Service Level Agreement (SLA)

 Definition(s):

Represents a commitment between a service provider and one or more customers and addresses specific aspects of the service, such as responsibilities, details on the type of service, expected performance level (e.g., reliability, acceptable quality, and response times), and requirements for reporting, resolution, and termination.

 Source: NIST NIST SP 800-47 Rev. 1 under service-level agreement

A formal agreement between a service provider (whether internal or external) and their client (whether internal or external), which covers the nature, quality, availability, scope and response of the service provider. The SLA should cover day- to-day situations and disaster situations, as the need for the service may vary in a disaster.

 Source: BCI/DRJ

Watering Hole Attack

 Definition(s):

In a watering hole attack, the attacker compromises a site likely to be visited by a particular target group, rather than attacking the target group directly.

 Source: NIST CNSSI 4009-2015

A security exploit where the attacker infects websites that are frequently visited by members of the group being attacked, with a goal of infecting a computer used by one of the targeted group when they visit the infected website.

 Source: NIST NIST SP 800-150 under Watering Hole Attack

Watering Hole

 Definition(s):

Watering hole attacks involve attackers compromising one or more legitimate Web sites with malware in an attempt to target and infect visitors to those sites.

 Source: NIST NIST SP 1800-21B from ICS-CERT Monitor

Patch

 Definition(s):

A software component that, when installed, directly modifies files or device settings related to a different software component without changing the version number or release details for the related software component.

 Source: NIST CNSSI 4009-2015 from ISO/IEC 19770-2

A “repair job” for a piece of programming; also known as a “fix”. A patch is the immediate solution to an identified problem that is provided to users; it can sometimes be downloaded from the software maker’s Web site. The patch is not necessarily the best solution for the problem, and the product developers often find a better solution to provide when they package the product for its next release. A patch is usually developed and distributed as a replacement for or an insertion in compiled code (that is, in a binary file or object module). In many operating systems, a special program is provided to manage and track the installation of patches.

 Source: NIST NIST SP 800-45 Version 2 under Patch

A “repair job” for a piece of programming; also known as a “fix.” A patch is the immediate solution that is provided to users; it can sometimes be downloaded from the software maker’s Web site. The patch is not necessarily the best solution for the problem, and product developers often find a better solution to provide when they package the product for its next release. A patch is usually developed and distributed as a replacement for or an insertion in compiled code (that is, in a binary file or object module). In many operating systems, a special program is provided to manage and track the installation of patches.

 Source: NIST NIST SP 800-44 Version 2 under Patch

Hotfix

 Definition(s):

A Windows product update (for example, a critical update, a security patch, or a hotfix) is an executable (.exe) file that contains one or more system files that you can apply to Windows to correct a specific problem. 

 Source: Microsoft Microsoft Hotfix

Microsoft’s term for “patch.”

 Source: NIST NIST SP 800-44 Version 2

High Availability

 Definition(s):

 A failover feature to ensure availability during device or component interruptions.

 Source: NIST NIST SP 800-113

An approach or design that minimizes or hides the effects of configuration item failure on the users of an IT service. High availability solutions are designed to achieve an agreed level of availability and make use of techniques such as fault tolerance, resilience and fast recovery to reduce the number of incidents, and the impact of incidents.

 Source: ITIL

Hot Site

 Definition(s):

A fully operational offsite data processing facility equipped with hardware and software, to be used in the event of an information system disruption.

 Source: NIST CNSSI 4009-2015 from NIST SP 800-34 Rev. 1
NIST SP 800-34 Rev. 1 under Hot Site

An alternate facility that already has in place the computer, telecommunications, and environmental infrastructure required to recover critical business functions or information systems.

 Source: BCI/DRJ

Warm Site

 Definition(s):

An environmentally conditioned work space that is partially equipped with information systems and telecommunications equipment to support relocated operations in the event of a significant disruption.

 Source: NIST CNSSI 4009-2015 from NIST SP 800-34 Rev. 1
NIST SP 800-34 Rev. 1 under Warm Site

An alternate processing site which is equipped with some hardware, and communications interfaces, electrical and environmental conditioning which is only capable of providing backup after additional provisioning, software or customization is performed.

 Source: BCI/DRJ

Cold Site

 Definition(s):

A backup facility that has the necessary electrical and physical components of a computer facility, but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event that the user has to move from their main computing location to an alternate site.

 Source: NIST CNSSI 4009-2015 from NIST SP 800-34 Rev. 1
NIST SP 800-34 Rev. 1 under Cold Site

An alternate facility that already has in place the environmental infrastructure required to recover critical business functions or information systems, but does not have any pre-installed computer hardware, telecommunications equipment, communication lines, etc. These must be provisioned at time of disaster.

 Source: BCI/DRJ