IoT Cybersecurity Glossary

The Association for the Advancement of Medical Instrumentation (AAMI) is an organization for advancing the development and safe and effective use of medical technology. AAMI is the primary source of consensus standards, both national and international, for the medical device industry, as well as practical information, support, and guidance for healthcare technology and sterilization professionals.

The Association for Executives in Healthcare Information Security (AEHIS) is a professional organization dedicated to promoting the advancement of information security in the healthcare industry. AEHIS offers educational resources, networking opportunities, and advocacy for information security best practices in healthcare.

Agentless Monitoring is a method of monitoring devices or systems without requiring the installation of dedicated software agents on each monitored entity. Instead, it leverages existing protocols and interfaces to collect data and metrics, reducing the overhead associated with agent deployment and management.

API, short for Application Programming Interface, refers to a set of rules, protocols, and tools that enables different software applications to communicate and interact with each other.

The systematic recording and management of asset information, including location, condition, maintenance history, and other relevant data. This helps organizations keep track of their assets, plan maintenance activities, and optimize asset utilization.

A Building Management System is an IoT solution that integrates various technologies and devices to monitor, control, and manage the operations of a building. It typically includes functionalities such as HVAC (Heating, Ventilation, and Air Conditioning) control, lighting control, access control, energy management, and security systems.

Clinical Engineering refers to a specialized field within the healthcare industry that focuses on the application of engineering principles and technology management in the context of patient care. Clinical engineers play a crucial role in the planning, development, evaluation, and maintenance of medical equipment and systems used in healthcare facilities.

The College of Healthcare Information Management Executives (CHIME) is a professional organization dedicated to supporting and advancing healthcare information management executives. CHIME provides a platform for networking, collaboration, and education within the healthcare industry. It also offers resources, conferences, and educational programs to promote the development of effective information management strategies, innovative technology solutions, and best practices for healthcare organizations.

A configuration management database (CMDB) is a file that contains all relevant information about the hardware and software components used in an organization's IT (information technology) services and the relationships between those components. A CMDB provides an organized view of configuration data and a means of examining that data.

Computerized Maintenance Management System manages maintenance work orders for medical devices within the HTM/CE/Biomed dept and is their core software.

A Cybersecurity Framework (CSF) is a set of guidelines, best practices, and standards organizations can follow to manage and improve their cybersecurity posture. It provides a structured approach to identify, protect, detect, respond to, and recover from cyber threats and incidents.

Common Vulnerabilities and Exposures (CVE) is a standardized dictionary and identification system for publicly known software vulnerabilities and exposures. CVEs serve as a common language for discussing and sharing information about security vulnerabilities across different organizations, vendors, and security professionals.

The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the characteristics and severity of software vulnerabilities.

Distributed Denial-of-Service (DDoS) is a type of cyber attack where multiple compromised devices are used to overwhelm a target system, network, or service with a massive amount of illegitimate traffic. Unlike a traditional DoS attack, which is carried out from a single source, a DDoS attack leverages a botnet—a network of infected devices—to distribute the attack traffic, making it more difficult to mitigate.

Decommissioning refers to the process of securely and permanently shutting down and removing a system. facility, or piece of equipment from service. It involves the systematic removal and disconnection of IoT devices from the network infrastructure, ensuring the protection of sensitive data and preventing unauthorized access or misuse. * Note that device life can be extended with appropriate security protocols in some cases.

Device procurement refers to the process of acquiring or purchasing devices for use in an organization's IT infrastructure. This involves various activities, including identifying the hardware or devices needed, conducting market research, evaluating vendor options, negotiating contracts, and managing the procurement cycle. Device procurement plays a crucial role in ensuring that organizations acquire the necessary devices that meet their requirements in terms of functionality, compatibility, security, and cost-effectiveness.

Device Utilization refers to the measure of how effectively and efficiently IoT devices are being utilized within a system or network. It assesses the extent to which devices are actively performing their intended functions, processing data, or contributing to the overall goals and objectives of the IoT deployment. Monitoring device utilization helps optimize resource allocation, identify underutilized or overutilized devices, and ensure optimal performance and productivity.

Device Visibility involves having comprehensive visibility into the presence, location, status, and attributes of IoT devices, including information such as device type, IP address, MAC address, firmware version, and connectivity status. Device visibility enables effective device management, security monitoring, and troubleshooting activities.

Dynamic Host Configuration Protocol (DHCP) is a network management protocol used to automate the process of configuring devices on IP networks, thus allowing them to use network services and any communication protocol based on UDP or TCP.

DNV is an international HTM/CE/Biomed accreditation body and site-auditor. DNV goes beyond The Joint Commission (TJC) rules with integrated ISO 9001 for quality management. Less than 10% of US hospitals use them instead of TJC, but their market share continues to grow in the US.

Denial-of-Service (DoS) is a type of cyber attack where an attacker floods a system, network, or service with excessive traffic or requests, causing it to become overwhelmed and unavailable to legitimate users. The goal of a DoS attack is to disrupt or disable the targeted resource, hindering its normal operation.

Enterprise Asset Management (EAM) refers to a comprehensive approach and set of practices organizations employ to effectively manage their physical assets throughout their lifecycle. These assets can include equipment, machinery, infrastructure, facilities, and other valuable resources critical to operations and productivity.

Endpoint detection and response (EDR) tools are the newest members of the endpoint security family. They combine elements of both endpoint antivirus and endpoint management solutions to detect, investigate, and remove any malicious software that penetrates a network’s devices.

Electronic Health Records (EHR) are digital versions of a patient's medical record containing a wide range of patient data, including medical history, diagnoses, medications, allergies, laboratory results, imaging reports, and treatment plans. Commonly used systems are Cerner and EPIC.

Exploit Prediction Scoring System (EPSS) is an open-data driven effort used to assess and predict the likelihood of potential vulnerabilities being exploited in systems, software, or networks. It analyzes factors such as configurations, software versions, known vulnerabilities, and threat intelligence data to generate a vulnerability score based on severity, exploitability, and potential impact.

A firewall is a network security device that acts as a barrier between internal and external networks, controlling and filtering incoming and outgoing network traffic.

The Forum of Incident Response and Security Teams (FIRST) is a global organization serving as a trusted community for incident response and security teams around the world. FIRST provides a platform for collaboration, knowledge sharing, and coordination among cybersecurity professionals and fosters the improvement of incident response capabilities.

Healthcare Technology Management (HTM) refers to the systematic approach and processes involved in managing and maintaining medical technology and equipment within healthcare organizations. It encompasses the activities related to the planning, acquisition, installation, utilization, maintenance, and disposal of medical devices and technologies.

Intrusion Detection System is a security technology that monitors network traffic and systems to detect and prevent unauthorized access or malicious activities.

Internet of Laboratory Things. Devices and applications connected to the IT network used for research and development, such as for pharmaceuticals and medical devices.

Internet of Medical Things. Medical devices and applications connected to the IT network and capable of collecting, transmitting, and analyzing health data.

Internet of Things. The network of interconnected physical devices, vehicles, appliances, and other objects embedded with sensors, software, and network connectivity that enables them to collect and exchange data. The most common Asimily manages are Building Management systems and security cameras, smart TVs, phones, and pneumatic tube systems.

IPAM (IP Address Management) is a way of planning, tracking, and managing the Internet Protocol address space used in a network. Most commonly, tools such as DNS and DHCP are used in tandem to perform this task, but true IPAM will glue these services together so that each is aware of changes in the other (for instance, DNS knowing of the IP address taken by a client via DHCP, and updating itself accordingly).

ITSM stands for Information Technology Service Management (IT Ticketing). It refers to all the activities performed by an organization to plan, deliver, operate, and control the information technology (IT) services offered to employees. The most common in healthcare is ServiceNow. Asimily does integrate with them for MDS2 data.

Low and slow attacks target thread-based web servers with the aim of tying up every thread with slow requests, thereby preventing genuine users from accessing the service. This is accomplished by transmitting data very slowly but just fast enough to prevent the server from timing out.

Media Access Control address helps identify your machine on a local network. Every device that can connect to the Internet or another device has one, including your phone, computer, smart TV, Bluetooth speakers, smart home tech, etc.

Macrosegmentation refers to the division of a network into large segments based on broad criteria such as departments, functions, or geographical locations. It helps enhance security and simplify network management by establishing clear boundaries between different areas of the network.

The Manufacturer Disclosure Statement for Medical Device Security (MDS2) is a voluntary standard developed by Healthcare Information and Management Systems Society (HIMSS) and the National Electrical Manufacturers Association (NEMA) and most recently revised by NEMA and The Medical Imaging & Technology Alliance (MITA). The standard includes a form/questionnaire that medical device manufacturers (MDMs) use to communicate crucial security-related information to healthcare delivery organizations (HDOs).

Microsegmentation involves the further division of network segments into smaller, more granular subsegments, typically based on specific criteria such as user roles, application dependencies, or security requirements. Microsegmentation provides finer control over network access, improves security, and minimizes lateral movement in case of a breach.

MITRE is a not-for-profit organization that operates multiple federally funded research and development centers in the US. It focuses on solving complex problems, in collaboration with government agencies and academia, for the government and conducts research in various areas, including defense, cybersecurity, healthcare, and more.

MITRE ATT&CK stands for MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK). The MITRE ATT&CK framework is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary's attack lifecycle and the platforms they are known to target. The tactics and techniques abstraction in the model provides a common taxonomy of individual adversary actions understood by both offensive and defensive sides of cybersecurity. It also provides an appropriate level of categorization for adversary action and specific ways of defending against it.

Network Access Control solutions help organizations control access to their networks. Asimily integrates with these solutions.

Network Segmentation is the practice of dividing a computer network into smaller subnetworks or segments to improve security and network performance. It involves isolating different network resources, such as servers, workstations, or IoT devices, into separate segments, limiting the impact of security breaches and facilitating efficient traffic management.

The National Institute of Technology (NIST) created the Cyber Security Framework (CSF) as a voluntary framework to provide organizations with guidance on how to prevent, detect, and respond to cyberattacks. Based on a 2016 survey, 70% of respondents recognized NIST CSF as a popular security best practice. NIST CSF adoption continues to accelerate as many IT security professionals recognize the framework as a pathway to maintain compliance with regulatory standards.

Operational technology (OT) includes computer systems designed to deploy in critical infrastructure (power, water, etc.), manufacturing, and similar industries. They automate, monitor, and manage the operations of industrial machinery, using custom protocols and software to communicate with legacy and proprietary systems.

Active scanning works by attempting to exploit potential vulnerabilities on devices. By sending packets directly to endpoints, active scanning can accelerate data collection. Medical Devices are risky to actively scan in the field because it can cause them to malfunction when in patient use (which could be deadly).

Passive scanning silently analyses network traffic to identify endpoints and traffic patterns. It does not generate additional network traffic and carries almost no risk of disrupting critical processes by interacting directly with the endpoints.

Patching is the process of regularly applying updates, fixes, or software patches to address vulnerabilities, bugs, or security issues in software, operating systems, or firmware. Patches are typically released by software vendors or developers to resolve known vulnerabilities or improve functionality.

Phishing is a cyber-attack where malicious actors attempt to deceive individuals into divulging sensitive information, such as usernames, passwords, credit card details, or personal data, by impersonating a trustworthy entity in order to compromise security. Phishing attacks commonly occur through deceptive emails, instant messages, or fraudulent websites that mimic legitimate organizations or individuals.

Protocol refers to a set of rules and guidelines that govern the communication and interaction between connected devices. It specifies the format, structure, and sequence of data exchanged between devices and outlines the procedures for establishing, maintaining, and terminating those connections. Asimily's protocol analyzers can take a new, unknown protocol for device communications and ingest it into our platform in 2 days, faster than the industry average.

Ransomware attacks are a form of malicious cyber attack where attackers encrypt files or lock access to a victim's system or data, demanding a ransom payment in exchange for restoring access. Once infected, the victim's files, or entire systems, are rendered inaccessible until the ransom is paid, posing significant disruptions, financial loss, and potential data exposure.

Secure Software Development Lifecycle (SDLC) is a systematic approach to developing and deploying software with security considerations at each stage, including requirements gathering, design, coding, testing, and maintenance.

Security information and event management (SIEM) is cybersecurity technology that provides a single, streamlined view of your data, insight into security activities, and operational capabilities so you can effectively detect, investigate and respond to security threats. A SIEM solution can strengthen your cybersecurity posture by giving you comprehensive, real-time visibility across your entire distributed environment — whether on-premises, hybrid, or cloud — and providing historical analysis.

Security orchestration, automation, and response (SOAR) technology helps coordinate, execute, and automate tasks between various people and tools within a single platform. This allows organizations to quickly respond to cybersecurity attacks and observe, understand, and prevent future incidents, thus improving their overall security posture.

A security operations center (SOC) is essential for any organization in today’s data-driven world. A SOC is a group of cybersecurity experts responsible for monitoring and protecting an organization’s networks and information.

SOC teams play a critical role in keeping organizations secure. This article will discuss the SOC framework, how a SOC works, and the responsibilities of the various members of a SOC team.

SSO, or Single Sign-On, is a service that allows a user to log into one application or network domain and then be authenticated and logged in automatically to other associated applications or domains. The user, therefore, only needs one set of identity-verifying user credentials (e.g., username/password) for authentication and to securely access multiple applications, services, and even different service providers.

Transmission Control Protocol (TCP) is a core communication protocol of the internet protocol suite. TCP provides reliable, connection-oriented data transmission between devices over IP networks. It ensures the ordered delivery, error correction, and congestion control of data packets, making it suitable for applications that require data integrity and reliability.

The Joint Commission is US-based and accredits more than 22k healthcare organizations and programs. The international branch accredits medical services from around the world. The majority of US state governments recognize Joint Commission accreditation as a condition of licensure for the receipt of Medicaid and Medicare reimbursements. The Joint Commission was formerly the Joint Commission on Accreditation of Healthcare Organizations (JCAHO).

Tactics, Techniques and Procedures (TTP) are the methods and approaches used by adversaries to carry out attacks, exploit vulnerabilites, or achieve their objectives. Understanding and analyzing TTPs are crucial in developing effective defensive strategies and countermeasures against cyber threats.

User Datagram Protocol (UDP) is a communication protocol used in networked environments that provides a lightweight and connectionless method for transferring data between devices on an IP network. It's often employed for time-sensitive applications where speed is prioritized over reliability.

Vulnerability Mitigation refers to the process of identifying, assessing, prioritizing, and mitigating vulnerabilities in systems, applications, or networks. It involves activities such as vulnerability scanning, penetration testing, patch management, and remediation to minimize the risk of exploitation and maintain a secure environment.

A Vulnerability Score typically represents the severity or criticality of a specific vulnerability found in a system or application. On the other hand, a Risk Score assesses the potential impact and likelihood of a vulnerability being exploited and determines the overall risk to an organization's assets or operations.

Extended Detection and Response (XDR) is a cybersecurity solution that integrates and correlates security information from multiple sources, such as endpoints, networks, and cloud environments, to provide comprehensive threat detection, response, and remediation capabilities. XDR aims to provide a unified view of security events and streamline incident response workflows.

Zero Trust is a security framework that emphasizes strict access controls and authentication protocols, regardless of whether a user is within or outside the network perimeter. It assumes that no user or device can be inherently trusted, and access permissions are granted on a case-by-case basis, requiring verification for each interaction or resource access.