Annex A. Glossary
| No: 43065348 | Date(g): 27/2/2022 | Date(h): 26/7/1443 | Status: In-Force |
The following list contains a definition of the main terms used in this document.
| Glossary | |
| Term | Description |
| Application | A software program hosted by an information system. Source: NISTIR 7298 3Glossary of Key Information Security Terms |
| Asset | The data, personnel, devices, systems, and facilities that enable the organization to achieve business purposes. Source: NISTIR 7298 3Glossary of Key Information Security Terms |
| Attacker | Refer to "Threat actor". |
| (Threat actor) Capability | Resources and skills of a threat actor. |
| Cyber risk | The risk to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the nation due to the potential for unauthorized access, use, disclosure, disruption, modification, or destruction of information and/or information systems. Source: NISTIR 7298 3Glossary of Key information Security Terms |
| Cybersecurity | Cybersecurity is defined as the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance, and technologies that can be used to protect the Member Organization's information assets against internal and external threats. |
| Cyber threat intelligence (CTI) | Threat information that has been aggregated, transformed, analyzed, interpreted, or enriched to provide the necessary context for decision-making processes. Source: NISTIR 7298 3Glossary of Key Information Security Terms |
| (Cybersecurity) Incident | An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. Source: NISTIR 7298 3Glossary of Key Information Security Terms |
| indicator of Compromise (loC) | Indicators of compromise serve as forensic evidence of potential intrusions on a host system or network. |
(Threat actor) Intent
| The desire of a threat actor to target a particular entity. Threat actors are usually rational actors operating with a clear purpose (e.g. espionage, data theft/exfiltration, extortion, destruction, disruption, supply chain compromise). |
| Kill Chain | Adopted from the military, the kill chain was developer by Lockheed Martin to identify and taxonomize the various phases of a cyber attack (Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control, Actions upon Objectives). |
Malware
| Hardware, firmware, or software that is intentionally included or inserted in a system for a harmful purpose. Source: NISTIR 7298 3Glossary of Key information Security Terms |
| MITRE ATT&CK | An open source framework developed by MITRE taxonomizing tactics, techniques, and procedures used by threat actors when conducting cyber attacks. |
| Member Organization | Any regulated entity supervised and regulated by SAMA. |
| Modus Operandi | A method of procedure, especially referred to a distinct pattern or method of operation that indicates or suggests the work of a single criminal in more than one crime. |
| Motivation | The type of benefit or harm a threat actor ultimately wants to achieve with its actions. |
| Network | Information system(s) implemented with a collection of interconnected components. Such components may include routers, hubs, cabling, telecommunications controllers, key distribution centers, and technical control devices. Source: NISTIR 7298 3Glossary of Key Information Security Terms |
| Open Source Intelligence (OSINT) | Relevant information derived from the systematic collection, processing, and analysis of publicly available information in response to known or anticipated intelligence requirements. |
| Organization | Company, entity, or group of people that works together for a particular purpose. |
| (Threat actor) Origin | Country from which the threat actor launches its attacks. The origin of a threat actor cannot always be determined with sufficient precision because they tend to cover their tracks. |
| Procedure | Procedures are the specific implementation the threat actor uses for techniques. Source: MITRE ATT&CK |
| Process | A set of interrelated or interacting activities which transforms inputs into outputs. |
| Ransomware | A form of malware designed to deny access to a computer system or data until ransom is paid. A user of a system infected with ransomware is usually confronted with an extortion message (in many cases a windows popup) asking the victim to pay a ransom fee to the threat actor (usually in cryptocurrency) in order to regain access to their system and data. |
| Red team (exercise) | An exercise, reflecting real-world conditions, that is conducted as a simulated adversarial attempt to compromise organizational missions and/or business processes to provide a comprehensive assessment of the security capability of the information system and organization. Source: NIST SP 1800 21B Glossary of Key Information Security Terms |
| (Threat actor) Resources | Resources measure the scope, intensity, sustainability, and diversity of the total set of actions that a threat actor can take. |
| Sector | One of the areas in which the economic activity of a country is divided. |
| Service | A capability or function provided by an entity. Source: NISTIR 7298 3Glossary of Key Information Security Terms |
| (Threat actor) Skill | The extent to which a threat actor is able to leverage technical means (e.g. create custom malware) and operates with awareness, intelligence, learning potential, problem solving, decision-making coherence, and operational experience. |
| Stakeholder | One who is involved in or affected by a course of action. |
| Strategic threat intelligence | The level of threat intelligence focused on objectives, motivations and intents of cyber threat actors. It aims at examining attributions to cyber threat actors, investigating real motivations and links between cyber events, and understanding complex systems dynamics and trends. Geopolitical, sectorial and context analysis is a fundamental tool. |
| Tactic | The threat actor's tactical goal: the reason for performing an action. Source: MITRE ATT&CK |
| (Threat actor) Target | The choices that actors make in terms of the target(s) of their attacks. A threat actor selects a target based on location, sector, and the types of information processed and attack surface available. The geopolitical landscape plays a key role in the targeting pattern of nation state actors. |
| Taxonomy | A classification of interrelated elements. |
| Technique | Techniques represent "how" a threat actor achieves a tactical goal by performing an action. Source: MITRE ATT&CK |
| (Cyber security) Threat | Any circumstance or event with the potential to adversely impact organizational operations, organizational assets, individuals, other organizations, or the nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Source: NISTIR 7298 3Glossary of Key Information Security Terms |
| Threat actor | Individuals, groups, organizations, or states that seek to exploit the organization's dependence on cyber resources (i.e., information in electronic form, information and communications technologies, and the communications and information-handling capabilities provided by those technologies)" (NIST 2012) or, more in general, "An individual or a group posing a threat" (NIST 2016). |
| Threat landscape | A collection of threats in a particular domain or context, with information on identified vulnerable assets, threats, risks, threat actors and observed trends. Source: ENISA |
| Threat intelligence requirement | Threat intelligence requirements guide the intelligence production effort efficiently and establish what intelligence should be produced to meet the security objectives of an Organization. |
| (Threat actor) Type | Grouping of threat actors who share similar characteristics, such as similar intents and motivations, and operate in similar ways. |
| Unified Kill Chain | An evolution of the kill chain framework detailing the phases of an attack. |
| (Attack) Vector | General approach for achieving an impact, taking advantage of the exposure of a type of, or a region in, an attack surface. |