Watering Hole Attack

 Definition(s):

In a watering hole attack, the attacker compromises a site likely to be visited by a particular target group, rather than attacking the target group directly.

 Source: NIST CNSSI 4009-2015

A security exploit where the attacker infects websites that are frequently visited by members of the group being attacked, with a goal of infecting a computer used by one of the targeted group when they visit the infected website.

 Source: NIST NIST SP 800-150 under Watering Hole Attack

Watering Hole

 Definition(s):

Watering hole attacks involve attackers compromising one or more legitimate Web sites with malware in an attempt to target and infect visitors to those sites.

 Source: NIST NIST SP 1800-21B from ICS-CERT Monitor

Best Practice

 Definition(s):

Proven activities or processes that have been successfully used by multiple organizations.

 Source: ITIL

Authorization

 Definition(s):

Access privileges granted to a user, program, or process or the act of granting those privileges.

 Source: CNSSI-4009