Glossary

A true positive occurs in cybersecurity when a positive detection occurs in a situation where there is an alert or problem condition. In other words when an intrusion detection system (IDS) successfully detects suspicious behaviour, or a vulnerability assessment detects vulnerable software, or in attack surface management when the platform or process finds assets that are related to an attack surface.

A true positive indicates that the system is performing as expected by looking for and finding no problem where and when they exist.

Third-party risk refers to the potential security risks to an organization stemming from the use of third-party vendors, including those vendors in the supply chain as well as groups that may not typically perform security investigations such as law firms, building infrastructure maintenance and services, accounting firms, or even catering. Third-party risk is also posed by business partners and subsidiaries as well as the vendors that they work with.

While these third parties may be outside of the typical security and IT purview for an organization, they frequently have digital access or connectivity to an organization’s resources that are vulnerable to attack. Even in cases where the intended resource poses little risk, access to it can be used to establish a beachhead from which attackers can move laterally to discover more valuable assets (as happened in the Target breach). Third-party risk management involves continuously identifying, analyzing, and controlling all associated risks over the duration of the relationship.

Also known as cyber threat intelligence (CTI), this is information an organization uses to understand the occurrence and assessment of cyber and physical threats. Threat intelligence solutions gather raw data on emerging or existing threats from a number of sources.

The data is compiled and filtered to produce intel feeds and reports to help organizations directly. These include knowledge, skills, and experience-based information to help mitigate the threat of potential attacks and harmful events from occurring.

Threat intelligence helps organizations with the overwhelming volume of threats, and it also encourages a proactive approach to future cybersecurity threats. It’s also a useful tool to keep leaders and stakeholders informed about the latest threats that could potentially impact their interests.

A true negative occurs in cybersecurity when a negative detection occurs in a situation where there is a negative condition. In other words when an intrusion detection system (IDS) successfully ignores acceptable behaviour, or a vulnerability assessment detects no vulnerability in non-vulnerable software, or in attack surface management the platform or process ignores assets that are unrelated to an attack surface.

A true negative indicates that the system is performing as expected by looking for and finding no problems where none are present.