Service Provider

 Definition(s): 

An organization supplying services to one or more internal customers or external customers.

 Source: ITIL

Service Level Agreement (SLA)

 Definition(s):

Represents a commitment between a service provider and one or more customers and addresses specific aspects of the service, such as responsibilities, details on the type of service, expected performance level (e.g., reliability, acceptable quality, and response times), and requirements for reporting, resolution, and termination.

 Source: NIST NIST SP 800-47 Rev. 1 under service-level agreement

A formal agreement between a service provider (whether internal or external) and their client (whether internal or external), which covers the nature, quality, availability, scope and response of the service provider. The SLA should cover day- to-day situations and disaster situations, as the need for the service may vary in a disaster.

 Source: BCI/DRJ

Watering Hole Attack

 Definition(s):

In a watering hole attack, the attacker compromises a site likely to be visited by a particular target group, rather than attacking the target group directly.

 Source: NIST CNSSI 4009-2015

A security exploit where the attacker infects websites that are frequently visited by members of the group being attacked, with a goal of infecting a computer used by one of the targeted group when they visit the infected website.

 Source: NIST NIST SP 800-150 under Watering Hole Attack

Watering Hole

 Definition(s):

Watering hole attacks involve attackers compromising one or more legitimate Web sites with malware in an attempt to target and infect visitors to those sites.

 Source: NIST NIST SP 1800-21B from ICS-CERT Monitor

Patch

 Definition(s):

A software component that, when installed, directly modifies files or device settings related to a different software component without changing the version number or release details for the related software component.

 Source: NIST CNSSI 4009-2015 from ISO/IEC 19770-2

A “repair job” for a piece of programming; also known as a “fix”. A patch is the immediate solution to an identified problem that is provided to users; it can sometimes be downloaded from the software maker’s Web site. The patch is not necessarily the best solution for the problem, and the product developers often find a better solution to provide when they package the product for its next release. A patch is usually developed and distributed as a replacement for or an insertion in compiled code (that is, in a binary file or object module). In many operating systems, a special program is provided to manage and track the installation of patches.

 Source: NIST NIST SP 800-45 Version 2 under Patch

A “repair job” for a piece of programming; also known as a “fix.” A patch is the immediate solution that is provided to users; it can sometimes be downloaded from the software maker’s Web site. The patch is not necessarily the best solution for the problem, and product developers often find a better solution to provide when they package the product for its next release. A patch is usually developed and distributed as a replacement for or an insertion in compiled code (that is, in a binary file or object module). In many operating systems, a special program is provided to manage and track the installation of patches.

 Source: NIST NIST SP 800-44 Version 2 under Patch

Hotfix

 Definition(s):

A Windows product update (for example, a critical update, a security patch, or a hotfix) is an executable (.exe) file that contains one or more system files that you can apply to Windows to correct a specific problem. 

 Source: Microsoft Microsoft Hotfix

Microsoft’s term for “patch.”

 Source: NIST NIST SP 800-44 Version 2

Business Operations

 Definition(s):

The day-to-day execution, monitoring and management of business processes.

 Source: ITIL

Best Practice

 Definition(s):

Proven activities or processes that have been successfully used by multiple organizations.

 Source: ITIL