12 for 2012! Security Buzzwords you need to know!
Guest blogging for Andy today is Ed Roze who heads the Infrastructure and Security Services disciplines for Fusion Alliance.
There is lots of buzz around Data Security these days. It has even been said that Data Security itself will be “the” buzzword of 2012.
Here at Fusion Alliance, we deal with security on a daily basis and realize there are lots of terms that make up our vocabulary, especially when discussing the security issues our clients are experiencing. In this blog post we predict the top security buzzwords for 2012 along with their meanings. How did we select these twelve terms from the hundreds of security terms used today? Our list was gleaned from our clients’ security concerns and needs — real questions and concerns being faced by businesses just like yours.
Top 12 Security Buzzwords of 2012
1. Advanced Persistent Threats (APTs) – In his presentation “Advanced Persistent Threats: Cutting Though the Hype,” Kevin Rowney of Symantec defines APTs as active, targeted, long-term campaigns that try to remain in place and undetected for an extended period. APTs include multiple “kill chains” in parallel to ensure success. They mutate and adapt to evade detection, and are well organized and resourced.
2. Cloud Security – Cloud security is a component of computer security which deals with the policies, technologies, and controls put into place to protect data, applications, and the associated infrastructure of cloud computing. This SANS whitepaper highlights some key security compliance and audit challenges that businesses need to be concerned with as they consider moving more applications to the cloud. They include:
- Limited ability to control data and applications
- Limited knowledge and visibility into the degree of segmentation and security controls between those co-located virtual resources
- No visibility into the provider’s systems and controls
3. Mobile Device Security or Mobile Device Management (MDM) – With more and more people using portable devices for business — even personal devices (see BYOD below) — protecting the data and access to corporate assets, should the devices themselves get into the wrong hands, is crucial. We view the implementation of a mobile device security policy as an important first step in managing this risk.
4. Bring-Your-Own-Device (BYOD) – PC Magazine explains BYOD as employees taking their own personal devices to work — laptops, smart phones or tablets — in order to interface with the corporate network. According to a Unisys study conducted by IDC in 2011, nearly 41% of the devices used to obtain corporate data are owned by the employee. This phenomenon requires businesses to evaluate the risk associated with that exposure, and manage those mobile devices to mitigate the risk.
5. Compliance – Quality Research International defines compliance as “undertaking activities or establishing practices or policies in accordance with the requirements or expectations of an external authority.” These requirements may be driven by external governing bodies or internal audit requirements.
6. Data Loss Prevention (DLP) – Data Loss Prevention, or DLP, is simply the concept of containing leakage of sensitive data from your organization. This again starts with policy. Processes and tools are used to help enforce security policies and proactively secure data to prevent confidential or sensitive data from leaving an organization.
7. Botnets – A Botnet (or oBOT NETwork), also known as a Zombie Army or Command-and-Control channel, is a group of compromised Internet-connected computers that allows a person or entity to remotely issue commands. Those computers can then be utilized for malicious activities such as spreading viruses, sending spam, or crashing servers using a denial of service (DoS) attack.
8. Typosquatting – Typosquatting is a form of Internet cybersquatting, where a person or entity registers multiple domain names very similar to a legitimate organization’s website, based on the probability that a certain number of Internet users will make a mistake while typing the name of a website or URL. Once a user lands on this site, it may look virtually identical to the legitimate site; as a result, capturing information from an unsuspecting user is simple.
9. Clickjacking – According to Samantha Harper, on Hacker9.com, clickjacking is a malicious script, also known as UI Redressing, which takes over the links displayed in the Internet browser for various webpages. When this happens, Internet users who try to click on this link are taken to an unintended destination.
10. Identity Federation or “SAML 2.0″ – Identity federation enables users to automatically log on to multiple systems to do what they need to do. It also enables users to navigate through the systems by logging on only once. One of the more popular methods of achieving this is employing Security Assertion Markup Language (SAML), defined by Wikipedia as “an XML-based open standard that enables the exchanging of authentication and authorization information between security domains.
11. Hacktivism – What better place to get a definition for hacktivism than a site called the hacktivist.com? The Hacktivist defines hacktivism as “the fusion of hacking and activism; politics and technology. More specifically, hacktivism is described as hacking for a political cause.
12. Defense-in-Depth – Defense-in-depth is a long-standing term in the security community, used to describe a series of security countermeasures (much like the layers of an onion) that protect an organization’s information assets. Security countermeasures might include: security policies, firewalls, Network Intrusion detection/intrusion prevention, Host Intrusion detection/intrusion prevention, antivirus software, anti-malware programs, complex passwords, biometrics, and Network Access Control, to name a few.
Want more about information security? You might also be interested in reading:
“Managing Mobile Device Security…with Exchange!” by guest-blogger Chris Shannon, Certified Ethical Hacker
“Security Awareness Perspectives, Part 1 (of 3): ‘Noooooo – You Didn’t Just Do That!’” by Randy Wray and Rick Moffat
“Security-by-Obscurity – Planning for the Spotlight” by Ed Cook
SOUND OFF: What security concerns is your business facing in 2012? What measures have to taken to secure your company’s data? Let us know what buzzwords you’d add to this list by leaving a comment below.
