QCTIP Glossary

Prolonged and targeted cyberattack where an intruder gains access to a network and remains undetected for an extended period. Often state-sponsored or highly organized.

Forensic data that identifies potentially malicious activity on a system or network. Includes IP addresses, URLs, file hashes, and domain names.

Attack that targets a previously unknown vulnerability in software or hardware. Zero days refers to the time developers have had to fix the vulnerability (zero days notice).

Patterns of activities or methods associated with specific threat actors. Used for attribution and prediction of future attacks.

Malware that encrypts victim's files and demands payment (ransom) for decryption key. Modern variants include data exfiltration threats (double extortion).

Attack that overwhelms a system, service, or network with traffic from multiple sources, making it unavailable to legitimate users.

Social engineering attack using deceptive emails, messages, or websites to trick victims into revealing sensitive information or installing malware.

Unauthorized copying, transfer, or retrieval of data from a computer or server. Often performed slowly to evade detection (low and slow attack).

Unauthorized use of computer resources to mine cryptocurrency. Malware or malicious scripts run mining operations without user consent.

Cybersecurity process that uses machine learning and statistical analysis to detect anomalous behavior by users, devices, and applications.

Platform that provides real-time analysis of security alerts generated by network hardware and applications. Centralizes log collection and correlation.

Security solution that continuously monitors end-user devices to detect and respond to cyber threats like ransomware and malware.

Security solution that analyzes network traffic to detect malicious activity, anomalies, and threats that bypass perimeter defenses.

Average time it takes to identify a security incident after it occurs. Industry average is 207 days; quantum platforms target sub-hour detection.

Percentage of benign activities incorrectly flagged as malicious. High false positive rates overwhelm security teams and mask real threats.

Quantum algorithm providing quadratic speedup for unstructured search. Used in QCTIP for searching IOC databases with O(√N) complexity instead of O(N).

Quantum analogue of random walk used for network graph analysis. Enables faster detection of anomalous paths and lateral movement in network topology.

Hybrid quantum-classical algorithm for solving combinatorial optimization problems. Used in QCTIP for optimal incident response resource allocation.

Quantum algorithm for estimating probabilities quadratically faster than classical Monte Carlo methods. Used for risk assessment and threat probability calculation.

Ability of quantum systems to exist in multiple states simultaneously until measured. Enables parallel processing of multiple threat scenarios.

Correlation between quantum bits that allows them to share information instantaneously. Used to correlate multiple threat indicators across different domains.

Voluntary framework developed by NIST providing cybersecurity guidance based on existing standards. Five core functions: Identify, Protect, Detect, Respond, Recover.

International standard for information security management systems (ISMS). Specifies requirements for establishing, implementing, and maintaining security controls.

Audit report demonstrating how a service organization safeguards customer data. Based on trust service criteria: security, availability, confidentiality, privacy, processing integrity.

EU regulation governing data protection and privacy. Requires breach notification within 72 hours and implements right to erasure (right to be forgotten).

Globally accessible knowledge base of adversary tactics and techniques based on real-world observations. Used for threat modeling and detection engineering.

Structured Threat Information Expression (STIX) and Trusted Automated Exchange of Intelligence Information (TAXII). Standards for sharing cyber threat intelligence.

Open source threat intelligence platform for storing, sharing, and correlating IOCs and threat information from multiple sources.

Publicly available information collected from open sources like websites, social media, public records, and forums used for threat intelligence.

Sector-specific organization providing threat intelligence sharing among member organizations. Exists for finance (FS-ISAC), healthcare (H-ISAC), etc.