Service Provider
Definition(s):
An organization supplying services to one or more internal customers or external customers.
Source: ITIL
Tooltip Categories: Technology
Definition(s):
An organization supplying services to one or more internal customers or external customers.
Source: ITIL
Definition(s):
Represents a commitment between a service provider and one or more customers and addresses specific aspects of the service, such as responsibilities, details on the type of service, expected performance level (e.g., reliability, acceptable quality, and response times), and requirements for reporting, resolution, and termination.
Source: NIST NIST SP 800-47 Rev. 1 under service-level agreement
A formal agreement between a service provider (whether internal or external) and their client (whether internal or external), which covers the nature, quality, availability, scope and response of the service provider. The SLA should cover day- to-day situations and disaster situations, as the need for the service may vary in a disaster.
Source: BCI/DRJ
Definition(s):
In a watering hole attack, the attacker compromises a site likely to be visited by a particular target group, rather than attacking the target group directly.
Source: NIST CNSSI 4009-2015
A security exploit where the attacker infects websites that are frequently visited by members of the group being attacked, with a goal of infecting a computer used by one of the targeted group when they visit the infected website.
Source: NIST NIST SP 800-150 under Watering Hole Attack
Definition(s):
Watering hole attacks involve attackers compromising one or more legitimate Web sites with malware in an attempt to target and infect visitors to those sites.
Source: NIST NIST SP 1800-21B from ICS-CERT Monitor
Definition(s):
Defect or characteristic that may lead to undesirable behavior.
Source: NIST NIST SP 800-160v1r1 from ISO/SAE 21434:2021
(As used in this volume) Poor coding practices, as exemplified by CWEs
Source: NIST NISTIR 8011 Vol. 4
Definition(s):
A software component that, when installed, directly modifies files or device settings related to a different software component without changing the version number or release details for the related software component.
Source: NIST CNSSI 4009-2015 from ISO/IEC 19770-2
A “repair job” for a piece of programming; also known as a “fix”. A patch is the immediate solution to an identified problem that is provided to users; it can sometimes be downloaded from the software maker’s Web site. The patch is not necessarily the best solution for the problem, and the product developers often find a better solution to provide when they package the product for its next release. A patch is usually developed and distributed as a replacement for or an insertion in compiled code (that is, in a binary file or object module). In many operating systems, a special program is provided to manage and track the installation of patches.
Source: NIST NIST SP 800-45 Version 2 under Patch
A “repair job” for a piece of programming; also known as a “fix.” A patch is the immediate solution that is provided to users; it can sometimes be downloaded from the software maker’s Web site. The patch is not necessarily the best solution for the problem, and product developers often find a better solution to provide when they package the product for its next release. A patch is usually developed and distributed as a replacement for or an insertion in compiled code (that is, in a binary file or object module). In many operating systems, a special program is provided to manage and track the installation of patches.
Source: NIST NIST SP 800-44 Version 2 under Patch
Definition(s):
A Windows product update (for example, a critical update, a security patch, or a hotfix) is an executable (.exe) file that contains one or more system files that you can apply to Windows to correct a specific problem.
Source: Microsoft Microsoft Hotfix
Microsoft’s term for “patch.”
Source: NIST NIST SP 800-44 Version 2
Definition(s):
The day-to-day execution, monitoring and management of business processes.
Source: ITIL
Definition(s):
The objective of a business process, or of the business as a whole.
Source: ITIL
Definition(s):
Proven activities or processes that have been successfully used by multiple organizations.
Source: ITIL