engineering often involves decompiling or disassembling software binaries to examine their inner workings, identify vulnerabilities, extract sensitive information, or uncover hidden functionality. Reverse engineering can be used for both defensive and offensive purposes, such as vulnerability research, malware analysis, software patching, or the development of exploits or countermeasures.

Risk assessment is the process of identifying, analysing , and evaluating potential risks or vulnerabilities to determine their likelihood and potential impact on an organisation's assets, operations, or objectives. Risk assessment involves identifying assets, threats, vulnerabilities, and potential consequences. It helps prioritize risks, define risk mitigation strategies, allocate resources, and make informed decisions to manage and mitigate risks effectively. Risk assessments are integral to establishing a risk management framework and ensuring the protection and resilience of an organisation's critical assets and information.

Risk management is the ongoing process of identifying, assessing, prioritizing, and mitigating risks to minimize potential harm and maximize opportunities within an organisation. Risk management involves identifying and analysing risks, evaluating their potential impact, implementing risk mitigation measures, and continuously monitoring and reviewing the effectiveness of risk controls. Risk management aims to strike a balance between risk tolerance, business objectives, and resource allocation, enabling informed decision-making and proactive management of potential threats or vulnerabilities.

Risk mitigation is the process of implementing measures and strategies to reduce or eliminate potential risks or vulnerabilities within an organisation. Risk mitigation focuses on minimizing the likelihood or impact of identified risks through preventative actions, controls, or countermeasures. Risk mitigation strategies can include implementing security controls, conducting training and awareness programs, applying patches and updates, adopting redundant systems, developing incident response plans, or transferring risk through insurance. Risk mitigation aims to reduce the potential negative impact of risks and ensure the continuity and resilience of business operations.

The interdisciplinary field that combines AI and engineering to design, develop, and operate robots capable of interacting with their physical environment.

The use of software robots or AI systems to automate repetitive, rule-based tasks traditionally performed by humans.

A rogue access point refers to an unauthorised wireless access point that is connected to an organisation's network without proper Authorisation or oversight. Rogue access points are typically set up by individuals with malicious intent to gain unauthorised access to network resources, capture sensitive information, or launch attacks. Rogue access points can be established by insiders or external individuals who exploit security weaknesses or deploy malicious wireless devices. Organisations should implement wireless intrusion detection systems (WIDS) or wireless intrusion prevention systems (WIPS) to detect and mitigate rogue access points.

Rogue software, also known as rogueware or scareware, refers to malicious software that masquerades as legitimate or useful software but actually performs unwanted or harmful actions on a user's system. Rogue software often tricks users into installing it by presenting itself as antivirus software, system optimization tools, or fake security alerts. Once installed, rogue software may perform actions such as displaying fake security warnings, capturing personal information, delivering malware, or extorting money from victims. Users should exercise caution when downloading software and use reputable sources to minimize the risk of encountering rogue software.

Root cause analysis (RCA) is a systematic process of investigating and identifying the underlying causes or factors contributing to a security incident, system failure, or undesirable outcome. RCA involves examining the event, gathering data, analysing dependencies, identifying contributing factors, and determining the fundamental cause or causes that led to the incident. Root cause analysis aims to address the underlying issues and implement corrective actions to prevent similar incidents from recurring in the future. It is an essential component of incident response, continuous improvement, and risk management.

A root certificate, in the context of public key infrastructure (PKI), is a digital certificate issued by a trusted certificate authority (CA). Root certificates serve as the foundation of trust in a PKI hierarchy. They are used to verify the authenticity and integrity of other certificates issued by the CA, including server certificates, client certificates, and intermediate certificates. Root certificates are pre-installed or manually trusted by operating systems, web browsers, and other software to establish trust in the identity and legitimacy of websites, applications, or entities that present certificates signed by the trusted root CA.

A rootkit is a type of malicious software (malware) that is designed to conceal its presence or the presence of other malicious components on a compromised system. Rootkits typically provide privileged access or control over the operating system, allowing attackers to gain persistent access, hide malicious activities, and maintain control over the compromised system. Rootkits often modify system files, system calls, or kernel components to evade detection by traditional antivirus software or security controls. Detection and removal of rootkits require specialised tools and techniques that go beyond traditional malware scanning.